Skip to content

Resolve TA-ANALYSIS Feedback and Adapt nlohmann pipeline to check s-core matrix specification#16

Open
halnasri wants to merge 21 commits intoeclipse-score:mainfrom
score-json:halnasri-merge_to_prod
Open

Resolve TA-ANALYSIS Feedback and Adapt nlohmann pipeline to check s-core matrix specification#16
halnasri wants to merge 21 commits intoeclipse-score:mainfrom
score-json:halnasri-merge_to_prod

Conversation

@halnasri
Copy link

@halnasri halnasri commented Jan 27, 2026
edited
Loading

This PR contains changes done to address feedback from @aschemmel-tech given in #9 and the add qnx and gcc configuration (see eclipse-score/score#1520 )

Key changes connected to TA-ANALYSIS:

  • Added statement JLS-74 to express that Expectations are supported by test.
  • expanded JLS-31 to cover all static analysis and sanitizers.
  • created link from TA-ANALYSIS to JLS-27 (coverage statement)
  • Assumptions of use:
    - Removed AOU-18 and improved data storage of test results and scoring documentation to be accurately captured and
    the file size limitation from github side is now bypassed
    - reworded AOU-09 to focus only on validation of indicator data by the integrator.
  • Edited Context files of TA-ANALYSIS and TA-DATA : Clarified that there is no runtime monitoring; only CI-based indicators (coverage gate, PR-count gate) are used; explained the memory-efficient, CI-derived time-series data.
  • CI failure-rate analysis: Reworked the document to clearly distinguish test failures from CI/infrastructure issues and to explain the causes of higher failure rates.

!! important information !!

Some of the changes in this PR affect the CI pipeline specifically the jobs publish_test_result_data* and publish_documentation.

A few steps also require changes in the save_historical_data branch. Therefore, before merging this PR, please inform @LucaFue. They will then create a PR against save_historical_data, which should be reviewed first.

In short, the process should be:

  1. Review Resolve TA-ANALYSIS Feedback and Adapt nlohmann pipeline to check s-core matrix specification Resolve TA-ANALYSIS Feedback and Adapt nlohmann pipeline to check s-core matrix specification #16
  2. Inform @LucaFue to create a PR to save_historical_data
  3. Review the PR to save_historical_data
  4. Merge Resolve TA-ANALYSIS Feedback and Adapt nlohmann pipeline to check s-core matrix specification #16
  5. Immediately merge the save_historical_data PR afterwards

Please note: the PR to save_historical_data could be created now, but since the CI is scheduled to run nightly and the SQL data tables change in the meantime, that PR would likely develop merge conflicts that are not easy to resolve.

Erikhu1 and others added 19 commits December 2, 2025 17:04
@Erikhu1 @LucaFgr
Halnasri resolve tt confidence feedback (#21)
18e1f0d 
* Resolve TT-CHANGES feedback (nlohmann#115)

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* Added AOUs to TA-CONSTRAINTS

* add CI workflow for checking SME reviews (nlohmann#110)

* add CI workflow for checking SME reviews

* give pull request read permission

* fix indentation

* fix typo

* fix typo

* fix artifact collection trigger

* reformulate JLS-05

* removed AOUs from non-TA-CONSTRAINTS links

* align with current state of working branch

* again

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* unfinished commit

* Adapted overall statement formulation

* remove WFJ-12 whitespace

* Added "provided by nlohmann/json" to WFJ-07

* removed "library" from TA-METHODOLOGIES

* Added nlohmann/json to TT-CONSTRUCTION

* fix typo in NPF-01

* fixed score -> score-json in TT-CONFIDENCE

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify confidence measurement in nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-FIXES.md regarding repository name

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify release construction for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify source mirroring for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update wording for nlohmann/json library reference

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reporting of score-json implementation issues

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify dependency storage requirements for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify usage of nlohmann/json library in AOU-19

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify wording on bug review for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service name in NJF-02.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library in NJF-03

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service description in NJF-04.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* changed "service provided by" convention

* Fix reference to score-json in AOU-08.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-24.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CHANGES.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-RESULTS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-PROVENANCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-EXPECTATIONS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONSTRUCTION.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONFIDENCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-25.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update JLS-14.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix merge conflict in JLS-05.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assumptions-of-use/AOU-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Implemented custom include_list reference

* Removed JLS-27 and its link, added  JLS-34 and its link to TA-FIXES

* added README documentation for IncludeListReference

* changed __str__ method of IncludeListReference to more descriptive title

* removed method doc for as_markdown in IncludeListReference

* changed __str__ of IncludeListReference

* reworked content method in IncludeListReference

* small change to README

* Update TSF/trustable/statements/JLS-34.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Erikhu1 new tsf items (nlohmann#125)

* change AOU-27

* add new statements

* update JLS-05

* add release notes reference to JLS-05

* remove internal comment

* separate CVE triaging into own statement

* update JLS-05

* name specific branch instead of default

* split JLS-06

* fix typos

* remove unnecessary evidence config

* change reference type of release notes

* update JLS-19

* specify repo

* update JLS-05

* update JLS-06 and JLS-35

* delete non ta-constraints AOU links

* Update TSF/trustable/statements/JLS-05.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-11.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-19.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-31.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-32.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-33.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add some references and scores

* remove comment

* update aou-29

* fix test_str_include_list test reference

* add reference to JLS-25

* add reference to JLS-02

* add reference to JLS-06

* update JLS-26

* add reference to JLS-29

* add reference to JLS-30

* update score for JLS-30

* update JLS-35

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* remove duplicate statement

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add statement for SAST

* add link for JLS-34

* add score on JLS-32

* add score on JLS-33

* add score on JLS-34

* update JLS-26

* fix typo

* add missing quotation marks

---------

Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: Luca Füger <luca.fueger@d-fine.com>

* delete unused items

* fix post create script

* fix typos

* re-add JLS-27

* remove duplicated tests

* update concept section

* clean up

* corrected on item in the table and change the example in the graph

* fix typos in concept

* score --> trustable score

* .png --> .svg

* 0.81

# Conflicts:
#	TSF/docs/score_calculation_example.svg

* add support of fork PRs

* newline EOF

* fix typo

* add reference to JLS-30

* add reference to JLS-11

* change repo names

* fix typo

* reformulate AOU-05

* clarify AOU-10

* update JLS-01

* update JLS-35

* update JLS-35

* udpate JLS-05

* add evidence to JLS-07

* update JLS-12

* Changed all statement occurrences of score-json to eclipse-score/inc_nlohmann_json

* Restored JLS-05 and JLS-27 tto pre-commit state

* fix typo

* Update TSF/trustable/no-json-faults/NJF-06.6.0.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>

* add context files (#5)

* add context files

* remove references to checklist files

* add answer fields

* explain component evidence

* cleanup

* update to trudag v2025.10.22 (#4)

* update to trudag v2025.10.22

* upgrade pip

* upgrade pip in test_publication workflow

* pip install requests

* adding new statements to TA-METHODOLOGIES and fixing statements from TA-CONFIDENCE

* added references to JLS 40 and 42

* Update TSF/trustable/statements/JLS-43.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-42.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-37.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-09.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* changed JLS08 to be more clear

* corrected the statement of JLS-37

* corrected the statement of JLS-41

* corrected the file path in JLS-36

* reformulated the statement JLS-41

* split the statement of JLS-40 into tow

* only one valitator

* more clear statement in JLS-41

* '

* added a reference to JLS-13 and reformulated the statement

* added answers to the evidence lists and to the checklists of TA-CONFIDENCE and TA-METHODOLOGIES

* fixed TA-CONFIDENCE

* fixed TA-METHODOLOGIES

* .

* corrected JLS-13

* typo

* added new reference to JLS-08

* edited one answer of TA-Methodologies context file

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Add https evidence 

Added evidence configuration for response time and URL.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix formatting in JLS-08.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Re add AOU-30

Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>
@Erikhu1 @LucaFgr @LucaFue
Resolve TT-CONSTRUCTION Feedback (#23)
caefeae 
* Moving changes from json to inc_nlohmann_json

* Added checklist and evidence for TA-RELEASES

* Worked through TA-Iterations checklist and evidence

* added checklist and evidence for TA-TESTS

* fix smaller details

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* resolved "binary" checklist points

* Added JLS-52

* added references for newly created JLS-52

* Update TSF/trustable/statements/JLS-52.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* added verbose file reference to JLS-51

* Update TSF/trustable/statements/JLS-51.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* deleted AOU-08 checklist references

* added JLS-51 link to TA-ITERATIONS, removed link to TA-RELEASES

* deleted JLS-21 including its links

* deleted JLS-21

* removed link TA-ITERATIONS -> JLS-51

* filled in JLS-53

* comments

* added TA-Releases checklist answer

* changed target to target_seconds

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* fixes for JLS-16

* adapted JLS-53 formulation

* fix for JLS-16

* Added item reference to JLS-53

* Update TA-RELEASES_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* created further statements

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added link from JLS-53 to JLS-14 and restructured JLS-52

* Provided evidence for JLS-63

* changed JLS-52, JLS-64 and JLS-65 formulation

* smaller changes

* Added references to JLS-65

* changed JLS-63 reference types

* ...

* completed JLS-64

* adding response time validator to JLS-64

* specifying remaining TODOs

* Specify remaining work #2

* deleted JLS-66

* reworked JLS-62 and deleted 46 and 66

* adapted TA-TESTS_CONTEXT

* fixed JLS-62

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-16.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added non_reproducible_tests and its reference to JLS-62

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: LucaFgr <luca.fueger@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
@Erikhu1
Erikhu1 add missing links (#25)
28c4ccc 
* add missing links

* fix faulty reference
@Erikhu1
Reference corrections (#19)
37c1a07 
* link TA-BEHAVIOURS to JLS-27 (#9)

* update JLS-01

* update JLS-05

* update JLS-11

* update JLS-12

* update JLS-29

* update JLS-30

* update JLS-35

* remove duplicate link
@LucaFgr @Erikhu1 @LucaFue
Resolve TT-PROVENANCE Feedback (#14)
748b55a 
* added checklist items to TA_INPUTS

* move TSF instructions

* add JLS-47 and link TA-INPUTS to JLS-34

* create JLS-48

* update TA-INPUTS context

* update TA-INPUTS context

* add JLS-49

* update inputs context

* pin third party tools list to 3.12.0

* add JLS-50 and assessment of third party tools

* update TA-INPUTS context

* add reference to JLS-49

* link TA-RELEASES -> JLS-49

* Enhance third-party tools assessment documentation (#18)

* Enhance third-party tools assessment documentation

Expanded the assessment details for various third-party tools used in nlohmann/json

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance documentation for third-party tools assessment 2

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance third-party tools assessment details 3

Added comprehensive descriptions for Hedley, lcov, libFuzzer, Material for MkDocs, MkDocs, OSS-Fuzz, Probot, and Valgrind.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Revise risk categorization and tool assessment details

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* small fixes

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

typos

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* rename link

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo -

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance OSS-Fuzz section with issue links

Updated the OSS-Fuzz role description to include links to specific GitHub issues.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>

* add links from TA-SUPPLYCHAIN

* add answer to supply chain context

* remove dead link

* create JLS-66

* link JLS-66

* finish answer SUPPLY_CHAIN context

* misc fixes

* misc fixes

* misc fixes

* Update TSF/trustable/assertions/TA-SUPPLY_CHAIN_CONTEXT.md

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* misc fixes

* update JLS-49

* Update TSF/README.md

Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: erikhu1 <erik.hu@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
@Erikhu1 @LucaFue
halnasri-Revisit TT-RESULTS (#17)
df946d2 
* revisit TT-RESULTS

* rebase

* resolve conflict

* fixing some typos

* AoU --> AOU

* reformulated JLS-22 and completed the checklist of TA-DATA

* Update TSF/trustable/statements/JLS-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in 'misbehaviours' in documentation

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in file path for nlohmann misbehaviours

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Clarify answers in TA-ANALYSIS_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* adress comment of TA-DATA context file

* fixed some issues in the TA-ANALYSIS context file

* typo in JLS-17

* added a reference to TA-ANALYSIS_CONTEXT.md

* added some answers to the checklist of TA-VALIDATION

* fix typos

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* added one answer to the TA-VALIDATION and fixed typos

* answered checklist questions of TA-VALIDATION

* reformulated JLS-17 and added the failure rate analysis

* fix some checklist questions

* typo

* typos

* typos and rewrite JLS 17

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
@LucaFue @LucaFgr
added TA-Releases -> JLS-53 link (#27)
6ec3d20 
Co-authored-by: LucaFgr <luca.fueger@d-fine.com>
@Erikhu1
bump urllib3 version from 2.5.0 to 2.6.0 (#26)
dd3bf5b 
* bump urllib3 version from 2.5.0 to 2.6.0

* nitpick EOF line
@Erikhu1 @aschemmel-tech
Erikhu1 sync with prod (#31)
ad3d3e9 
* Adding scores for TT-Changes

* fix validators function signature

* add new trudag dependencies

* set review status of reviewed items again

* fix outdated dependency

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>
Halnasri fix statements (#30)
ba5915b 
* fix JLS-08

* fix JLS-08 and JLS-10

* fix JLS-20

* fix JLS-11 and JLS-28

* fix JLS-16

* 2.0 --> 2

* Update JLS-11

* fix JLS-27

* fix JLS-65

* fix JLS-63

* added JLS-19 to build instructions

* lcov and coverity

* added clang-tidy

* removed one validator from JLS-16

* fix lcov and coverity part

* edited reference type for scorecard and inrospector

* fix JLS-02
@LucaFue @LucaFgr @Erikhu1
Removed multiple validators from statements by splitting them up (#35)
2ddacb3 
* removed multiple validators from statements by splitting them up

* removed combinator validator

* fix JLS-11

* Update TSF/trustable/statements/JLS-58.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* newline EOF

* readded scores for JLS-11

---------

Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: LucaFgr <luca.fueger@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>
@Erikhu1 @aschemmel-tech
@LucaFgr @LucaFue @dependabot
Erikhu1 sync with prod (#38)
849f855 
* Adding scores for TT-Changes

* Update 4 trustable tenets (#9)

* Halnasri resolve tt confidence feedback (#21)

* Resolve TT-CHANGES feedback (nlohmann#115)

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* Added AOUs to TA-CONSTRAINTS

* add CI workflow for checking SME reviews (nlohmann#110)

* add CI workflow for checking SME reviews

* give pull request read permission

* fix indentation

* fix typo

* fix typo

* fix artifact collection trigger

* reformulate JLS-05

* removed AOUs from non-TA-CONSTRAINTS links

* align with current state of working branch

* again

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* unfinished commit

* Adapted overall statement formulation

* remove WFJ-12 whitespace

* Added "provided by nlohmann/json" to WFJ-07

* removed "library" from TA-METHODOLOGIES

* Added nlohmann/json to TT-CONSTRUCTION

* fix typo in NPF-01

* fixed score -> score-json in TT-CONFIDENCE

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify confidence measurement in nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-FIXES.md regarding repository name

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify release construction for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify source mirroring for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update wording for nlohmann/json library reference

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reporting of score-json implementation issues

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify dependency storage requirements for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify usage of nlohmann/json library in AOU-19

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify wording on bug review for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service name in NJF-02.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library in NJF-03

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service description in NJF-04.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* changed "service provided by" convention

* Fix reference to score-json in AOU-08.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-24.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CHANGES.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-RESULTS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-PROVENANCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-EXPECTATIONS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONSTRUCTION.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONFIDENCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-25.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update JLS-14.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix merge conflict in JLS-05.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assumptions-of-use/AOU-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Implemented custom include_list reference

* Removed JLS-27 and its link, added  JLS-34 and its link to TA-FIXES

* added README documentation for IncludeListReference

* changed __str__ method of IncludeListReference to more descriptive title

* removed method doc for as_markdown in IncludeListReference

* changed __str__ of IncludeListReference

* reworked content method in IncludeListReference

* small change to README

* Update TSF/trustable/statements/JLS-34.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Erikhu1 new tsf items (nlohmann#125)

* change AOU-27

* add new statements

* update JLS-05

* add release notes reference to JLS-05

* remove internal comment

* separate CVE triaging into own statement

* update JLS-05

* name specific branch instead of default

* split JLS-06

* fix typos

* remove unnecessary evidence config

* change reference type of release notes

* update JLS-19

* specify repo

* update JLS-05

* update JLS-06 and JLS-35

* delete non ta-constraints AOU links

* Update TSF/trustable/statements/JLS-05.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-11.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-19.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-31.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-32.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-33.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add some references and scores

* remove comment

* update aou-29

* fix test_str_include_list test reference

* add reference to JLS-25

* add reference to JLS-02

* add reference to JLS-06

* update JLS-26

* add reference to JLS-29

* add reference to JLS-30

* update score for JLS-30

* update JLS-35

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* remove duplicate statement

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add statement for SAST

* add link for JLS-34

* add score on JLS-32

* add score on JLS-33

* add score on JLS-34

* update JLS-26

* fix typo

* add missing quotation marks

---------

Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: Luca Füger <luca.fueger@d-fine.com>

* delete unused items

* fix post create script

* fix typos

* re-add JLS-27

* remove duplicated tests

* update concept section

* clean up

* corrected on item in the table and change the example in the graph

* fix typos in concept

* score --> trustable score

* .png --> .svg

* 0.81

# Conflicts:
#	TSF/docs/score_calculation_example.svg

* add support of fork PRs

* newline EOF

* fix typo

* add reference to JLS-30

* add reference to JLS-11

* change repo names

* fix typo

* reformulate AOU-05

* clarify AOU-10

* update JLS-01

* update JLS-35

* update JLS-35

* udpate JLS-05

* add evidence to JLS-07

* update JLS-12

* Changed all statement occurrences of score-json to eclipse-score/inc_nlohmann_json

* Restored JLS-05 and JLS-27 tto pre-commit state

* fix typo

* Update TSF/trustable/no-json-faults/NJF-06.6.0.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>

* add context files (#5)

* add context files

* remove references to checklist files

* add answer fields

* explain component evidence

* cleanup

* update to trudag v2025.10.22 (#4)

* update to trudag v2025.10.22

* upgrade pip

* upgrade pip in test_publication workflow

* pip install requests

* adding new statements to TA-METHODOLOGIES and fixing statements from TA-CONFIDENCE

* added references to JLS 40 and 42

* Update TSF/trustable/statements/JLS-43.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-42.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-37.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-09.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* changed JLS08 to be more clear

* corrected the statement of JLS-37

* corrected the statement of JLS-41

* corrected the file path in JLS-36

* reformulated the statement JLS-41

* split the statement of JLS-40 into tow

* only one valitator

* more clear statement in JLS-41

* '

* added a reference to JLS-13 and reformulated the statement

* added answers to the evidence lists and to the checklists of TA-CONFIDENCE and TA-METHODOLOGIES

* fixed TA-CONFIDENCE

* fixed TA-METHODOLOGIES

* .

* corrected JLS-13

* typo

* added new reference to JLS-08

* edited one answer of TA-Methodologies context file

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Add https evidence 

Added evidence configuration for response time and URL.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix formatting in JLS-08.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Re add AOU-30

Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>

* Resolve TT-CONSTRUCTION Feedback (#23)

* Moving changes from json to inc_nlohmann_json

* Added checklist and evidence for TA-RELEASES

* Worked through TA-Iterations checklist and evidence

* added checklist and evidence for TA-TESTS

* fix smaller details

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* resolved "binary" checklist points

* Added JLS-52

* added references for newly created JLS-52

* Update TSF/trustable/statements/JLS-52.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* added verbose file reference to JLS-51

* Update TSF/trustable/statements/JLS-51.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* deleted AOU-08 checklist references

* added JLS-51 link to TA-ITERATIONS, removed link to TA-RELEASES

* deleted JLS-21 including its links

* deleted JLS-21

* removed link TA-ITERATIONS -> JLS-51

* filled in JLS-53

* comments

* added TA-Releases checklist answer

* changed target to target_seconds

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* fixes for JLS-16

* adapted JLS-53 formulation

* fix for JLS-16

* Added item reference to JLS-53

* Update TA-RELEASES_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* created further statements

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added link from JLS-53 to JLS-14 and restructured JLS-52

* Provided evidence for JLS-63

* changed JLS-52, JLS-64 and JLS-65 formulation

* smaller changes

* Added references to JLS-65

* changed JLS-63 reference types

* ...

* completed JLS-64

* adding response time validator to JLS-64

* specifying remaining TODOs

* Specify remaining work #2

* deleted JLS-66

* reworked JLS-62 and deleted 46 and 66

* adapted TA-TESTS_CONTEXT

* fixed JLS-62

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-16.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added non_reproducible_tests and its reference to JLS-62

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: LucaFgr <luca.fueger@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* Erikhu1 add missing links (#25)

* add missing links

* fix faulty reference

* Reference corrections (#19)

* link TA-BEHAVIOURS to JLS-27 (#9)

* update JLS-01

* update JLS-05

* update JLS-11

* update JLS-12

* update JLS-29

* update JLS-30

* update JLS-35

* remove duplicate link

* Resolve TT-PROVENANCE Feedback (#14)

* added checklist items to TA_INPUTS

* move TSF instructions

* add JLS-47 and link TA-INPUTS to JLS-34

* create JLS-48

* update TA-INPUTS context

* update TA-INPUTS context

* add JLS-49

* update inputs context

* pin third party tools list to 3.12.0

* add JLS-50 and assessment of third party tools

* update TA-INPUTS context

* add reference to JLS-49

* link TA-RELEASES -> JLS-49

* Enhance third-party tools assessment documentation (#18)

* Enhance third-party tools assessment documentation

Expanded the assessment details for various third-party tools used in nlohmann/json

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance documentation for third-party tools assessment 2

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance third-party tools assessment details 3

Added comprehensive descriptions for Hedley, lcov, libFuzzer, Material for MkDocs, MkDocs, OSS-Fuzz, Probot, and Valgrind.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Revise risk categorization and tool assessment details

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* small fixes

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

typos

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* rename link

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo -

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance OSS-Fuzz section with issue links

Updated the OSS-Fuzz role description to include links to specific GitHub issues.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>

* add links from TA-SUPPLYCHAIN

* add answer to supply chain context

* remove dead link

* create JLS-66

* link JLS-66

* finish answer SUPPLY_CHAIN context

* misc fixes

* misc fixes

* misc fixes

* Update TSF/trustable/assertions/TA-SUPPLY_CHAIN_CONTEXT.md

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* misc fixes

* update JLS-49

* Update TSF/README.md

Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: erikhu1 <erik.hu@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* halnasri-Revisit TT-RESULTS (#17)

* revisit TT-RESULTS

* rebase

* resolve conflict

* fixing some typos

* AoU --> AOU

* reformulated JLS-22 and completed the checklist of TA-DATA

* Update TSF/trustable/statements/JLS-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in 'misbehaviours' in documentation

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in file path for nlohmann misbehaviours

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Clarify answers in TA-ANALYSIS_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* adress comment of TA-DATA context file

* fixed some issues in the TA-ANALYSIS context file

* typo in JLS-17

* added a reference to TA-ANALYSIS_CONTEXT.md

* added some answers to the checklist of TA-VALIDATION

* fix typos

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* added one answer to the TA-VALIDATION and fixed typos

* answered checklist questions of TA-VALIDATION

* reformulated JLS-17 and added the failure rate analysis

* fix some checklist questions

* typo

* typos

* typos and rewrite JLS 17

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* added TA-Releases -> JLS-53 link (#27)

Co-authored-by: LucaFgr <luca.fueger@d-fine.com>

* bump urllib3 version from 2.5.0 to 2.6.0 (#26)

* bump urllib3 version from 2.5.0 to 2.6.0

* nitpick EOF line

* Erikhu1 sync with prod (#31) (#32)

* Adding scores for TT-Changes

* fix validators function signature

* add new trudag dependencies

* set review status of reviewed items again

* fix outdated dependency

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>

* Halnasri fix statements (#34)

* Erikhu1 sync with prod (#31)

* Adding scores for TT-Changes

* fix validators function signature

* add new trudag dependencies

* set review status of reviewed items again

* fix outdated dependency

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>

* fix JLS-08

* fix JLS-08 and JLS-10

* fix JLS-20

* fix JLS-11 and JLS-28

* fix JLS-16

* 2.0 --> 2

* Update JLS-11

* fix JLS-27

* fix JLS-65

* fix JLS-63

* added JLS-19 to build instructions

* lcov and coverity

* added clang-tidy

* removed one validator from JLS-16

* fix lcov and coverity part

* edited reference type for scorecard and inrospector

* fix JLS-02

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>

* Bump urllib3 from 2.6.0 to 2.6.3 in /.devcontainer/S-CORE

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Remove GitHub actions reference from JLS-16.md

Removed reference to GitHub actions page from JLS-16.md

Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Erikhu1
Erikhu1 fix code scanning alerts (#40)
692baeb 
* restructure requirements file

* update trustable pins

* install reqs before trustable
@Erikhu1
Erikhu1 matrix specification (#43)
ca899f0 
* configure qnx

* add GCC toolchain

* fix EOF

* update gitignore

* update gitignore
@Erikhu1
add reference to check amalgamation in JLS-14 (#44)
941c9ff
Resolve TA-Analysis comments (#39)
8f0d8cd 
* review TA-ANALYSIS

* addressing other comments of AS

* add reference to JLS-74

* typo

* add reference to evidence list

* changed the data storage of the test results

* deleted JLS-75 and edited JLS-31

* delete JLS-75 file

* created link from TA-ANALYSIS to JLS-27

* remove the db from stash

* edited scoring data storage

* move data storage to data_storage folder

* fix documentation due to changes in the data storage

* changes in the Context files due to the new data storage

* changed AOU 09 and 18

* changes to to changing the AOUs 09 18 and 19

* remove reference to JLS-75 and replace it with reference to JLS-31

* typo

* improved structure of ci_failure_rate_analysis.md

* Revert "improved structure of ci_failure_rate_analysis.md"

This reverts commit a566806.

* improved structure of ci_failure_rate_analysis.md

* use correct path to data storage

* # Ensure sqlite3 is available

* add check to env vaiables

* typo

* added better error when acessing the TSF_PERSIST_DB env variable

* add debug to CI

* fix CI step Generate trudag report

* fix test_publication workflow

* fix posible stash problem for data saving
remove TSF/MemoryEfficientTest ResultData.db from stash (#46)
ee29f12
fix branch checkout structure in publish_test_data_* workflows (#49)
fefa936
Halnasri fix ci build documentation (#50)
17175a3 
* fix bazel version conflict in docs-build workflow

* set verion of bazel in docs-build to 8.3.0
Merge branch 'main' into halnasri-merge_to_prod
bc7d0ec 
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
@halnasri halnasri changed the title Resolve TA-ANALYSIS Feedback Resolve TA-ANALYSIS Feedback and Adapt nlohmann pipeline to check s-core matrix specification Jan 27, 2026
@halnasri halnasri mentioned this pull request Jan 27, 2026
Closed
@coveralls
Copy link

coveralls commented Jan 27, 2026
edited
Loading

Pull Request Test Coverage Report for Build 21751608444

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 97.861%
Totals Coverage Status
Change from base Build 21734105311: 0.0%
Covered Lines: 6339
Relevant Lines: 6391
💛 - Coveralls

@github-actions github-actions bot added documentation Improvements or additions to documentation CI labels Jan 28, 2026
aschemmel-tech
aschemmel-tech requested changes Feb 4, 2026
View reviewed changes
Copy link

@aschemmel-tech aschemmel-tech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked updates against comments in #9

TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md
- **Answer**: The two expectations are JLEX-01 and JLEX-02. Every statement supporting either of these expectations is ultimately supported by a test, except for WFJ-06. WFJ-06 specifies that `basic_json::accept` must accept exactly JSON values for all possible inputs. Since there are infinitely many possible inputs, this cannot be tested exhaustively. Indirect tests are provided by the rejection of ill-formed json data. This traceability is established by requiring each supporting statement under JLEX-01/02 to reference the relevant CI test(s), and the suitability of the referenced tests as evidence is validated during SME review as part of the scoring process (see JLS-74).
- What fraction of Misbehaviours are covered by the monitored indicator data?
- **Answer**: Currently none, because there is no implemented monitoring of deployed instances yet. This is a future integrator responsibility (see AOU-09, AOU-18 and AOU-19).
- **Answer**: Currently there is no indicators implemented, that focus on runtime behavior. The only indicators implemented are a coverage gate and PR count gate that are both part of the CI. The data therefore is available via the GitHub actions history.
Copy link

@aschemmel-tech aschemmel-tech Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AOU-18 was removed in this PR but not AOU-19 as requested in #9 (comment) - why? If needs to be kept please improve the AOU-19 description to make it better understandable (what has the system integrator to do).

aschemmel-tech
aschemmel-tech approved these changes Feb 11, 2026
View reviewed changes
Copy link

@aschemmel-tech aschemmel-tech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update in AoU-19 ok

@aschemmel-tech
Copy link

aschemmel-tech commented Feb 11, 2026

merge only if "PR to save_historical_data" is also ready to merge.

@LucaFue LucaFue mentioned this pull request Feb 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aschemmel-tech aschemmel-tech aschemmel-tech approved these changes

@4og 4og Awaiting requested review from 4og 4og is a code owner

@masc2023 masc2023 Awaiting requested review from masc2023 masc2023 is a code owner

Assignees

No one assigned

Labels

CI documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@halnasri @coveralls @aschemmel-tech @Erikhu1 @LucaFgr @LucaFue