Lennartbecker d trudag init

.devcontainer/S-CORE/Dockerfile

@@ -32,7 +32,7 @@ RUN apt-get update && \
         python3 \
         python3-pip \
         python3-venv \
-        # pipx \
+        pipx \
         locales \
         ssh-client \
     && apt-get clean && \
@@ -85,3 +85,7 @@ RUN groupadd --gid $USER_GID $USERNAME \
 
 # Default user
 USER $USERNAME
+
+# Install trudag using pipx
+RUN pipx install trustable --index-url https://gitlab.com/api/v4/projects/66600816/packages/pypi/simple && \
+    pipx ensurepath

.dotstop.dot

@@ -0,0 +1,52 @@
+# This file is automatically generated by dotstop and should not be edited manually.
+# Generated using trustable 2025.6.25.
+
+digraph G {
+"TT-CHANGES" [sha=e276949659e77f8f453a9b32798f607abdfda44450bb10bfbca7a20d68835f7a];
+"TA-ANALYSIS" [sha="76cb774300c75d7b6a24c872fe691f2f0cd1d36cc4a2493e835f6b861bc79c34"];
+"TA-BEHAVIOURS" [sha="3ec27e29aa991978efe6a56267b98c2a08b27a4aff693d5cf2b01dfe72276570"];
+"TA-CONFIDENCE" [sha=afda09331b2fc3b8d9b1cd921bee66251a65e5543a473c61eb03f9ea11d57eb5];
+"TA-CONSTRAINTS" [sha=cdee0ae34c33110044975efc981e4ac4d63d824aaaac78233b1f3828ef070da3];
+"TA-DATA" [sha="796e4b5851340906568a47c4436c1fa67ca1c48c98a8b6a16b19283d04cea799"];
+"TA-FIXES" [sha="08f069034d1399c43c4321c5f05de72125f4155a8b68b9bbb2029cb679e6ad48"];
+"TA-INDICATORS" [sha=a5392ef1e3e40d82ef9a304d1304bf007fa85d961ab8ea268231cb212d763477];
+"TA-INPUTS" [sha="6edcb6e0ea0a918f611d6644da7a28dd5c924a210984cd913e7ff558677a6ea6"];
+"TA-ITERATIONS" [sha=c445bfe866db71df67d4e87353d674b62abce19b52048fac37284d8065d67678];
+"TA-METHODOLOGIES" [sha=d24f6055c79268b1f6e4bdf73951719f192d6f492a7376f85b349a95ccb2a319];
+"TA-MISBEHAVIOURS" [sha=d24fcdeee0ae0fa696f272dc39c8e9e37cce7fb9b2cfd07bcd1451b765be5c6e];
+"TA-RELEASES" [sha="3c924109e9916fb154eadbc2d733a8413ae551a1282b73de389b9ad7540a4e75"];
+"TA-SUPPLY_CHAIN" [sha="0629a5a339322874ad3d51c0c14219ede72195bf514abac82c95ebc3a685ae2c"];
+"TA-TESTS" [sha=afa5e61fc86f70f99f6c60b4f2b51ba7d486705f197048a7dc3fc8fea225385c];
+"TA-UPDATES" [sha="9f0554c79d125a37c7e68b9efbb022dc4853a3e2f87c7d224d30c51f5b9b8435"];
+"TA-VALIDATION" [sha="20f6d87b89d9fbffe427a734ab70906c26ad787e53032a8c4f4d599227704be6"];
+"TRUSTABLE-SOFTWARE" [sha="6513a163e6eac72c930253e4bc0404be5ea625d1dec436104991a565df4baaa3"];
+"TT-CONFIDENCE" [sha="507f0a905667e1d91265a4e577534eb51ebc0b3e84ffc1956cd0d80dc61b6d3a"];
+"TT-CONSTRUCTION" [sha="3752c6a34c0cc3ef905e000e635a7373748976744f3d1f75f1c2ed172366e350"];
+"TT-EXPECTATIONS" [sha="362eb86c872fb76b2a1075ff978252112bbad0a5fb3041895381f8c76b64c5e6"];
+"TT-PROVENANCE" [sha="4607bf9c0527508673fa37c110b9cf5f2ff0567c324cf728623f1e8ff094be32"];
+"TT-RESULTS" [sha="382987171ac6dc0d1114f5c0dbb77452300c14596514bbab126ae1f7d1bbb842"];
+"WFJ-01" [sha="82f699582ecb4aea047df8f1b0908f3c0e3acec9896f61e5edd102bf1616ac4b"];
+"TT-CHANGES" -> "TA-FIXES" [sha=d9dc2ad1dcbfde839249e8df9eb89ef978bdfee7b7b4933fae12e10cbc91762b];
+"TT-CHANGES" -> "TA-UPDATES" [sha=f8948db2f344f4cdd5bdc71dc54e63b446f40af09235c37f5d5cf59dcfdfbfa0];
+"TA-BEHAVIOURS" -> "WFJ-01" [sha="0f6cc204479d56914d30a93913ac013122faea07b31e1174058cc99296e51106"];
+"TRUSTABLE-SOFTWARE" -> "TT-CHANGES" [sha=a526e6de925b57edddfbc350de334735ee7ef23828b9e66ba781e8633c9f72df];
+"TRUSTABLE-SOFTWARE" -> "TT-CONFIDENCE" [sha="07cdcfab2c8c5121dd0acecf3771ee674dde8663e4cb335cfb74aa774f10cc5b"];
+"TRUSTABLE-SOFTWARE" -> "TT-CONSTRUCTION" [sha="8598c4138e9dda4691a3cbc1613530bb1a3f1c163edf523e41a9ba532b98fe83"];
+"TRUSTABLE-SOFTWARE" -> "TT-EXPECTATIONS" [sha=f6dba0c755d9ac4c9ed0ed2e08d5d51e6f7f1572e6de5581c90fbdaf3cafa4d4];
+"TRUSTABLE-SOFTWARE" -> "TT-PROVENANCE" [sha=c97824acbd35cf2b4a9e4ee2f66c46333b483eac99ef690e2bb105ef4756e527];
+"TRUSTABLE-SOFTWARE" -> "TT-RESULTS" [sha=b9e5b5fdf1cda120574cd2f351e9876a0a0c683152267d3898e6c161e7bda988];
+"TT-CONFIDENCE" -> "TA-METHODOLOGIES" [sha="5752e4930e6b0dbc6829b053f4bc7e7e054d416a8c9b2e19a1c3dd83d51fba9b"];
+"TT-CONFIDENCE" -> "TA-CONFIDENCE" [sha="2eaf5b9e879128e866585d5016bfde73f1ef1b192915fdb988cba7b6a0e679f2"];
+"TT-CONSTRUCTION" -> "TA-RELEASES" [sha="290d67048ce0b7e9d40d236b01fc79305d3d49d2c4a541ab3fe48d38347d45d5"];
+"TT-CONSTRUCTION" -> "TA-TESTS" [sha=dddbe1b9b7a7fdaf4003a939660dcb547eacfd78b6f446cb4e065047d95efd9a];
+"TT-CONSTRUCTION" -> "TA-ITERATIONS" [sha="671795bbd8a789803e29f531e12074129e99f1329d27bc97ad0bbee01d8432db"];
+"TT-EXPECTATIONS" -> "TA-BEHAVIOURS" [sha=bab309ba80ce2c2b1d7146220da91f1f456c03d4aad8a724db777933e8924ebb];
+"TT-EXPECTATIONS" -> "TA-MISBEHAVIOURS" [sha=b9c4c4ce6e39a7171aa8b02c3267172229ff3de17ff5cd2da9839e67334e5453];
+"TT-EXPECTATIONS" -> "TA-CONSTRAINTS" [sha=af6a8726cb3a4274ce8ef7e000f0ea9d8f301e8d543254e146045c263873260d];
+"TT-EXPECTATIONS" -> "TA-INDICATORS" [sha=c6b66b2315b853fbe7f4844631f8a522cf0cff8f2984dea65c8b627512efdede];
+"TT-PROVENANCE" -> "TA-SUPPLY_CHAIN" [sha=a9efbde8812834ed5ea620c826a6b41f28219b61a06b00dcd74632685124a8b9];
+"TT-PROVENANCE" -> "TA-INPUTS" [sha=b72b13298357c1738735fc9cc56b0e64cc9fec0124f1721315f64f24faa17f71];
+"TT-RESULTS" -> "TA-DATA" [sha=bdbef171f4a2b69b6f8b47d3b2c9f0642ffb3120ba471c7be0da274a54c4d549];
+"TT-RESULTS" -> "TA-ANALYSIS" [sha="53f912e517e9b33ca019d4a4aac432fee37c3315ea9a155e145b90122f9c8fb7"];
+"TT-RESULTS" -> "TA-VALIDATION" [sha=bc8f3c8b5afd04ec4f77e750b8c82e5bb1c729811895ff49663b904d42d49fdc];
+}

.gitignore

@@ -42,6 +42,7 @@ user.bazelrc
 
 # docs:incremental and docs:ide_support build artifacts
 /_build
+/build
 
 # Vale - editorial style guide
 .vale.ini

docs/index.rst

@@ -36,6 +36,7 @@ This repository provides the aspired setup for projects using **C++** and **Baze
    trustable/concept.rst
    trustable/tenets/index.rst
    trustable/report.rst
+   trustable/trudag_report.rst
    Eclipse <https://projects.eclipse.org/projects/automotive.score>
 
 General Requirements

docs/trustable/TRUSTABLE-SOFTWARE.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+This release of JSON-Library is Trustable.

docs/trustable/assertions/TA-ANALYSIS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Collected data from tests and monitoring of deployed software is analysed according to specified objectives.

docs/trustable/assertions/TA-BEHAVIOURS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Expected or required behaviours for JSON-Library are identified, specified, verified and validated based on analysis.

docs/trustable/assertions/TA-CONFIDENCE.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Confidence in JSON-Library is measured based on results of analysis.

docs/trustable/assertions/TA-CONSTRAINTS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Constraints on adaptation and deployment of JSON-Library are specified.

docs/trustable/assertions/TA-DATA.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Data is collected from tests, and from monitoring of deployed software, according to specified objectives.

docs/trustable/assertions/TA-FIXES.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Known bugs or misbehaviours are analysed and triaged, and critical fixes or mitigations are implemented or applied.

docs/trustable/assertions/TA-INDICATORS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Advance warning indicators for misbehaviours are identified, and monitoring mechanisms are specified, verified and validated based on analysis.

docs/trustable/assertions/TA-INPUTS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+All inputs to JSON-Library are assessed, to identify potential risks and issues.

docs/trustable/assertions/TA-ITERATIONS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+All constructed iterations of JSON-Library include source code, build instructions, tests, results and attestations.

docs/trustable/assertions/TA-METHODOLOGIES.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Manual methodologies applied for JSON-Library by contributors, and their results, are managed according to specified objectives.

docs/trustable/assertions/TA-MISBEHAVIOURS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Prohibited misbehaviours for JSON-Library are identified, and mitigations are specified, verified and validated based on analysis.

docs/trustable/assertions/TA-RELEASES.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Construction of JSON-Library releases is fully repeatable and the results are fully reproducible, with any exceptions documented and justified.

docs/trustable/assertions/TA-SUPPLY_CHAIN.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+All sources for JSON-Library and tools are mirrored in our controlled environment.

docs/trustable/assertions/TA-TESTS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+All tests for JSON-Library, and its build and test environments, are constructed from controlled/mirrored sources and are reproducible, with any exceptions documented.

docs/trustable/assertions/TA-UPDATES.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+JSON-Library components, configurations and tools are updated under specified change and configuration management controls.

docs/trustable/assertions/TA-VALIDATION.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+All specified tests are executed repeatedly, under defined conditions in controlled environments, according to specified objectives.

docs/trustable/json-library-assertions/WFJ-01.md

@@ -0,0 +1,14 @@
+---
+level: 1.1
+normative: true
+references:
+    - type: "file"
+      path: "nlohmann_json/tests/src/unit-class_parser.cpp"
+    - type: "cpp-test"
+      path: "nlohmann_json/tests/src/unit-class_parser.cpp"
+      test_name: "parse"
+score:
+    Lennart: 1.0
+---
+
+The service checks for the four primitive types (strings, numbers, booleans, null).

docs/trustable/report.rst

@@ -32,7 +32,7 @@ Compliance for TA
    * - TA-ANALYSIS
      - Collected data from tests and monitoring of deployed software is analysed according to specified objectives.
      - 0.00
-   * - :doc:`tenets/TT-EXPECTATIONS/TA-BEHAVIOURS`
+   * - :doc:`assertions/TA-BEHAVIOURS`
      - Expected or required behaviours for json library are identified, specified, verified and validated based on analysis.
      - 0.00
    * - TA-CONFIDENCE
@@ -59,7 +59,7 @@ Compliance for TA
    * - TA-METHODOLOGIES
      - Manual methodologies applied for json library by contributors, and their results, are managed according to specified objectives.
      - 0.00
-   * - :doc:`tenets/TT-EXPECTATIONS/TA-MISBEHAVIOURS`
+   * - :doc:`assertions/TA-MISBEHAVIOURS`
      - Prohibited misbehaviours for json library are identified, and mitigations are specified, verified and validated based on analysis.
      - 0.00
    * - TA-RELEASES
@@ -68,7 +68,7 @@ Compliance for TA
    * - TA-SUPPLY_CHAIN
      - All sources for json library and tools are mirrored in our controlled environment.
      - 0.00
-   * - :doc:`tenets/TT-CONSTRUCTION/TA-TESTS`
+   * - :doc:`assertions/TA-TESTS`
      - All tests for json library, and its build and test environments, are constructed from controlled/mirrored sources and are reproducible, with any exceptions documented.
      - 0.00
    * - TA-UPDATES
@@ -102,21 +102,21 @@ Compliance for TT
    * - Item
      - Summary
      - Score
-   * - :doc:`tenets/TT-CHANGES/index`
+   * - :doc:`tenets/TT-CHANGES`
      - Json library is actively maintained, with regular updates to dependencies, and changes are verified to prevent regressions.
      - 0.00
-   * - :doc:`tenets/TT-CONFIDENCE/index`
+   * - :doc:`tenets/TT-CONFIDENCE`
      - Confidence in json library is measured by analysing actual performance in tests and in production.
      - 0.00
-   * - :doc:`tenets/TT-CONSTRUCTION/index`
+   * - :doc:`tenets/TT-CONSTRUCTION`
      - Tools are provided to build json library from trusted sources (also provided) with full reproducibility.
      - 0.00
-   * - :doc:`tenets/TT-EXPECTATIONS/index`
+   * - :doc:`tenets/TT-EXPECTATIONS`
      - Documentation is provided, specifying what json library is expected to do, and what it must not do, and how this is verified.
      - 0.00
-   * - :doc:`tenets/TT-PROVENANCE/index`
+   * - :doc:`tenets/TT-PROVENANCE`
      - All inputs (and attestations for claims) for json library are provided with known provenance.
      - 0.00
-   * - :doc:`tenets/TT-RESULTS/index`
+   * - :doc:`tenets/TT-RESULTS`
      - Evidence is provided to demonstrate that json library does what it is supposed to do, and does not do what it must not do.
      - 0.00

docs/trustable/tenets/TT-CHANGES.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+JSON-Library is actively maintained, with regular updates to dependencies, and changes are verified to prevent regressions.

docs/trustable/tenets/TT-CONFIDENCE.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Confidence in JSON-Library is achieved by measuring and analysing behaviour and evidence over time.

docs/trustable/tenets/TT-CONSTRUCTION.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Tools are provided to build JSON-Library from trusted sources (also provided) with full reproducibility.

docs/trustable/tenets/TT-CONSTRUCTION/index.rst → docs/trustable/tenets/TT-CONSTRUCTION.rst

@@ -22,4 +22,4 @@ TT-CONSTRUCTION
    :caption: TT-CONSTRUCTION
    :glob:
 
-   TA-TESTS
+   ../assertions/TA-TESTS

docs/trustable/tenets/TT-EXPECTATIONS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Documentation is provided, specifying what JSON-Library is expected to do, and what it must not do, and how this is verified.

docs/trustable/tenets/TT-EXPECTATIONS/index.rst → docs/trustable/tenets/TT-EXPECTATIONS.rst

@@ -22,5 +22,5 @@ TT-EXPECTATIONS
    :caption: TT-EXPECTATIONS
    :glob:
 
-   TA-BEHAVIOURS
-   TA-MISBEHAVIOURS
+   ../assertions/TA-BEHAVIOURS
+   ../assertions/TA-MISBEHAVIOURS

docs/trustable/tenets/TT-PROVENANCE.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+All inputs (and attestations for claims) for JSON-Library are provided with known provenance.

docs/trustable/tenets/TT-RESULTS.md

@@ -0,0 +1,6 @@
+---
+level: 1.1
+normative: true
+---
+
+Evidence is provided to demonstrate that JSON-Library does what it is supposed to do, and does not do what it must not do.

docs/trustable/tenets/index.rst

@@ -22,9 +22,9 @@ Trustable Tenets
    :caption: Trustable Tenets
    :glob:
 
-   TT-PROVENANCE/index
-   TT-CONSTRUCTION/index
-   TT-CHANGES/index
-   TT-EXPECTATIONS/index
-   TT-RESULTS/index
-   TT-CONFIDENCE/index
+   TT-PROVENANCE
+   TT-CONSTRUCTION
+   TT-CHANGES
+   TT-EXPECTATIONS
+   TT-RESULTS
+   TT-CONFIDENCE