diff --git a/.dotstop.dot b/.dotstop.dot index c6ae574271..b99e39fb50 100644 --- a/.dotstop.dot +++ b/.dotstop.dot @@ -57,6 +57,10 @@ digraph G { "JLS-25" [sha="8bb517191450f370679dbafd85342e1bbcf797cc84f2a6f1fc119568b534d5e0"]; "JLS-26" [sha=cf1b73b375697ee56d9788aab79ed01b2730b126a2cc4d7041c9525113e7ed7c]; "JLS-27" [sha="efd4b438331c155eebaec96cd1eda337567794f8696b327562aaaed5fa8ded69"]; +"JLS-36" [sha="1a9abf2ab101af32cc6490d9ed5218df96a06b31cc2aeaff07f769ebf4ba98bb"]; +"JLS-37" [sha="fb19166fd1d71acbe8a852fd1bfced3874efdc687cbf95b03f3201a722fdef8f"]; +"JLS-40" [sha="8a6c2a7c6888f0c13fc4045535125d90a4866858e40ac11910f05eace9ff179a"]; +"JLS-41" [sha="f7cc07fd06ed4605d4207a5f59d60f8b7da48152c76b94132e4ad80a4512975a"]; "NJF-01" [sha="548dc86014e093974f68660942daa231271496a471885bbed092a375b3079bd8"]; "NJF-02" [sha="6ea015646d696e3f014390ff41612eab66ac940f20cf27ce933cbadf8482d526"]; "NJF-03" [sha="4bd1f8210b7bba9a248055a437f377d9da0b7576c5e3ed053606cf8b5b2febe3"]; @@ -362,6 +366,7 @@ digraph G { "TA-CONFIDENCE" -> "JLS-09" [sha="80bbde95fc14f89acf3dad10b3831bc751943fe4a1d79d5cbf4702416c27530f"]; "TA-CONFIDENCE" -> "AOU-10_COMBINED" [sha="5e5d7dc606d53423fbb1f2d5755780c98839bdc2d108704af5ee1aed50403f5e"]; "TA-CONFIDENCE" -> "JLS-20" [sha="1bfd214ab8186a3c095262ae503451b8d71ada8db5b13ecc7b906739a05bc102"]; +"TA-CONFIDENCE" -> "JLS-37" [sha="6b51cec18399ec3a56ac00d26b552da891e57dc20e56ee8d8fb23bbe78c78885"]; "TA-CONSTRAINTS" -> "AOU-04" [sha=d945870431e9311e317c6ddcac094825c2a9cbcecad961f4e283114db91cf27e]; "TA-CONSTRAINTS" -> "AOU-05" [sha=f741ce87385dbed50a6582443907645d70790b5fd0d423b18c3a109d400c7ef1]; "TA-CONSTRAINTS" -> "AOU-06" [sha=bb3ac58ca7f67d9676503a6c71660abd650268e02d6773cb57dfa07d0743fb40]; @@ -385,6 +390,9 @@ digraph G { "TA-ITERATIONS" -> "JLS-19" [sha="9bc13b823f8b49d742b92a8aaf18b8aeb2bb9b0749f4b6dead241af85aea876c"]; "TA-METHODOLOGIES" -> "AOU-10_COMBINED" [sha="2aac71e987a5b6a5d88700e08fe197fbec1e57681f0c3d3f51e59c705b4a0549"]; "TA-METHODOLOGIES" -> "JLS-13" [sha="4e2fb7871a608c98d11b10f4ca4391d69b360419c6a9e1baf7cb40b980fc9e94"]; +"TA-METHODOLOGIES" -> "JLS-36" [sha="b957bfeb0797afcc3f0f59890bbb551daaa98f4148c00c13b1651c6f9ca04a88"]; +"TA-METHODOLOGIES" -> "JLS-40" [sha="22baa2a3b32e04d4659d095fd0b12100cd85f0942612ba91790a57400c7234f0"]; +"TA-METHODOLOGIES" -> "JLS-41" [sha="00f8a2dce919f04c04be03fbc9a7d987e112b9e66a8d0b0763bccf114953c5a4"]; "TA-MISBEHAVIOURS" -> "JLS-02" [sha="532ddabfefb6664d9731084a44df220d1ebdb9f840760d7c471cf04dfc8e96ef"]; "TA-MISBEHAVIOURS" -> "JLS-24" [sha=e8de01ff7c316debcd96afa4b3b6b62be73522e4531214c18b3ad7eec826275e]; "TA-MISBEHAVIOURS" -> "JLS-25" [sha="56ba396580f90e5a10fd5adfe33864921537d47e21b215a8faf531855af40ecd"]; diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index 023fbcdfbf..5393f99ef1 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -1,6 +1,10 @@ --- level: 1.1 normative: true +references: + - type: web_content + url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/dashboard.html#summary" + description: "Dashboard showing distributions of evidence scores and SME (subject-matter expert) scores." --- -Each statement is scored based on SME reviews or automatic validation functions. (TODO) \ No newline at end of file +Each leaf node in the Trustable Graph is scored either based on an SME review alone or on a combination of an SME review and an automatic validation function. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-09.md b/TSF/trustable/statements/JLS-09.md index 1d0c98b549..dc16cd865e 100644 --- a/TSF/trustable/statements/JLS-09.md +++ b/TSF/trustable/statements/JLS-09.md @@ -1,6 +1,10 @@ --- level: 1.1 normative: true +references: + - type: web_content + url: "https://score-json.github.io/json/main/concept.html#scoring" + description: "Description of the algorithm how scores are accumulated, reviewed." --- -Scores are reasonably, systematically and repeatably accumulated. (TODO) \ No newline at end of file +Scores are reasonably, systematically and repeatably accumulated. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-13.md b/TSF/trustable/statements/JLS-13.md index ec6d467421..c45bc20293 100644 --- a/TSF/trustable/statements/JLS-13.md +++ b/TSF/trustable/statements/JLS-13.md @@ -2,12 +2,29 @@ level: 1.1 normative: true references: + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CODEOWNERS" + description: "CODEOWNERS file specifying that changes to any file requests @nlohmann for code review in case of a pull request" + - type: project_website + url: "https://github.com/nlohmann/json?tab=contributing-ov-file#readme" + description: "nlohmann/json contribution guidelines" - type: website - url: https://eclipse-score.github.io/process_description/main/general_concepts/score_review_concept.html - description: "Documentation of S-CORE methodologies" + url: "https://github.com/nlohmann/json/actions?query=event%3Apush+branch%3Amaster" + description: "GitHub reviews of nlohmann/json filtered for push to master" + - type: verbose_file + path: "/workspaces/json/ChangeLog.md" + description: "A mirror of the Changelog of nlohmann/json's Changelog" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://github.com/nlohmann/json/actions?query=event%3Apush+branch%3Amaster" + - "https://github.com/nlohmann/json?tab=contributing-ov-file#readme" + - "https://github.com/nlohmann/json/blob/develop/.github/CODEOWNERS" score: Jonas-Kirchhoff: 1.0 Erikhu1: 1.0 --- -The S-Core methodologies are followed. \ No newline at end of file +All contributions to the nlohmann/json repository are reviewed according to the project’s documented contribution and review process. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-36.md b/TSF/trustable/statements/JLS-36.md new file mode 100644 index 0000000000..f2955f2ce0 --- /dev/null +++ b/TSF/trustable/statements/JLS-36.md @@ -0,0 +1,10 @@ +--- +level: 1.1 +normative: true +references: + - type: verbose_file + path: "/workspaces/json/TSF/README.md" + description: "release management and update process description" +--- + +Releases and updates of the score-json repository are carried out in accordance with defined and documented release and update process. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-37.md b/TSF/trustable/statements/JLS-37.md new file mode 100644 index 0000000000..24c9aeb987 --- /dev/null +++ b/TSF/trustable/statements/JLS-37.md @@ -0,0 +1,10 @@ +--- +level: 1.1 +normative: true +references: + - type: web_content + url: "https://score-json.github.io/json/main/generated/trustable_report_for_Software.html#compliance-for-ta" + description: "Trustable Compliance Report showing scores for different TA items." +--- + +The confidence in the nlohmann/json library also incorporates confidence scores derived from other TA items. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-40.md b/TSF/trustable/statements/JLS-40.md new file mode 100644 index 0000000000..86acb0b606 --- /dev/null +++ b/TSF/trustable/statements/JLS-40.md @@ -0,0 +1,26 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md" + description: "nlohmann/json contribution guidelines describing analysis, testing, and review expectations" + - type: project_website + url: "https://github.com/nlohmann/json/tree/develop/.github" + description: "Project workflows and configuration supporting automated analysis and testing for nlohmann/json" + - type: file + path: "TSF/scripts/generate_list_of_misbehaviours.py" + description: "Script generating a report of known misbehaviours of the nlohmann/json library based on GitHub issues" + - type: verbose_file + path: "TSF/README.md" + description: "TSF-related description of analysis, verification processes, and update concepts for score-json" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://github.com/nlohmann/json/blob/develop/.github/CODE_OF_CONDUCT.md" + - "https://github.com/nlohmann/json/tree/develop/.github" +--- + +Manual verification activities that complement automated analysis for the nlohmann/json library are documented, reviewed against defined criteria, and considered for their impact on identifying and addressing misbehaviours. diff --git a/TSF/trustable/statements/JLS-41.md b/TSF/trustable/statements/JLS-41.md new file mode 100644 index 0000000000..4ee5581709 --- /dev/null +++ b/TSF/trustable/statements/JLS-41.md @@ -0,0 +1,27 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CODEOWNERS" + description: "Definition of responsible owners and reviewers for the nlohmann/json repository" + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md" + description: "nlohmann/json contribution guidelines describing contribution, testing, and review expectations" + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CODE_OF_CONDUCT.md" + description: "Code of Conduct defining behavioural expectations during collaboration and review" + - type: verbose_file + path: "TSF/README.md" + description: "TSF documentation describing responsibilities, verification processes, and change control for score-json" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://github.com/nlohmann/json/blob/develop/.github/CODE_OF_CONDUCT.md" + - "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md" + - "https://github.com/nlohmann/json/blob/develop/.github/CODEOWNERS" +--- + +Responsibilities for manual verification and review follow documented, competence-based processes and guidelines, and the associated processes and checks are regularly reviewed and updated under defined change control. \ No newline at end of file