From 9afce7bdc13f875988d1683f050a1b5f76905fc6 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 14 Nov 2025 08:59:31 +0000 Subject: [PATCH 1/7] Changes to JLS-02 and JLS-10 --- TSF/trustable/statements/JLS-02.md | 2 +- TSF/trustable/statements/JLS-10.md | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/TSF/trustable/statements/JLS-02.md b/TSF/trustable/statements/JLS-02.md index b34653bf14..179d9351d7 100644 --- a/TSF/trustable/statements/JLS-02.md +++ b/TSF/trustable/statements/JLS-02.md @@ -23,4 +23,4 @@ score: Erikhu1: 1.0 --- -Fuzz testing is used in the original nlohmann/json repository (https://github.com/nlohmann/json) to uncover edge cases and failure modes throughout development. (https://github.com/nlohmann/json/blob/develop/tests/fuzzing.md) \ No newline at end of file +Fuzz testing is used in the nlohmann/json repository to uncover edge cases and failure modes throughout development. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-10.md b/TSF/trustable/statements/JLS-10.md index 34b8d3a9d7..dbfb606058 100644 --- a/TSF/trustable/statements/JLS-10.md +++ b/TSF/trustable/statements/JLS-10.md @@ -1,6 +1,14 @@ --- level: 1.1 normative: true +references: +references: + - type: website + url: "https://github.com/nlohmann/json/releases" + description: "List of nlohmann/json releases consisting of source code, build instructions, test code and test result summaries." + --- -Every release includes source code, build instructions, tests and attestations. (TODO: Test result summary) \ No newline at end of file +Every release of the nlohmann/json library includes source code, build instructions, test code, test results summaries and attestations. + +NOTE: Currently, I cannot find any attestations for nlohmann/json. \ No newline at end of file From 72630129d8c85e778fa9511b05150c09c5b11ddd Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 14 Nov 2025 09:32:13 +0000 Subject: [PATCH 2/7] Added link from TA-TESTS to JLS-02 --- .dotstop.dot | 1 + 1 file changed, 1 insertion(+) diff --git a/.dotstop.dot b/.dotstop.dot index c6ae574271..39435941a9 100644 --- a/.dotstop.dot +++ b/.dotstop.dot @@ -400,6 +400,7 @@ digraph G { "TA-SUPPLY_CHAIN" -> "JLS-23" [sha=fe2b810e22c4da9911266183bc8679a56d8dd2d5a76624cd1f3ee329d9b93a08]; "TA-TESTS" -> "JLS-16" [sha=a4143b13d9ae2553534457603bdca9beb6cca0ee5b8b9bae50cefa97d2519702]; "TA-TESTS" -> "AOU-15" [sha=d4fef1c406b26cb7a3b303632f882c982bfedab6c18f4aca38be576219587011]; +"TA-TESTS" -> "JLS-02" [sha="5417ec4f7f55a13a19b801871168b5165f44d46853df2b4a199035db4f54038a"]; "TA-UPDATES" -> "JLS-06" [sha="7386ba4dfdca14a2b0c73b6b759ddeee66e0196f164322d552c2867e5c7a4b96"]; "TA-UPDATES" -> "JLS-07" [sha="9256bec79e828b44dd12d4298483bbab7ab24a1eb542c133ee5392ee5829cb7f"]; "TA-UPDATES" -> "JLS-12" [sha="45b7cf8eebee7a35ba39b3f990cefe3cbfd79c5f74415c5321026d64d89f5703"]; From 0f26eea5f1fbd1bf67017bf6b6bf2b733ec0e6bf Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 14 Nov 2025 10:19:04 +0000 Subject: [PATCH 3/7] added github actions reference to JLS-16 --- TSF/trustable/statements/JLS-16.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/TSF/trustable/statements/JLS-16.md b/TSF/trustable/statements/JLS-16.md index 9fee7fc698..3807de96cf 100644 --- a/TSF/trustable/statements/JLS-16.md +++ b/TSF/trustable/statements/JLS-16.md @@ -3,6 +3,9 @@ references: - type: verbose_file path: "./TSF/docs/list_of_test_environments.md" comment: "The list of all test-cases together with their execution environments" + - type: website + path: "https://github.com/score-json/json/actions" + description: "Github actions page showing that score-json is using github host environment." evidence: type: check_list_of_tests configuration: From ef28662ae69348e8b57081204bd6e9b8757c4d12 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 14 Nov 2025 12:09:51 +0000 Subject: [PATCH 4/7] added missing TA-TESTS evidence to JLS-16 --- TSF/trustable/statements/JLS-16.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TSF/trustable/statements/JLS-16.md b/TSF/trustable/statements/JLS-16.md index 3807de96cf..426f384e7f 100644 --- a/TSF/trustable/statements/JLS-16.md +++ b/TSF/trustable/statements/JLS-16.md @@ -5,7 +5,7 @@ references: comment: "The list of all test-cases together with their execution environments" - type: website path: "https://github.com/score-json/json/actions" - description: "Github actions page showing that score-json is using github host environment." + description: "Github actions page showing that score-json is using Github host environment." evidence: type: check_list_of_tests configuration: @@ -16,4 +16,4 @@ level: 1.1 normative: true --- -A list of tests, which is extracted from the test execution, is provided, along with a list of test environments. \ No newline at end of file +A list of tests, which is extracted from the test execution, is provided, along with a list of test environments, a list of fault induction tests and test construction configurations and results. \ No newline at end of file From dfc7a6457da6463f377801a9acd2406d7d345a88 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 14 Nov 2025 12:31:08 +0000 Subject: [PATCH 5/7] Added JLS-38 and updated JLS-16 --- .dotstop.dot | 1 + TSF/trustable/statements/JLS-16.md | 7 ++++++- TSF/trustable/statements/JLS-38.md | 8 ++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 TSF/trustable/statements/JLS-38.md diff --git a/.dotstop.dot b/.dotstop.dot index 39435941a9..26cfbcee64 100644 --- a/.dotstop.dot +++ b/.dotstop.dot @@ -57,6 +57,7 @@ digraph G { "JLS-25" [sha="8bb517191450f370679dbafd85342e1bbcf797cc84f2a6f1fc119568b534d5e0"]; "JLS-26" [sha=cf1b73b375697ee56d9788aab79ed01b2730b126a2cc4d7041c9525113e7ed7c]; "JLS-27" [sha="efd4b438331c155eebaec96cd1eda337567794f8696b327562aaaed5fa8ded69"]; +"JLS-38" [sha="a7ab6cc546e4c9c02c6dc479b8fff29ef6f5be5459185daac4ad1117b2845115"]; "NJF-01" [sha="548dc86014e093974f68660942daa231271496a471885bbed092a375b3079bd8"]; "NJF-02" [sha="6ea015646d696e3f014390ff41612eab66ac940f20cf27ce933cbadf8482d526"]; "NJF-03" [sha="4bd1f8210b7bba9a248055a437f377d9da0b7576c5e3ed053606cf8b5b2febe3"]; diff --git a/TSF/trustable/statements/JLS-16.md b/TSF/trustable/statements/JLS-16.md index 426f384e7f..daf78c64e8 100644 --- a/TSF/trustable/statements/JLS-16.md +++ b/TSF/trustable/statements/JLS-16.md @@ -4,7 +4,7 @@ references: path: "./TSF/docs/list_of_test_environments.md" comment: "The list of all test-cases together with their execution environments" - type: website - path: "https://github.com/score-json/json/actions" + url: "https://github.com/score-json/json/actions" description: "Github actions page showing that score-json is using Github host environment." evidence: type: check_list_of_tests @@ -12,6 +12,11 @@ evidence: sources: - "./tests/src" - "./TSF/tests" + type: https_response_time + configuration: + target: 2.0 + urls: + - https://github.com/score-json/json/actions level: 1.1 normative: true --- diff --git a/TSF/trustable/statements/JLS-38.md b/TSF/trustable/statements/JLS-38.md new file mode 100644 index 0000000000..9004e5487b --- /dev/null +++ b/TSF/trustable/statements/JLS-38.md @@ -0,0 +1,8 @@ +--- +level: 1.1 +normative: true +references: + +--- + +Every release of the nlohmann/json library shall provide configuration management for build instructions and infrastructure. \ No newline at end of file From 3f1054c2e026a41ddd007675841f24f897ec857a Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 14 Nov 2025 13:37:58 +0000 Subject: [PATCH 6/7] created link TA-RELEASES -> JLS-38 --- .dotstop.dot | 1 + TSF/trustable/statements/JLS-38.md | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.dotstop.dot b/.dotstop.dot index 26cfbcee64..acd775d69d 100644 --- a/.dotstop.dot +++ b/.dotstop.dot @@ -396,6 +396,7 @@ digraph G { "TA-RELEASES" -> "JLS-14" [sha="1202b9934353436fba927de6762cf62a8fc23ab0815a3c06f9d0a77b55830720"]; "TA-RELEASES" -> "JLS-21" [sha="5d57d2b547a841bb31f29034b785d9bec1ffb0e495d80e0e356a54391aa22e1b"]; "TA-RELEASES" -> "AOU-08" [sha="553e265d835b353b298ce4adf3bdf0b81ff777e38bfa3e42f2a465f33e27644e"]; +"TA-RELEASES" -> "JLS-38" [sha="3b8628c82bf2e6f1a83e44a9dd9479c79593d5d15a85f85e9b81fe1f9be9bd74"]; "TA-SUPPLY_CHAIN" -> "AOU-02" [sha=cde3adf7a14be6786f9ec48a32f619426ce78727ae0dca48e1064cb5625abbf3]; "TA-SUPPLY_CHAIN" -> "AOU-03" [sha="2c4b421554b95a604a631d77b854839468f09da2b71a5960e4773f626e8c8a32"]; "TA-SUPPLY_CHAIN" -> "JLS-23" [sha=fe2b810e22c4da9911266183bc8679a56d8dd2d5a76624cd1f3ee329d9b93a08]; diff --git a/TSF/trustable/statements/JLS-38.md b/TSF/trustable/statements/JLS-38.md index 9004e5487b..a2989980dc 100644 --- a/TSF/trustable/statements/JLS-38.md +++ b/TSF/trustable/statements/JLS-38.md @@ -1,8 +1,6 @@ --- level: 1.1 normative: true -references: - --- Every release of the nlohmann/json library shall provide configuration management for build instructions and infrastructure. \ No newline at end of file From 2952ce87a721705486ef7d215f02de3a67c635c2 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 14 Nov 2025 15:16:23 +0000 Subject: [PATCH 7/7] provided references for JLS-38 --- TSF/trustable/statements/JLS-38.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/TSF/trustable/statements/JLS-38.md b/TSF/trustable/statements/JLS-38.md index a2989980dc..d4a8b1046a 100644 --- a/TSF/trustable/statements/JLS-38.md +++ b/TSF/trustable/statements/JLS-38.md @@ -1,6 +1,20 @@ --- level: 1.1 normative: true +references: + - type: website + url: "https://json.nlohmann.me/integration/cmake/" + description: "cmake build management documentation for nlohmann/json" + - type: website + url: "https://json.nlohmann.me/integration/package_managers/" + description: "package manager documentation for nlohmann/json" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://json.nlohmann.me/integration/cmake/" + - "https://json.nlohmann.me/integration/package_managers/" --- Every release of the nlohmann/json library shall provide configuration management for build instructions and infrastructure. \ No newline at end of file