From 735c953a7cec8f056ceea965499d01d123d63ff1 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 09:13:03 +0000 Subject: [PATCH 01/29] adding new statements to TA-METHODOLOGIES and fixing statements from TA-CONFIDENCE --- .dotstop.dot | 12 ++++++++++++ TSF/trustable/statements/JLS-08.md | 9 ++++++++- TSF/trustable/statements/JLS-09.md | 6 +++++- TSF/trustable/statements/JLS-13.md | 21 ++++++++++++++------- TSF/trustable/statements/JLS-36.md | 10 ++++++++++ TSF/trustable/statements/JLS-37.md | 20 ++++++++++++++++++++ TSF/trustable/statements/JLS-40.md | 16 ++++++++++++++++ TSF/trustable/statements/JLS-41.md | 10 ++++++++++ TSF/trustable/statements/JLS-42.md | 19 +++++++++++++++++++ TSF/trustable/statements/JLS-43.md | 20 ++++++++++++++++++++ 10 files changed, 134 insertions(+), 9 deletions(-) create mode 100644 TSF/trustable/statements/JLS-36.md create mode 100644 TSF/trustable/statements/JLS-37.md create mode 100644 TSF/trustable/statements/JLS-40.md create mode 100644 TSF/trustable/statements/JLS-41.md create mode 100644 TSF/trustable/statements/JLS-42.md create mode 100644 TSF/trustable/statements/JLS-43.md diff --git a/.dotstop.dot b/.dotstop.dot index 7e15da1524..57ad80a7e5 100644 --- a/.dotstop.dot +++ b/.dotstop.dot @@ -67,6 +67,12 @@ digraph G { "JLS-33" [sha="16ebc7717e389ac1ca349ead591b4dc5b65997e8c5f78d58d6293cd75bbe0d28"]; "JLS-34" [sha="3484d9766deace45ecbc0d6892c7114ce7d97a51836399887500a318b3a88dc6"]; "JLS-35" [sha="b11006d1d5708c3aba84d4f06834ad965d6aebde8619306389a4f8fa655b2dcf"]; +"JLS-36" [sha="1a9abf2ab101af32cc6490d9ed5218df96a06b31cc2aeaff07f769ebf4ba98bb"]; +"JLS-37" [sha="fb19166fd1d71acbe8a852fd1bfced3874efdc687cbf95b03f3201a722fdef8f"]; +"JLS-40" [sha="8a6c2a7c6888f0c13fc4045535125d90a4866858e40ac11910f05eace9ff179a"]; +"JLS-41" [sha="f7cc07fd06ed4605d4207a5f59d60f8b7da48152c76b94132e4ad80a4512975a"]; +"JLS-42" [sha="d90e0a0d85a952868a794945a7ecfb0217202752ccb97bc0a6e4724700fd20b8"]; +"JLS-43" [sha="ab3f0247c96f064628d255d44c63be9a50cbee11ca64432b5f0181e55347e5a2"]; "NJF-01" [sha="548dc86014e093974f68660942daa231271496a471885bbed092a375b3079bd8"]; "NJF-02" [sha="6ea015646d696e3f014390ff41612eab66ac940f20cf27ce933cbadf8482d526"]; "NJF-03" [sha="4bd1f8210b7bba9a248055a437f377d9da0b7576c5e3ed053606cf8b5b2febe3"]; @@ -378,6 +384,7 @@ digraph G { "TA-CONFIDENCE" -> "JLS-08" [sha="506164051180023c8533ea1f6dedf1bad894c3ee6020ff16b002e33b109c2791"]; "TA-CONFIDENCE" -> "JLS-09" [sha="80bbde95fc14f89acf3dad10b3831bc751943fe4a1d79d5cbf4702416c27530f"]; "TA-CONFIDENCE" -> "JLS-20" [sha="1bfd214ab8186a3c095262ae503451b8d71ada8db5b13ecc7b906739a05bc102"]; +"TA-CONFIDENCE" -> "JLS-37" [sha="b8294c05b686be5c608685b6077af39aabebda04acc465720695595582dcc041"]; "TA-CONSTRAINTS" -> "AOU-04" [sha="9466008edc5257d5d6ad6cae05eadbd7e6c63ed10f45f9bbe9166dc5af5db294"]; "TA-CONSTRAINTS" -> "AOU-05" [sha="ead38077bd84ce52bc7ce9ab1be36ef6d1b62aa7bd30b2a5d5eea3aedfe9da3c"]; "TA-CONSTRAINTS" -> "AOU-06" [sha=bb3ac58ca7f67d9676503a6c71660abd650268e02d6773cb57dfa07d0743fb40]; @@ -417,6 +424,11 @@ digraph G { "TA-ITERATIONS" -> "JLS-10" [sha="6e77b132d4159d65e261e90466537dbf44edc643b44c0671b8c40b994ef08590"]; "TA-ITERATIONS" -> "JLS-19" [sha="9bc13b823f8b49d742b92a8aaf18b8aeb2bb9b0749f4b6dead241af85aea876c"]; "TA-METHODOLOGIES" -> "JLS-13" [sha="4e2fb7871a608c98d11b10f4ca4391d69b360419c6a9e1baf7cb40b980fc9e94"]; +"TA-METHODOLOGIES" -> "JLS-36" [sha="bb56d3a2aa32b55d9158cd606172b8c4a5b7605acc703f5aca1ecdd37fc6a65a"]; +"TA-METHODOLOGIES" -> "JLS-40" [sha="af896a265a2ef24e341ff11d722aaf863ccc7c789bf90ebeb9a4e33ddabfd727"]; +"TA-METHODOLOGIES" -> "JLS-41" [sha="812e1a905c911c110c49edb7ede42dcfaf0bf2d790b67e13337f4a054d897bf7"]; +"TA-METHODOLOGIES" -> "JLS-42" [sha="69fa2c45ac391620896dd387d7b422252f11000b386c4e8915147d286543da3e"]; +"TA-METHODOLOGIES" -> "JLS-43" [sha="4aa2cb58cb0c308eeed861ef358138de644cae5d56760d6ebcd10d78caa59e5e"]; "TA-MISBEHAVIOURS" -> "JLS-02" [sha="532ddabfefb6664d9731084a44df220d1ebdb9f840760d7c471cf04dfc8e96ef"]; "TA-MISBEHAVIOURS" -> "JLS-24" [sha=e8de01ff7c316debcd96afa4b3b6b62be73522e4531214c18b3ad7eec826275e]; "TA-MISBEHAVIOURS" -> "JLS-25" [sha="56ba396580f90e5a10fd5adfe33864921537d47e21b215a8faf531855af40ecd"]; diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index 21c3ae182d..b792fb9be8 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -1,6 +1,13 @@ --- level: 1.1 normative: true +references: + - type: web_content + url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/dashboard.html#summary" + description: "Dashboard showing distributions of evidence scores and SME (subject-matter expert) scores." + - type: web_content + url: "https://codethinklabs.gitlab.io/trustable/trustable/methodology.html#documenting-assumptions" + description: "Definition of Assumptions as part of the methodology" --- -Each statement within the TSF documentation is scored based on SME reviews or automatic validation functions. (TODO) \ No newline at end of file +Each leaf node in the Trustable Graph, which is not a Assumptions-of-Use (AoU), is scored either based on an SME review alone or on a combination of an SME review and an automatic validation function. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-09.md b/TSF/trustable/statements/JLS-09.md index 78c9b43d97..98c7b1ec72 100644 --- a/TSF/trustable/statements/JLS-09.md +++ b/TSF/trustable/statements/JLS-09.md @@ -1,6 +1,10 @@ --- level: 1.1 normative: true +references: + - type: web_content + url: "https://eclipse-score.github.io/inc_nlohmann_json/main/concept.html" + description: "Description of the algorithm how scores are accumulated." --- -Scores within the TSF documentation are reasonably, systematically and repeatably accumulated. (TODO) \ No newline at end of file +Scores within the TSF documentation are reasonably, systematically and repeatably accumulated. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-13.md b/TSF/trustable/statements/JLS-13.md index dc142bdd43..ac3691de1e 100644 --- a/TSF/trustable/statements/JLS-13.md +++ b/TSF/trustable/statements/JLS-13.md @@ -2,12 +2,19 @@ level: 1.1 normative: true references: - - type: website - url: "https://eclipse-score.github.io/process_description/main/general_concepts/score_review_concept.html" - description: "Documentation of S-CORE methodologies" -score: - Jonas-Kirchhoff: 1.0 - Erikhu1: 1.0 + - type: project_website + url: "https://json.nlohmann.me/community/contribution_guidelines/#update-the-documentation" + description: "Contribution guidelines describing how to update and locally build the mkdocs-based documentation" + - type: project_website + url: "https://github.com/nlohmann/json/releases" + description: "Release notes summarising behavioural changes and documentation updates for each version" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://json.nlohmann.me/community/contribution_guidelines/#update-the-documentation" + - "https://github.com/nlohmann/json/releases" --- -The S-Core methodologies are followed in eclipse-score/inc_nlohmann_json. \ No newline at end of file +For changes that affect the behaviour or public API of the nlohmann/json library, contributors manually update the user documentation and regenerate the documentation site. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-36.md b/TSF/trustable/statements/JLS-36.md new file mode 100644 index 0000000000..9d1b921766 --- /dev/null +++ b/TSF/trustable/statements/JLS-36.md @@ -0,0 +1,10 @@ +--- +level: 1.1 +normative: true +references: + - type: verbose_file + path: "./README.md" + description: "release management and update process description" +--- + +Releases and updates of the score-json repository are carried out in accordance with defined and documented release and update process. diff --git a/TSF/trustable/statements/JLS-37.md b/TSF/trustable/statements/JLS-37.md new file mode 100644 index 0000000000..f4bef0a313 --- /dev/null +++ b/TSF/trustable/statements/JLS-37.md @@ -0,0 +1,20 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_report_for_Software.html#compliance-for-ta" + description: "Trustable Compliance Report showing scores for different TA items." + - type: project_website + url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_graph.html" + description: "presentation of the full trustable graph in which high-level statements are broken down" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_report_for_Software.html#compliance-for-ta" + - "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_graph.html" +--- + +High-level statements are decomposed into smaller, well-defined sub-statements that can recursively be shown to be either true or false. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-40.md b/TSF/trustable/statements/JLS-40.md new file mode 100644 index 0000000000..1492681f86 --- /dev/null +++ b/TSF/trustable/statements/JLS-40.md @@ -0,0 +1,16 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://github.com/nlohmann/json/security/advisories/new" + description: "Well-defined process for issuing a vulnerability or bug report for the nlohmann/json library" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://github.com/nlohmann/json/security/advisories/new" +--- + +The manual activity of issuing a vulnerability or bug report for the nlohmann/json library follows a well-defined process documented in the project’s security advisory workflow. diff --git a/TSF/trustable/statements/JLS-41.md b/TSF/trustable/statements/JLS-41.md new file mode 100644 index 0000000000..03411c6c35 --- /dev/null +++ b/TSF/trustable/statements/JLS-41.md @@ -0,0 +1,10 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://json.nlohmann.me/community/contribution_guidelines/#write-tests" + description: "Contribution guidelines describing the test policy and requirement to maintain 100% coverage" +--- + +Contributors manually extend and execute the regression test suite when proposing fixes or non-trivial changes to the nlohmann/json library. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-42.md b/TSF/trustable/statements/JLS-42.md new file mode 100644 index 0000000000..51c79e7573 --- /dev/null +++ b/TSF/trustable/statements/JLS-42.md @@ -0,0 +1,19 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md#describe-your-changes" + description: "Contribution guidelines requiring manual pull requests to describe the rationale behind non-trivial changes" + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md#reference-an-existing-issue" + description: "Contribution guidelines requiring manual pull requests to link to an existing issue" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md" +--- + +All manual pull requests to the nlohmann/json repository that introduce changes are expected to describe the rationale for the proposed change and to link to an existing issue, in accordance with the project’s contribution guidelines. diff --git a/TSF/trustable/statements/JLS-43.md b/TSF/trustable/statements/JLS-43.md new file mode 100644 index 0000000000..63bfd4671b --- /dev/null +++ b/TSF/trustable/statements/JLS-43.md @@ -0,0 +1,20 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://github.com/nlohmann/json/discussions/categories/ideas" + description: "Feature request discussions showing that feature requests are actively investigated and answered" + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CODEOWNERS" + description: "Definition of responsible owners and reviewers for the nlohmann/json repository" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://github.com/nlohmann/json/discussions/categories/ideas" + - "https://github.com/nlohmann/json/blob/develop/.github/CODEOWNERS" +--- + +Feature requests for the nlohmann/json repository are raised in the project’s GitHub discussions and are actively reviewed and answered by the maintainer. \ No newline at end of file From b2c9078747e09e6a1be3f53b1d35226f82ce0865 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 09:28:04 +0000 Subject: [PATCH 02/29] added references to JLS 40 and 42 --- TSF/trustable/statements/JLS-40.md | 4 ++++ TSF/trustable/statements/JLS-42.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/TSF/trustable/statements/JLS-40.md b/TSF/trustable/statements/JLS-40.md index 1492681f86..4b499a7c96 100644 --- a/TSF/trustable/statements/JLS-40.md +++ b/TSF/trustable/statements/JLS-40.md @@ -2,6 +2,9 @@ level: 1.1 normative: true references: + - type: project_website + url: "https://github.com/nlohmann/json/security/policy" + description: "Security policy describing how to report vulnerabilities for the nlohmann/json library" - type: project_website url: "https://github.com/nlohmann/json/security/advisories/new" description: "Well-defined process for issuing a vulnerability or bug report for the nlohmann/json library" @@ -11,6 +14,7 @@ evidence: target_seconds: 2 urls: - "https://github.com/nlohmann/json/security/advisories/new" + - "https://github.com/nlohmann/json/security/policy" --- The manual activity of issuing a vulnerability or bug report for the nlohmann/json library follows a well-defined process documented in the project’s security advisory workflow. diff --git a/TSF/trustable/statements/JLS-42.md b/TSF/trustable/statements/JLS-42.md index 51c79e7573..2e393f425c 100644 --- a/TSF/trustable/statements/JLS-42.md +++ b/TSF/trustable/statements/JLS-42.md @@ -8,12 +8,16 @@ references: - type: project_website url: "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md#reference-an-existing-issue" description: "Contribution guidelines requiring manual pull requests to link to an existing issue" + - type: project_website + url: "https://github.com/nlohmann/json/pulls" + description: "GitHub pull requests showing review discussions, approvals, and merge/close status" evidence: type: https_response_time configuration: target_seconds: 2 urls: - "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md" + - "https://github.com/nlohmann/json/pulls" --- All manual pull requests to the nlohmann/json repository that introduce changes are expected to describe the rationale for the proposed change and to link to an existing issue, in accordance with the project’s contribution guidelines. From 17c688e878884ab4990a8f345e865ac0d0695793 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 14:27:19 +0100 Subject: [PATCH 03/29] Update TSF/trustable/statements/JLS-43.md Co-authored-by: Erik Hu Signed-off-by: halnasri --- TSF/trustable/statements/JLS-43.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-43.md b/TSF/trustable/statements/JLS-43.md index 63bfd4671b..326f5f51aa 100644 --- a/TSF/trustable/statements/JLS-43.md +++ b/TSF/trustable/statements/JLS-43.md @@ -17,4 +17,4 @@ evidence: - "https://github.com/nlohmann/json/blob/develop/.github/CODEOWNERS" --- -Feature requests for the nlohmann/json repository are raised in the project’s GitHub discussions and are actively reviewed and answered by the maintainer. \ No newline at end of file +Feature requests for the nlohmann/json repository are raised in the project's GitHub discussions and are actively reviewed and answered by the maintainer. \ No newline at end of file From 2ca6fde670fd8dde2428fa7f0eeed12a0a2dafdc Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 14:31:01 +0100 Subject: [PATCH 04/29] Update TSF/trustable/statements/JLS-42.md Co-authored-by: Erik Hu Signed-off-by: halnasri --- TSF/trustable/statements/JLS-42.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-42.md b/TSF/trustable/statements/JLS-42.md index 2e393f425c..2422524622 100644 --- a/TSF/trustable/statements/JLS-42.md +++ b/TSF/trustable/statements/JLS-42.md @@ -20,4 +20,4 @@ evidence: - "https://github.com/nlohmann/json/pulls" --- -All manual pull requests to the nlohmann/json repository that introduce changes are expected to describe the rationale for the proposed change and to link to an existing issue, in accordance with the project’s contribution guidelines. +All manual pull requests to the nlohmann/json repository that introduce non-trivial changes are expected to explain the rationale for the proposed change and to link to an existing issue, in accordance with the project's contribution guidelines. From c427ef3a873ca9133c35ef73d1135343ee6aee99 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 14:31:47 +0100 Subject: [PATCH 05/29] Update TSF/trustable/statements/JLS-37.md Co-authored-by: Erik Hu Signed-off-by: halnasri --- TSF/trustable/statements/JLS-37.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-37.md b/TSF/trustable/statements/JLS-37.md index f4bef0a313..b55d0b3610 100644 --- a/TSF/trustable/statements/JLS-37.md +++ b/TSF/trustable/statements/JLS-37.md @@ -17,4 +17,4 @@ evidence: - "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_graph.html" --- -High-level statements are decomposed into smaller, well-defined sub-statements that can recursively be shown to be either true or false. \ No newline at end of file +High-level statements are decomposed into smaller, well-defined supporting statements that can recursively be shown to be either true or false. \ No newline at end of file From 7873215fb1cd999baf18e387eb05018fa0e5d8c5 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 14:32:38 +0100 Subject: [PATCH 06/29] Update TSF/trustable/statements/JLS-09.md Co-authored-by: Erik Hu Signed-off-by: halnasri --- TSF/trustable/statements/JLS-09.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-09.md b/TSF/trustable/statements/JLS-09.md index 98c7b1ec72..b5b3092b7c 100644 --- a/TSF/trustable/statements/JLS-09.md +++ b/TSF/trustable/statements/JLS-09.md @@ -4,7 +4,7 @@ normative: true references: - type: web_content url: "https://eclipse-score.github.io/inc_nlohmann_json/main/concept.html" - description: "Description of the algorithm how scores are accumulated." + description: "Description of the algorithm on how scores are accumulated." --- Scores within the TSF documentation are reasonably, systematically and repeatably accumulated. \ No newline at end of file From d492dcd6f1b4504dd3313d615db60241e4454c09 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 14:33:08 +0100 Subject: [PATCH 07/29] Update TSF/trustable/statements/JLS-08.md Co-authored-by: Erik Hu Signed-off-by: halnasri --- TSF/trustable/statements/JLS-08.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index b792fb9be8..dd7c2a4524 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -10,4 +10,4 @@ references: description: "Definition of Assumptions as part of the methodology" --- -Each leaf node in the Trustable Graph, which is not a Assumptions-of-Use (AoU), is scored either based on an SME review alone or on a combination of an SME review and an automatic validation function. \ No newline at end of file +Each leaf node in the Trustable Graph, which is not an Assumptions-of-Use (AoU), is scored either based on an SME review alone or on a combination of an SME review and an automatic validator. \ No newline at end of file From d34e62de618b7df6d15f6f88f2216ca449689b24 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 14:52:37 +0000 Subject: [PATCH 08/29] changed JLS08 to be more clear --- TSF/trustable/statements/JLS-08.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index dd7c2a4524..a00052106f 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -10,4 +10,4 @@ references: description: "Definition of Assumptions as part of the methodology" --- -Each leaf node in the Trustable Graph, which is not an Assumptions-of-Use (AoU), is scored either based on an SME review alone or on a combination of an SME review and an automatic validator. \ No newline at end of file +Each leaf node in the Trustable Graph that is not an Assumption-of-Use (AoU) is scored either based on SME review(s) alone or on a combination of SME review(s) and one or more automatic validators. From 6516e0c54c1f1f22ce247a51ef56286e44cbcfd2 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 15:26:53 +0000 Subject: [PATCH 09/29] corrected the statement of JLS-37 --- TSF/trustable/statements/JLS-37.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-37.md b/TSF/trustable/statements/JLS-37.md index b55d0b3610..759c14ad92 100644 --- a/TSF/trustable/statements/JLS-37.md +++ b/TSF/trustable/statements/JLS-37.md @@ -17,4 +17,4 @@ evidence: - "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_graph.html" --- -High-level statements are decomposed into smaller, well-defined supporting statements that can recursively be shown to be either true or false. \ No newline at end of file +High-level statements are decomposed into smaller, recursive statements. \ No newline at end of file From eed921cbcf895ac8d22fcf5d86d133fe94d3372c Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 15:38:35 +0000 Subject: [PATCH 10/29] corrected the statement of JLS-41 --- TSF/trustable/statements/JLS-41.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-41.md b/TSF/trustable/statements/JLS-41.md index 03411c6c35..2a3cfb9fea 100644 --- a/TSF/trustable/statements/JLS-41.md +++ b/TSF/trustable/statements/JLS-41.md @@ -7,4 +7,4 @@ references: description: "Contribution guidelines describing the test policy and requirement to maintain 100% coverage" --- -Contributors manually extend and execute the regression test suite when proposing fixes or non-trivial changes to the nlohmann/json library. \ No newline at end of file +The manual process for extending the nlohmann/json library’s test suite so that coverage remains at 100% when fixes or other non-trivial changes are proposed is well-defined and documented. From ac4709bcee73270da47e8990f499ef7fb4d01ef9 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 15:54:48 +0000 Subject: [PATCH 11/29] corrected the file path in JLS-36 --- TSF/trustable/statements/JLS-36.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TSF/trustable/statements/JLS-36.md b/TSF/trustable/statements/JLS-36.md index 9d1b921766..3e19d6b585 100644 --- a/TSF/trustable/statements/JLS-36.md +++ b/TSF/trustable/statements/JLS-36.md @@ -3,8 +3,8 @@ level: 1.1 normative: true references: - type: verbose_file - path: "./README.md" + path: "./TSF/README.md" description: "release management and update process description" --- -Releases and updates of the score-json repository are carried out in accordance with defined and documented release and update process. +Updates of the eclipse-score/inc_nlohmann_json repository are carried out in accordance with the defined and documented update process in TSF/README.md From cca0fa9907a9b5d13de27a149ea365650660227a Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 18 Nov 2025 15:58:20 +0000 Subject: [PATCH 12/29] reformulated the statement JLS-41 --- TSF/trustable/statements/JLS-41.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-41.md b/TSF/trustable/statements/JLS-41.md index 2a3cfb9fea..3086a82992 100644 --- a/TSF/trustable/statements/JLS-41.md +++ b/TSF/trustable/statements/JLS-41.md @@ -7,4 +7,4 @@ references: description: "Contribution guidelines describing the test policy and requirement to maintain 100% coverage" --- -The manual process for extending the nlohmann/json library’s test suite so that coverage remains at 100% when fixes or other non-trivial changes are proposed is well-defined and documented. +The manual process for extending the nlohmann/json library’s test suite is well-defined and documented, such that coverage remains at 100% when fixes or other non-trivial changes are proposed. From c3a0152bfdb60d5e41d3b07f574666fcfbc7a359 Mon Sep 17 00:00:00 2001 From: halnasri Date: Wed, 19 Nov 2025 09:22:06 +0000 Subject: [PATCH 13/29] split the statement of JLS-40 into tow --- .dotstop.dot | 2 ++ TSF/trustable/statements/JLS-40.md | 2 +- TSF/trustable/statements/JLS-44.md | 20 ++++++++++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 TSF/trustable/statements/JLS-44.md diff --git a/.dotstop.dot b/.dotstop.dot index 57ad80a7e5..6279e0dc77 100644 --- a/.dotstop.dot +++ b/.dotstop.dot @@ -73,6 +73,7 @@ digraph G { "JLS-41" [sha="f7cc07fd06ed4605d4207a5f59d60f8b7da48152c76b94132e4ad80a4512975a"]; "JLS-42" [sha="d90e0a0d85a952868a794945a7ecfb0217202752ccb97bc0a6e4724700fd20b8"]; "JLS-43" [sha="ab3f0247c96f064628d255d44c63be9a50cbee11ca64432b5f0181e55347e5a2"]; +"JLS-44" [sha="3cc7206ec555271d1f369cb1c7ebf3753d32e9fc9be2d0aead5bb5e0e5472375"]; "NJF-01" [sha="548dc86014e093974f68660942daa231271496a471885bbed092a375b3079bd8"]; "NJF-02" [sha="6ea015646d696e3f014390ff41612eab66ac940f20cf27ce933cbadf8482d526"]; "NJF-03" [sha="4bd1f8210b7bba9a248055a437f377d9da0b7576c5e3ed053606cf8b5b2febe3"]; @@ -429,6 +430,7 @@ digraph G { "TA-METHODOLOGIES" -> "JLS-41" [sha="812e1a905c911c110c49edb7ede42dcfaf0bf2d790b67e13337f4a054d897bf7"]; "TA-METHODOLOGIES" -> "JLS-42" [sha="69fa2c45ac391620896dd387d7b422252f11000b386c4e8915147d286543da3e"]; "TA-METHODOLOGIES" -> "JLS-43" [sha="4aa2cb58cb0c308eeed861ef358138de644cae5d56760d6ebcd10d78caa59e5e"]; +"TA-METHODOLOGIES" -> "JLS-44" [sha="694a7ca81623ff8393b0bc601f9b71d425a6436ce250ce61e37ea3d1bceb4a5e"]; "TA-MISBEHAVIOURS" -> "JLS-02" [sha="532ddabfefb6664d9731084a44df220d1ebdb9f840760d7c471cf04dfc8e96ef"]; "TA-MISBEHAVIOURS" -> "JLS-24" [sha=e8de01ff7c316debcd96afa4b3b6b62be73522e4531214c18b3ad7eec826275e]; "TA-MISBEHAVIOURS" -> "JLS-25" [sha="56ba396580f90e5a10fd5adfe33864921537d47e21b215a8faf531855af40ecd"]; diff --git a/TSF/trustable/statements/JLS-40.md b/TSF/trustable/statements/JLS-40.md index 4b499a7c96..899c9734eb 100644 --- a/TSF/trustable/statements/JLS-40.md +++ b/TSF/trustable/statements/JLS-40.md @@ -17,4 +17,4 @@ evidence: - "https://github.com/nlohmann/json/security/policy" --- -The manual activity of issuing a vulnerability or bug report for the nlohmann/json library follows a well-defined process documented in the project’s security advisory workflow. +The manual process for reporting vulnerabilities in the nlohmann/json library is well defined and documented in the project’s security policy and vulnerability reporting template. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-44.md b/TSF/trustable/statements/JLS-44.md new file mode 100644 index 0000000000..7b874e592d --- /dev/null +++ b/TSF/trustable/statements/JLS-44.md @@ -0,0 +1,20 @@ +--- +level: 1.1 +normative: true +references: + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/ISSUE_TEMPLATE/bug.yaml" + description: "Bug report issue template for the nlohmann/json library" + - type: project_website + url: "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md#reporting-issues" + description: "Contribution guidelines describing how to report bugs and issues for the nlohmann/json library" +evidence: + type: https_response_time + configuration: + target_seconds: 2 + urls: + - "https://github.com/nlohmann/json/blob/develop/.github/ISSUE_TEMPLATE/bug.yaml" + - "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md#reporting-issues" +--- + +The manual process for reporting bugs in the nlohmann/json library is well defined and documented in the project’s contribution guidelines and bug report template. \ No newline at end of file From b23c81e322c91a783d6e87afacb11623595ac866 Mon Sep 17 00:00:00 2001 From: halnasri Date: Wed, 19 Nov 2025 09:25:29 +0000 Subject: [PATCH 14/29] only one valitator --- TSF/trustable/statements/JLS-08.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index a00052106f..cedee38c3f 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -10,4 +10,4 @@ references: description: "Definition of Assumptions as part of the methodology" --- -Each leaf node in the Trustable Graph that is not an Assumption-of-Use (AoU) is scored either based on SME review(s) alone or on a combination of SME review(s) and one or more automatic validators. +Each leaf node in the Trustable Graph that is not an Assumption-of-Use (AoU) is scored either based on SME review(s) alone or on a combination of SME review(s) and an automatic validator. From e50a1e71e77f2a8a7ed714a0a9e62faef8bfc24f Mon Sep 17 00:00:00 2001 From: halnasri Date: Wed, 19 Nov 2025 09:29:37 +0000 Subject: [PATCH 15/29] more clear statement in JLS-41 --- TSF/trustable/statements/JLS-41.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-41.md b/TSF/trustable/statements/JLS-41.md index 3086a82992..fbbd2855f7 100644 --- a/TSF/trustable/statements/JLS-41.md +++ b/TSF/trustable/statements/JLS-41.md @@ -7,4 +7,4 @@ references: description: "Contribution guidelines describing the test policy and requirement to maintain 100% coverage" --- -The manual process for extending the nlohmann/json library’s test suite is well-defined and documented, such that coverage remains at 100% when fixes or other non-trivial changes are proposed. +The manual process for extending the nlohmann/json library’s test suite is well-defined and documented, such that code coverage remains at (or close to) 100% when fixes or other non-trivial changes are proposed. From a569524cdc3807148b95de96d3e511e51b623e44 Mon Sep 17 00:00:00 2001 From: halnasri Date: Wed, 19 Nov 2025 09:39:31 +0000 Subject: [PATCH 16/29] ' --- TSF/trustable/statements/JLS-40.md | 2 +- TSF/trustable/statements/JLS-41.md | 2 +- TSF/trustable/statements/JLS-44.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/TSF/trustable/statements/JLS-40.md b/TSF/trustable/statements/JLS-40.md index 899c9734eb..212469f1c7 100644 --- a/TSF/trustable/statements/JLS-40.md +++ b/TSF/trustable/statements/JLS-40.md @@ -17,4 +17,4 @@ evidence: - "https://github.com/nlohmann/json/security/policy" --- -The manual process for reporting vulnerabilities in the nlohmann/json library is well defined and documented in the project’s security policy and vulnerability reporting template. \ No newline at end of file +The manual process for reporting vulnerabilities in the nlohmann/json library is well defined and documented in the project's security policy and vulnerability reporting template. \ No newline at end of file diff --git a/TSF/trustable/statements/JLS-41.md b/TSF/trustable/statements/JLS-41.md index fbbd2855f7..5d7c5f58c6 100644 --- a/TSF/trustable/statements/JLS-41.md +++ b/TSF/trustable/statements/JLS-41.md @@ -7,4 +7,4 @@ references: description: "Contribution guidelines describing the test policy and requirement to maintain 100% coverage" --- -The manual process for extending the nlohmann/json library’s test suite is well-defined and documented, such that code coverage remains at (or close to) 100% when fixes or other non-trivial changes are proposed. +The manual process for extending the nlohmann/json library's test suite is well-defined and documented, such that code coverage remains at (or close to) 100% when fixes or other non-trivial changes are proposed. diff --git a/TSF/trustable/statements/JLS-44.md b/TSF/trustable/statements/JLS-44.md index 7b874e592d..c93d23dd3a 100644 --- a/TSF/trustable/statements/JLS-44.md +++ b/TSF/trustable/statements/JLS-44.md @@ -17,4 +17,4 @@ evidence: - "https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md#reporting-issues" --- -The manual process for reporting bugs in the nlohmann/json library is well defined and documented in the project’s contribution guidelines and bug report template. \ No newline at end of file +The manual process for reporting bugs in the nlohmann/json library is well defined and documented in the project's contribution guidelines and bug report template. \ No newline at end of file From 49eb3699e08169e066b4a9542c138a893c579eb8 Mon Sep 17 00:00:00 2001 From: halnasri Date: Wed, 19 Nov 2025 09:52:08 +0000 Subject: [PATCH 17/29] added a reference to JLS-13 and reformulated the statement --- TSF/trustable/statements/JLS-13.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-13.md b/TSF/trustable/statements/JLS-13.md index ac3691de1e..f2834cc660 100644 --- a/TSF/trustable/statements/JLS-13.md +++ b/TSF/trustable/statements/JLS-13.md @@ -8,6 +8,9 @@ references: - type: project_website url: "https://github.com/nlohmann/json/releases" description: "Release notes summarising behavioural changes and documentation updates for each version" + - type: web_content + url: "https://json.nlohmann.me" + description: "Published documentation site for the nlohmann/json library" evidence: type: https_response_time configuration: @@ -17,4 +20,4 @@ evidence: - "https://github.com/nlohmann/json/releases" --- -For changes that affect the behaviour or public API of the nlohmann/json library, contributors manually update the user documentation and regenerate the documentation site. \ No newline at end of file +For changes that affect the behaviour or public API of the nlohmann/json library, contributors manually update the library documentation and regenerate the json.nlohmann.me documentation site. \ No newline at end of file From 0bf193a7102a9bba56ba9fcab915c00f90447b48 Mon Sep 17 00:00:00 2001 From: halnasri Date: Mon, 24 Nov 2025 10:50:49 +0000 Subject: [PATCH 18/29] added answers to the evidence lists and to the checklists of TA-CONFIDENCE and TA-METHODOLOGIES --- .../assertions/TA-CONFIDENCE_CONTEXT.md | 10 +++---- .../assertions/TA-METHODOLOGIES_CONTEXT.md | 30 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md b/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md index efa1d013e1..75698c1398 100644 --- a/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md +++ b/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md @@ -26,7 +26,7 @@ The process itself should be analysed to determine score maturity, with meta-ana **Evidence** - Confidence scores from other TA items - - **Answer**: + - **Answer**: Provided in JLS-08, JLS-09 and JLS-37 **Confidence scoring** @@ -36,10 +36,10 @@ scores given to Statements **Checklist** - What is the algorithm for combining/comparing the scores? - - **Answer**: + - **Answer**: The algorithm behind the scoring in given in JLS-09 - How confident are we that this algorithm is fit for purpose? - - **Answer**: + - **Answer**: The scoring algorithm is still being reviewed by the SMEs involved in the TSF work and is aligned with the TSF methodology described (see also JLS-09). At the moment, the scores are based on only a small number of SME inputs and statistically robust results require a larger number of SME reviewers to profit from the law-of-large-numbers. - What are the trends for each score? - - **Answer**: + - **Answer**: At the moment we have only a very limited score history (essentially a single major scoring iteration), so we cannot yet derive meaningful long-term trends. The infrastructure to store historical scores (see JLS-20) is already in place. - How well do our scores correlate with external feedback signals? - - **Answer**: + - **Answer**: Such correlation can not be measured yet due to missing data. diff --git a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md index c1c1f4bb7b..83aa2b0a91 100644 --- a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md +++ b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md @@ -31,15 +31,15 @@ Any resulting changes from reviews must follow change control, regardless of who **Evidence** - Manual process documentation - - **Answer**: + - **Answer**: Manual processes relevant for nlohmann/json are documented in several places, (see JLS-36, 40, 41, 42, 43 and 44) - References to methodologies applied as part of these processes - - **Answer**: + - **Answer**: The corresponding references are given for each statement. (see JLS-36, 40, 41, 42, 43 and 44) - Results of applying the processes - - **Answer**: + - **Answer**: Results include reviewed and merged pull requests, maintained high test coverage, published security advisories and resolved issues, updated documentation on json.nlohmann.me. (see JLS-36, 40, 41, 42, 43 and 44) - Criteria used to confirm that the processes were applied correctly - - **Answer**: + - **Answer**: The criteria are given in the documentation. (see JLS-36, 40, 41, 42, 43 and 44) - Review records for results - - **Answer**: + - **Answer**: Review records are provided by GitHub pull-request reviews and comments, issue and advisory discussions, release notes describing behavioural and documentation changes. (see JLS-36, 40, 41, 42, 43 and 44) **Confidence scoring** @@ -51,22 +51,22 @@ in comparison to the analysed results **Checklist** - Are the identified gaps documented clearly to justify using a manual process? - - **Answer**: + - **Answer**: Yes. Manual processes are introduced where automation is not feasible. - Are the goals for each process clearly defined? - - **Answer**: + - **Answer**: Yes. For the manual processes that were found the goals are clearly defined in the corresponding documentation. The goals include ensuring that user-facing documentation accurately reflect behavioural and API changes, correctly handling bug and vulnerability reports, and keeping the test suite at (or close to) 100% coverage for non-trivial changes. - Is the sequence of procedures documented in an unambiguous manner? - - **Answer**: + - **Answer**: Largely yes. Where necessary, examples and templates make the expected sequence explicit. - Can improvements to the processes be suggested and implemented? - - **Answer**: + - **Answer**: Improvements are proposed via GitHub issues or pull request. - How frequently are processes changed? - - **Answer**: + - **Answer**: Process changes are infrequent. - How are changes to manual processes communicated? - - **Answer**: + - **Answer**: Mostly, changes are communicated through updated documentation in the repository and release notes. - Are there any exceptions to the processes? - - **Answer**: + - **Answer**: Nothing that is known. - How is evidence of process adherence recorded? - - **Answer**: + - **Answer**: Evidence in GitHub; PR histories with reviews and passing checks, issue and advisory discussions, audit trails for documentation and test updates - How is the effectiveness of the process evaluated? - - **Answer**: + - **Answer**: Effectiveness is evaluated indirectly via stable releases, test coverage, and documentation quality. - Is ongoing training required to follow these processes? - - **Answer**: + - **Answer**: No formal training is required, but contributors are expected to be familiar with the contribution guidelines and security policy. From 5233b5cab08abd4da1fec96d414a7b29968e178f Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 07:51:21 +0000 Subject: [PATCH 19/29] fixed TA-CONFIDENCE --- TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md b/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md index 75698c1398..0e2d63d3da 100644 --- a/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md +++ b/TSF/trustable/assertions/TA-CONFIDENCE_CONTEXT.md @@ -38,8 +38,8 @@ scores given to Statements - What is the algorithm for combining/comparing the scores? - **Answer**: The algorithm behind the scoring in given in JLS-09 - How confident are we that this algorithm is fit for purpose? - - **Answer**: The scoring algorithm is still being reviewed by the SMEs involved in the TSF work and is aligned with the TSF methodology described (see also JLS-09). At the moment, the scores are based on only a small number of SME inputs and statistically robust results require a larger number of SME reviewers to profit from the law-of-large-numbers. + - **Answer**: We are confident that the scoring algorithm is fit for purpose and is aligned with the TSF methodology described (see also JLS-09). However, at the moment, the statements require a larger number of SME reviewers to profit from the law-of-large-numbers and arrive at statistically significant scores. - What are the trends for each score? - - **Answer**: At the moment we have only a very limited score history (essentially a single major scoring iteration), so we cannot yet derive meaningful long-term trends. The infrastructure to store historical scores (see JLS-20) is already in place. + - **Answer**: At the moment, there are no trends as all statements have the review-status 'unreviewed'. However, the infrastructure for saving history of scores is already in place (see JLS-20). - How well do our scores correlate with external feedback signals? - **Answer**: Such correlation can not be measured yet due to missing data. From c7852e191e63607c7f02f942a81d9eb8ab5d4da8 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 08:36:22 +0000 Subject: [PATCH 20/29] fixed TA-METHODOLOGIES --- .../assertions/TA-METHODOLOGIES_CONTEXT.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md index 83aa2b0a91..88b6a0da05 100644 --- a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md +++ b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md @@ -31,15 +31,15 @@ Any resulting changes from reviews must follow change control, regardless of who **Evidence** - Manual process documentation - - **Answer**: Manual processes relevant for nlohmann/json are documented in several places, (see JLS-36, 40, 41, 42, 43 and 44) + - **Answer**: Manual processes relevant for nlohmann/json have been identified and documented (see JLS-36, 40, 41, 42, 43 and 44). - References to methodologies applied as part of these processes - - **Answer**: The corresponding references are given for each statement. (see JLS-36, 40, 41, 42, 43 and 44) + - **Answer**: The corresponding references are given for each statement (see JLS-36, 40, 41, 42, 43 and 44). - Results of applying the processes - - **Answer**: Results include reviewed and merged pull requests, maintained high test coverage, published security advisories and resolved issues, updated documentation on json.nlohmann.me. (see JLS-36, 40, 41, 42, 43 and 44) + - **Answer**: Results include reviewed and merged pull requests, maintained high test coverage, published security advisories and resolved issues, updated documentation on json.nlohmann.me (see JLS-36, 40, 41, 42, 43 and 44). - Criteria used to confirm that the processes were applied correctly - - **Answer**: The criteria are given in the documentation. (see JLS-36, 40, 41, 42, 43 and 44) + - **Answer**: The criteria are given in the documentation (see JLS-36, 40, 41, 42, 43 and 44). - Review records for results - - **Answer**: Review records are provided by GitHub pull-request reviews and comments, issue and advisory discussions, release notes describing behavioural and documentation changes. (see JLS-36, 40, 41, 42, 43 and 44) + - **Answer**: Review records are provided by GitHub pull-request reviews and comments, issue and advisory discussions, as well as release notes describing behavioural and documentation changes (see JLS-36, 40, 41, 42, 43 and 44). **Confidence scoring** @@ -51,7 +51,7 @@ in comparison to the analysed results **Checklist** - Are the identified gaps documented clearly to justify using a manual process? - - **Answer**: Yes. Manual processes are introduced where automation is not feasible. + - **Answer**: Manual processes are introduced where automation is not feasible and are clearly documented. While no explicit justification for each manual step is provide, the rationale is generally clear from the surrounding context. - Are the goals for each process clearly defined? - **Answer**: Yes. For the manual processes that were found the goals are clearly defined in the corresponding documentation. The goals include ensuring that user-facing documentation accurately reflect behavioural and API changes, correctly handling bug and vulnerability reports, and keeping the test suite at (or close to) 100% coverage for non-trivial changes. - Is the sequence of procedures documented in an unambiguous manner? @@ -59,7 +59,7 @@ in comparison to the analysed results - Can improvements to the processes be suggested and implemented? - **Answer**: Improvements are proposed via GitHub issues or pull request. - How frequently are processes changed? - - **Answer**: Process changes are infrequent. + - **Answer**: Process changes are infrequent and usually happen with a new nlohmann/json release, when a need for improvement is identified. - How are changes to manual processes communicated? - **Answer**: Mostly, changes are communicated through updated documentation in the repository and release notes. - Are there any exceptions to the processes? From 1b64c60901545c2f98ad3a84ef4ad406519213e5 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 09:00:01 +0000 Subject: [PATCH 21/29] . --- TSF/trustable/statements/JLS-36.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-36.md b/TSF/trustable/statements/JLS-36.md index 3e19d6b585..82ff77e28c 100644 --- a/TSF/trustable/statements/JLS-36.md +++ b/TSF/trustable/statements/JLS-36.md @@ -7,4 +7,4 @@ references: description: "release management and update process description" --- -Updates of the eclipse-score/inc_nlohmann_json repository are carried out in accordance with the defined and documented update process in TSF/README.md +Updates of the eclipse-score/inc_nlohmann_json repository are carried out in accordance with the defined and documented update process in TSF/README.md. From 4c8d15f81e7d63eb9a511a3331a4bf3178c665e6 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 09:23:32 +0000 Subject: [PATCH 22/29] corrected JLS-13 --- TSF/trustable/statements/JLS-13.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-13.md b/TSF/trustable/statements/JLS-13.md index f2834cc660..24efa898cd 100644 --- a/TSF/trustable/statements/JLS-13.md +++ b/TSF/trustable/statements/JLS-13.md @@ -20,4 +20,4 @@ evidence: - "https://github.com/nlohmann/json/releases" --- -For changes that affect the behaviour or public API of the nlohmann/json library, contributors manually update the library documentation and regenerate the json.nlohmann.me documentation site. \ No newline at end of file +For changes that affect the behaviour or public API of the nlohmann/json library, contributors manually update the library documentation and locally rebuild it for verification. \ No newline at end of file From b4d2d545f1bcf9debb1f12bb7fbe4a045c5b0344 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 09:58:36 +0000 Subject: [PATCH 23/29] typo --- TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md index 88b6a0da05..46a2a11b19 100644 --- a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md +++ b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md @@ -51,7 +51,7 @@ in comparison to the analysed results **Checklist** - Are the identified gaps documented clearly to justify using a manual process? - - **Answer**: Manual processes are introduced where automation is not feasible and are clearly documented. While no explicit justification for each manual step is provide, the rationale is generally clear from the surrounding context. + - **Answer**: Manual processes are introduced where automation is not feasible and are clearly documented. While no explicit justification for each manual step is provided, the rationale is generally clear from the surrounding context. - Are the goals for each process clearly defined? - **Answer**: Yes. For the manual processes that were found the goals are clearly defined in the corresponding documentation. The goals include ensuring that user-facing documentation accurately reflect behavioural and API changes, correctly handling bug and vulnerability reports, and keeping the test suite at (or close to) 100% coverage for non-trivial changes. - Is the sequence of procedures documented in an unambiguous manner? From 697180f177f92e0299c70bfe0ddb273dda6d85b3 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 10:26:47 +0000 Subject: [PATCH 24/29] added new reference to JLS-08 --- TSF/trustable/statements/JLS-08.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index cedee38c3f..a2f2c4da78 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -5,6 +5,9 @@ references: - type: web_content url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/dashboard.html#summary" description: "Dashboard showing distributions of evidence scores and SME (subject-matter expert) scores." + - type: web_content + url: "https://score-json.github.io/json/main/generated/trustable_report_for_Software.html" + description: "Trustable Compliance Report showing scores for statements." - type: web_content url: "https://codethinklabs.gitlab.io/trustable/trustable/methodology.html#documenting-assumptions" description: "Definition of Assumptions as part of the methodology" From 0ccf8eb4657abe4d02ee535f6aca9b8d23450fb9 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 10:30:59 +0000 Subject: [PATCH 25/29] edited one answer of TA-Methodologies context file --- TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md index 46a2a11b19..48639a3a07 100644 --- a/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md +++ b/TSF/trustable/assertions/TA-METHODOLOGIES_CONTEXT.md @@ -63,7 +63,7 @@ in comparison to the analysed results - How are changes to manual processes communicated? - **Answer**: Mostly, changes are communicated through updated documentation in the repository and release notes. - Are there any exceptions to the processes? - - **Answer**: Nothing that is known. + - **Answer**: Known exceptions include automatic dependency updates from Dependabot as well as smaller trivial changes (such as fixing typos in documentation). These are exempted from having to manually create issues and explain the rationale behind the change. - How is evidence of process adherence recorded? - **Answer**: Evidence in GitHub; PR histories with reviews and passing checks, issue and advisory discussions, audit trails for documentation and test updates - How is the effectiveness of the process evaluated? From 4f61b66cba4ae31f07ee41cd2e5168a9931c3d3f Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 14:03:51 +0100 Subject: [PATCH 26/29] Update TSF/trustable/statements/JLS-08.md Co-authored-by: Erik Hu Signed-off-by: halnasri --- TSF/trustable/statements/JLS-08.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index a2f2c4da78..888a41a1e2 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -5,7 +5,7 @@ references: - type: web_content url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/dashboard.html#summary" description: "Dashboard showing distributions of evidence scores and SME (subject-matter expert) scores." - - type: web_content + - type: project_website url: "https://score-json.github.io/json/main/generated/trustable_report_for_Software.html" description: "Trustable Compliance Report showing scores for statements." - type: web_content From 6e16dfdc4fe2609754a6d77023e8d36695add521 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 14:04:01 +0100 Subject: [PATCH 27/29] Update TSF/trustable/statements/JLS-08.md Co-authored-by: Erik Hu Signed-off-by: halnasri --- TSF/trustable/statements/JLS-08.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index 888a41a1e2..40de015a82 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -6,7 +6,7 @@ references: url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/dashboard.html#summary" description: "Dashboard showing distributions of evidence scores and SME (subject-matter expert) scores." - type: project_website - url: "https://score-json.github.io/json/main/generated/trustable_report_for_Software.html" + url: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_report_for_Software.html" description: "Trustable Compliance Report showing scores for statements." - type: web_content url: "https://codethinklabs.gitlab.io/trustable/trustable/methodology.html#documenting-assumptions" From 6490bb9c5babbbe52d5d92184a921e23228df420 Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 14:31:05 +0100 Subject: [PATCH 28/29] Add https evidence Added evidence configuration for response time and URL. Signed-off-by: halnasri --- TSF/trustable/statements/JLS-08.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index 40de015a82..0706682075 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -11,6 +11,12 @@ references: - type: web_content url: "https://codethinklabs.gitlab.io/trustable/trustable/methodology.html#documenting-assumptions" description: "Definition of Assumptions as part of the methodology" +evidence: + type: https_response_time + configuration: + target: 2.0 + urls: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_report_for_Software.html" + - --- Each leaf node in the Trustable Graph that is not an Assumption-of-Use (AoU) is scored either based on SME review(s) alone or on a combination of SME review(s) and an automatic validator. From 84e6ef35143b0ae74197fe691e30b4be628caa4b Mon Sep 17 00:00:00 2001 From: halnasri Date: Tue, 25 Nov 2025 14:32:06 +0100 Subject: [PATCH 29/29] Fix formatting in JLS-08.md Signed-off-by: halnasri --- TSF/trustable/statements/JLS-08.md | 1 - 1 file changed, 1 deletion(-) diff --git a/TSF/trustable/statements/JLS-08.md b/TSF/trustable/statements/JLS-08.md index 0706682075..f572037559 100644 --- a/TSF/trustable/statements/JLS-08.md +++ b/TSF/trustable/statements/JLS-08.md @@ -16,7 +16,6 @@ evidence: configuration: target: 2.0 urls: "https://eclipse-score.github.io/inc_nlohmann_json/main/generated/trustable_report_for_Software.html" - - --- Each leaf node in the Trustable Graph that is not an Assumption-of-Use (AoU) is scored either based on SME review(s) alone or on a combination of SME review(s) and an automatic validator.