Erikhu1 new tsf items #125
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LucaFgr
requested changes
Nov 7, 2025
github-actions
bot
added
M
L
documentation
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
LucaFgr
reviewed
Nov 10, 2025
Erikhu1
force-pushed
the
erikhu1-new_tsf_items
branch
from
b9307e3 to
d8049c2
Compare
Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com>
LucaFgr
reviewed
Nov 11, 2025
LucaFgr
reviewed
Nov 11, 2025
Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Erikhu1
requested review from
LucaFgr
and removed request for
aschemmel-tech
halnasri
reviewed
Nov 11, 2025
LucaFgr
reviewed
Nov 12, 2025
LucaFgr
reviewed
Nov 12, 2025
halnasri
reviewed
Nov 12, 2025
LucaFgr
approved these changes
Nov 12, 2025
halnasri
approved these changes
Nov 12, 2025
Erikhu1
added a commit
that referenced
this pull request
Nov 12, 2025
* change AOU-27 * add new statements * update JLS-05 * add release notes reference to JLS-05 * remove internal comment * separate CVE triaging into own statement * update JLS-05 * name specific branch instead of default * split JLS-06 * fix typos * remove unnecessary evidence config * change reference type of release notes * update JLS-19 * specify repo * update JLS-05 * update JLS-06 and JLS-35 * delete non ta-constraints AOU links * Update TSF/trustable/statements/JLS-05.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-11.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-19.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-28.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-29.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-30.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-31.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-32.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-33.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * add some references and scores * remove comment * update aou-29 * fix test_str_include_list test reference * add reference to JLS-25 * add reference to JLS-02 * add reference to JLS-06 * update JLS-26 * add reference to JLS-29 * add reference to JLS-30 * update score for JLS-30 * update JLS-35 * Update TSF/trustable/statements/JLS-28.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-29.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-30.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * remove duplicate statement * Update TSF/trustable/statements/JLS-29.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * add statement for SAST * add link for JLS-34 * add score on JLS-32 * add score on JLS-33 * add score on JLS-34 * update JLS-26 * fix typo * add missing quotation marks --------- Signed-off-by: Erik Hu <erik.hu@d-fine.com> Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Erikhu1
added a commit
that referenced
this pull request
Nov 14, 2025
* enhaced doc in concept.rst * enhanced documentation of the scoring * review comments fixed and Example claculating graph added * Added AOUs to TA-CONSTRAINTS * add CI workflow for checking SME reviews (#110) * add CI workflow for checking SME reviews * give pull request read permission * fix indentation * fix typo * fix typo * fix artifact collection trigger * reformulate JLS-05 * removed AOUs from non-TA-CONSTRAINTS links * align with current state of working branch * again * enhaced doc in concept.rst * enhanced documentation of the scoring * review comments fixed and Example claculating graph added * unfinished commit * Adapted overall statement formulation * remove WFJ-12 whitespace * Added "provided by nlohmann/json" to WFJ-07 * removed "library" from TA-METHODOLOGIES * Added nlohmann/json to TT-CONSTRUCTION * fix typo in NPF-01 * fixed score -> score-json in TT-CONFIDENCE * Clarify reference to nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify confidence measurement in nlohmann/json Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Fix typo in TA-FIXES.md regarding repository name Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reference to nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Fix typo in TA-ITERATIONS.md Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Fix typo in TA-ITERATIONS.md Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reference to nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reference to nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify release construction for nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify source mirroring for nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reference to nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update wording for nlohmann/json library reference Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reporting of score-json implementation issues Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify dependency storage requirements for nlohmann/json Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reference to nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify usage of nlohmann/json library in AOU-19 Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify wording on bug review for nlohmann/json Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reference to nlohmann/json library Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify service name in NJF-02.md Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify reference to nlohmann/json library in NJF-03 Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Clarify service description in NJF-04.md Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * changed "service provided by" convention * Fix reference to score-json in AOU-08.md Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/statements/JLS-24.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/tenets/TT-CHANGES.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/tenets/TT-RESULTS.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/tenets/TT-PROVENANCE.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/tenets/TT-EXPECTATIONS.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/tenets/TT-CONSTRUCTION.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/tenets/TT-CONFIDENCE.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/statements/JLS-25.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update JLS-14.md Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Fix merge conflict in JLS-05.md Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Update TSF/trustable/assumptions-of-use/AOU-17.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Implemented custom include_list reference * Removed JLS-27 and its link, added JLS-34 and its link to TA-FIXES * added README documentation for IncludeListReference * changed __str__ method of IncludeListReference to more descriptive title * removed method doc for as_markdown in IncludeListReference * changed __str__ of IncludeListReference * reworked content method in IncludeListReference * small change to README * Update TSF/trustable/statements/JLS-34.md Co-authored-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: Luca Füger <luca.fueger@d-fine.com> * Erikhu1 new tsf items (#125) * change AOU-27 * add new statements * update JLS-05 * add release notes reference to JLS-05 * remove internal comment * separate CVE triaging into own statement * update JLS-05 * name specific branch instead of default * split JLS-06 * fix typos * remove unnecessary evidence config * change reference type of release notes * update JLS-19 * specify repo * update JLS-05 * update JLS-06 and JLS-35 * delete non ta-constraints AOU links * Update TSF/trustable/statements/JLS-05.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-11.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-19.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-28.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-29.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-30.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-31.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-32.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-33.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * add some references and scores * remove comment * update aou-29 * fix test_str_include_list test reference * add reference to JLS-25 * add reference to JLS-02 * add reference to JLS-06 * update JLS-26 * add reference to JLS-29 * add reference to JLS-30 * update score for JLS-30 * update JLS-35 * Update TSF/trustable/statements/JLS-28.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-29.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * Update TSF/trustable/statements/JLS-30.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * remove duplicate statement * Update TSF/trustable/statements/JLS-29.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> * add statement for SAST * add link for JLS-34 * add score on JLS-32 * add score on JLS-33 * add score on JLS-34 * update JLS-26 * fix typo * add missing quotation marks --------- Signed-off-by: Erik Hu <erik.hu@d-fine.com> Co-authored-by: Luca Füger <luca.fueger@d-fine.com> * delete unused items * fix post create script * fix typos * re-add JLS-27 * remove duplicated tests * update concept section * clean up * corrected on item in the table and change the example in the graph * fix typos in concept * score --> trustable score * .png --> .svg * 0.81 # Conflicts: # TSF/docs/score_calculation_example.svg * add support of fork PRs * newline EOF * fix typo * add reference to JLS-30 * add reference to JLS-11 * change repo names * fix typo * reformulate AOU-05 * clarify AOU-10 * update JLS-01 * update JLS-35 * update JLS-35 * udpate JLS-05 * add evidence to JLS-07 * update JLS-12 * Changed all statement occurrences of score-json to eclipse-score/inc_nlohmann_json * Restored JLS-05 and JLS-27 tto pre-commit state * fix typo * Update TSF/trustable/no-json-faults/NJF-06.6.0.md Co-authored-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> --------- Signed-off-by: Luca Füger <luca.fueger@d-fine.com> Signed-off-by: Erik Hu <erik.hu@d-fine.com> Signed-off-by: halnasri <hatem.alnasri@d-fine.com> Co-authored-by: halnasri <hatem.alnasri@d-fine.com> Co-authored-by: Luca <luca.fueger@d-fine.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Derive new statements from the lists of suggested evidence from codethink which do not fit into any of the already existing statements.