Resolve code scanning alerts (#13)

* Halnasri resolve tt confidence feedback (#21)

* Resolve TT-CHANGES feedback (nlohmann#115)

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* Added AOUs to TA-CONSTRAINTS

* add CI workflow for checking SME reviews (nlohmann#110)

* add CI workflow for checking SME reviews

* give pull request read permission

* fix indentation

* fix typo

* fix typo

* fix artifact collection trigger

* reformulate JLS-05

* removed AOUs from non-TA-CONSTRAINTS links

* align with current state of working branch

* again

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* unfinished commit

* Adapted overall statement formulation

* remove WFJ-12 whitespace

* Added "provided by nlohmann/json" to WFJ-07

* removed "library" from TA-METHODOLOGIES

* Added nlohmann/json to TT-CONSTRUCTION

* fix typo in NPF-01

* fixed score -> score-json in TT-CONFIDENCE

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify confidence measurement in nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-FIXES.md regarding repository name

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify release construction for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify source mirroring for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update wording for nlohmann/json library reference

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reporting of score-json implementation issues

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify dependency storage requirements for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify usage of nlohmann/json library in AOU-19

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify wording on bug review for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service name in NJF-02.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library in NJF-03

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service description in NJF-04.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* changed "service provided by" convention

* Fix reference to score-json in AOU-08.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-24.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CHANGES.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-RESULTS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-PROVENANCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-EXPECTATIONS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONSTRUCTION.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONFIDENCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-25.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update JLS-14.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix merge conflict in JLS-05.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assumptions-of-use/AOU-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Implemented custom include_list reference

* Removed JLS-27 and its link, added  JLS-34 and its link to TA-FIXES

* added README documentation for IncludeListReference

* changed __str__ method of IncludeListReference to more descriptive title

* removed method doc for as_markdown in IncludeListReference

* changed __str__ of IncludeListReference

* reworked content method in IncludeListReference

* small change to README

* Update TSF/trustable/statements/JLS-34.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Erikhu1 new tsf items (nlohmann#125)

* change AOU-27

* add new statements

* update JLS-05

* add release notes reference to JLS-05

* remove internal comment

* separate CVE triaging into own statement

* update JLS-05

* name specific branch instead of default

* split JLS-06

* fix typos

* remove unnecessary evidence config

* change reference type of release notes

* update JLS-19

* specify repo

* update JLS-05

* update JLS-06 and JLS-35

* delete non ta-constraints AOU links

* Update TSF/trustable/statements/JLS-05.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-11.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-19.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-31.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-32.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-33.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add some references and scores

* remove comment

* update aou-29

* fix test_str_include_list test reference

* add reference to JLS-25

* add reference to JLS-02

* add reference to JLS-06

* update JLS-26

* add reference to JLS-29

* add reference to JLS-30

* update score for JLS-30

* update JLS-35

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* remove duplicate statement

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add statement for SAST

* add link for JLS-34

* add score on JLS-32

* add score on JLS-33

* add score on JLS-34

* update JLS-26

* fix typo

* add missing quotation marks

---------

Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: Luca Füger <luca.fueger@d-fine.com>

* delete unused items

* fix post create script

* fix typos

* re-add JLS-27

* remove duplicated tests

* update concept section

* clean up

* corrected on item in the table and change the example in the graph

* fix typos in concept

* score --> trustable score

* .png --> .svg

* 0.81

# Conflicts:
#	TSF/docs/score_calculation_example.svg

* add support of fork PRs

* newline EOF

* fix typo

* add reference to JLS-30

* add reference to JLS-11

* change repo names

* fix typo

* reformulate AOU-05

* clarify AOU-10

* update JLS-01

* update JLS-35

* update JLS-35

* udpate JLS-05

* add evidence to JLS-07

* update JLS-12

* Changed all statement occurrences of score-json to eclipse-score/inc_nlohmann_json

* Restored JLS-05 and JLS-27 tto pre-commit state

* fix typo

* Update TSF/trustable/no-json-faults/NJF-06.6.0.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>

* add context files (#5)

* add context files

* remove references to checklist files

* add answer fields

* explain component evidence

* cleanup

* update to trudag v2025.10.22 (#4)

* update to trudag v2025.10.22

* upgrade pip

* upgrade pip in test_publication workflow

* pip install requests

* adding new statements to TA-METHODOLOGIES and fixing statements from TA-CONFIDENCE

* added references to JLS 40 and 42

* Update TSF/trustable/statements/JLS-43.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-42.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-37.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-09.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* changed JLS08 to be more clear

* corrected the statement of JLS-37

* corrected the statement of JLS-41

* corrected the file path in JLS-36

* reformulated the statement JLS-41

* split the statement of JLS-40 into tow

* only one valitator

* more clear statement in JLS-41

* '

* added a reference to JLS-13 and reformulated the statement

* added answers to the evidence lists and to the checklists of TA-CONFIDENCE and TA-METHODOLOGIES

* fixed TA-CONFIDENCE

* fixed TA-METHODOLOGIES

* .

* corrected JLS-13

* typo

* added new reference to JLS-08

* edited one answer of TA-Methodologies context file

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Add https evidence 

Added evidence configuration for response time and URL.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix formatting in JLS-08.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Re add AOU-30

Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>

* Resolve TT-CONSTRUCTION Feedback (#23)

* Moving changes from json to inc_nlohmann_json

* Added checklist and evidence for TA-RELEASES

* Worked through TA-Iterations checklist and evidence

* added checklist and evidence for TA-TESTS

* fix smaller details

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* resolved "binary" checklist points

* Added JLS-52

* added references for newly created JLS-52

* Update TSF/trustable/statements/JLS-52.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* added verbose file reference to JLS-51

* Update TSF/trustable/statements/JLS-51.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* deleted AOU-08 checklist references

* added JLS-51 link to TA-ITERATIONS, removed link to TA-RELEASES

* deleted JLS-21 including its links

* deleted JLS-21

* removed link TA-ITERATIONS -> JLS-51

* filled in JLS-53

* comments

* added TA-Releases checklist answer

* changed target to target_seconds

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* fixes for JLS-16

* adapted JLS-53 formulation

* fix for JLS-16

* Added item reference to JLS-53

* Update TA-RELEASES_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* created further statements

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added link from JLS-53 to JLS-14 and restructured JLS-52

* Provided evidence for JLS-63

* changed JLS-52, JLS-64 and JLS-65 formulation

* smaller changes

* Added references to JLS-65

* changed JLS-63 reference types

* ...

* completed JLS-64

* adding response time validator to JLS-64

* specifying remaining TODOs

* Specify remaining work #2

* deleted JLS-66

* reworked JLS-62 and deleted 46 and 66

* adapted TA-TESTS_CONTEXT

* fixed JLS-62

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-16.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added non_reproducible_tests and its reference to JLS-62

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: LucaFgr <luca.fueger@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* Erikhu1 add missing links (nlohmann#25)

* add missing links

* fix faulty reference

* Reference corrections (#19)

* link TA-BEHAVIOURS to JLS-27 (#9)

* update JLS-01

* update JLS-05

* update JLS-11

* update JLS-12

* update JLS-29

* update JLS-30

* update JLS-35

* remove duplicate link

* Resolve TT-PROVENANCE Feedback (#14)

* added checklist items to TA_INPUTS

* move TSF instructions

* add JLS-47 and link TA-INPUTS to JLS-34

* create JLS-48

* update TA-INPUTS context

* update TA-INPUTS context

* add JLS-49

* update inputs context

* pin third party tools list to 3.12.0

* add JLS-50 and assessment of third party tools

* update TA-INPUTS context

* add reference to JLS-49

* link TA-RELEASES -> JLS-49

* Enhance third-party tools assessment documentation (#18)

* Enhance third-party tools assessment documentation

Expanded the assessment details for various third-party tools used in nlohmann/json

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance documentation for third-party tools assessment 2

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance third-party tools assessment details 3

Added comprehensive descriptions for Hedley, lcov, libFuzzer, Material for MkDocs, MkDocs, OSS-Fuzz, Probot, and Valgrind.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Revise risk categorization and tool assessment details

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* small fixes

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

typos

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* rename link

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo -

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance OSS-Fuzz section with issue links

Updated the OSS-Fuzz role description to include links to specific GitHub issues.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>

* add links from TA-SUPPLYCHAIN

* add answer to supply chain context

* remove dead link

* create JLS-66

* link JLS-66

* finish answer SUPPLY_CHAIN context

* misc fixes

* misc fixes

* misc fixes

* Update TSF/trustable/assertions/TA-SUPPLY_CHAIN_CONTEXT.md

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* misc fixes

* update JLS-49

* Update TSF/README.md

Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: erikhu1 <erik.hu@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* halnasri-Revisit TT-RESULTS (#17)

* revisit TT-RESULTS

* rebase

* resolve conflict

* fixing some typos

* AoU --> AOU

* reformulated JLS-22 and completed the checklist of TA-DATA

* Update TSF/trustable/statements/JLS-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in 'misbehaviours' in documentation

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in file path for nlohmann misbehaviours

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Clarify answers in TA-ANALYSIS_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* adress comment of TA-DATA context file

* fixed some issues in the TA-ANALYSIS context file

* typo in JLS-17

* added a reference to TA-ANALYSIS_CONTEXT.md

* added some answers to the checklist of TA-VALIDATION

* fix typos

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* added one answer to the TA-VALIDATION and fixed typos

* answered checklist questions of TA-VALIDATION

* reformulated JLS-17 and added the failure rate analysis

* fix some checklist questions

* typo

* typos

* typos and rewrite JLS 17

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* added TA-Releases -> JLS-53 link (nlohmann#27)

Co-authored-by: LucaFgr <luca.fueger@d-fine.com>

* bump urllib3 version from 2.5.0 to 2.6.0 (nlohmann#26)

* bump urllib3 version from 2.5.0 to 2.6.0

* nitpick EOF line

* Erikhu1 sync with prod (nlohmann#31)

* Adding scores for TT-Changes

* fix validators function signature

* add new trudag dependencies

* set review status of reviewed items again

* fix outdated dependency

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>

* Halnasri fix statements (nlohmann#30)

* fix JLS-08

* fix JLS-08 and JLS-10

* fix JLS-20

* fix JLS-11 and JLS-28

* fix JLS-16

* 2.0 --> 2

* Update JLS-11

* fix JLS-27

* fix JLS-65

* fix JLS-63

* added JLS-19 to build instructions

* lcov and coverity

* added clang-tidy

* removed one validator from JLS-16

* fix lcov and coverity part

* edited reference type for scorecard and inrospector

* fix JLS-02

* Removed multiple validators from statements by splitting them up (nlohmann#35)

* removed multiple validators from statements by splitting them up

* removed combinator validator

* fix JLS-11

* Update TSF/trustable/statements/JLS-58.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* newline EOF

* readded scores for JLS-11

---------

Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: LucaFgr <luca.fueger@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>

* Erikhu1 sync with prod (nlohmann#38)

* Adding scores for TT-Changes

* Update 4 trustable tenets (#9)

* Halnasri resolve tt confidence feedback (#21)

* Resolve TT-CHANGES feedback (nlohmann#115)

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* Added AOUs to TA-CONSTRAINTS

* add CI workflow for checking SME reviews (nlohmann#110)

* add CI workflow for checking SME reviews

* give pull request read permission

* fix indentation

* fix typo

* fix typo

* fix artifact collection trigger

* reformulate JLS-05

* removed AOUs from non-TA-CONSTRAINTS links

* align with current state of working branch

* again

* enhaced doc in concept.rst

* enhanced documentation of the scoring

* review comments fixed and Example claculating graph added

* unfinished commit

* Adapted overall statement formulation

* remove WFJ-12 whitespace

* Added "provided by nlohmann/json" to WFJ-07

* removed "library" from TA-METHODOLOGIES

* Added nlohmann/json to TT-CONSTRUCTION

* fix typo in NPF-01

* fixed score -> score-json in TT-CONFIDENCE

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify confidence measurement in nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-FIXES.md regarding repository name

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix typo in TA-ITERATIONS.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify release construction for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify source mirroring for nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update wording for nlohmann/json library reference

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reporting of score-json implementation issues

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify dependency storage requirements for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify usage of nlohmann/json library in AOU-19

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify wording on bug review for nlohmann/json

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service name in NJF-02.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify reference to nlohmann/json library in NJF-03

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Clarify service description in NJF-04.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* changed "service provided by" convention

* Fix reference to score-json in AOU-08.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-24.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CHANGES.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-RESULTS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-PROVENANCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-EXPECTATIONS.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONSTRUCTION.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/tenets/TT-CONFIDENCE.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/statements/JLS-25.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update JLS-14.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Fix merge conflict in JLS-05.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assumptions-of-use/AOU-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Implemented custom include_list reference

* Removed JLS-27 and its link, added  JLS-34 and its link to TA-FIXES

* added README documentation for IncludeListReference

* changed __str__ method of IncludeListReference to more descriptive title

* removed method doc for as_markdown in IncludeListReference

* changed __str__ of IncludeListReference

* reworked content method in IncludeListReference

* small change to README

* Update TSF/trustable/statements/JLS-34.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Erikhu1 new tsf items (nlohmann#125)

* change AOU-27

* add new statements

* update JLS-05

* add release notes reference to JLS-05

* remove internal comment

* separate CVE triaging into own statement

* update JLS-05

* name specific branch instead of default

* split JLS-06

* fix typos

* remove unnecessary evidence config

* change reference type of release notes

* update JLS-19

* specify repo

* update JLS-05

* update JLS-06 and JLS-35

* delete non ta-constraints AOU links

* Update TSF/trustable/statements/JLS-05.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-11.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-19.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-31.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-32.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-33.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add some references and scores

* remove comment

* update aou-29

* fix test_str_include_list test reference

* add reference to JLS-25

* add reference to JLS-02

* add reference to JLS-06

* update JLS-26

* add reference to JLS-29

* add reference to JLS-30

* update score for JLS-30

* update JLS-35

* Update TSF/trustable/statements/JLS-28.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* Update TSF/trustable/statements/JLS-30.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* remove duplicate statement

* Update TSF/trustable/statements/JLS-29.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* add statement for SAST

* add link for JLS-34

* add score on JLS-32

* add score on JLS-33

* add score on JLS-34

* update JLS-26

* fix typo

* add missing quotation marks

---------

Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: Luca Füger <luca.fueger@d-fine.com>

* delete unused items

* fix post create script

* fix typos

* re-add JLS-27

* remove duplicated tests

* update concept section

* clean up

* corrected on item in the table and change the example in the graph

* fix typos in concept

* score --> trustable score

* .png --> .svg

* 0.81

# Conflicts:
#	TSF/docs/score_calculation_example.svg

* add support of fork PRs

* newline EOF

* fix typo

* add reference to JLS-30

* add reference to JLS-11

* change repo names

* fix typo

* reformulate AOU-05

* clarify AOU-10

* update JLS-01

* update JLS-35

* update JLS-35

* udpate JLS-05

* add evidence to JLS-07

* update JLS-12

* Changed all statement occurrences of score-json to eclipse-score/inc_nlohmann_json

* Restored JLS-05 and JLS-27 tto pre-commit state

* fix typo

* Update TSF/trustable/no-json-faults/NJF-06.6.0.md

Co-authored-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>

* add context files (#5)

* add context files

* remove references to checklist files

* add answer fields

* explain component evidence

* cleanup

* update to trudag v2025.10.22 (#4)

* update to trudag v2025.10.22

* upgrade pip

* upgrade pip in test_publication workflow

* pip install requests

* adding new statements to TA-METHODOLOGIES and fixing statements from TA-CONFIDENCE

* added references to JLS 40 and 42

* Update TSF/trustable/statements/JLS-43.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-42.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-37.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-09.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* changed JLS08 to be more clear

* corrected the statement of JLS-37

* corrected the statement of JLS-41

* corrected the file path in JLS-36

* reformulated the statement JLS-41

* split the statement of JLS-40 into tow

* only one valitator

* more clear statement in JLS-41

* '

* added a reference to JLS-13 and reformulated the statement

* added answers to the evidence lists and to the checklists of TA-CONFIDENCE and TA-METHODOLOGIES

* fixed TA-CONFIDENCE

* fixed TA-METHODOLOGIES

* .

* corrected JLS-13

* typo

* added new reference to JLS-08

* edited one answer of TA-Methodologies context file

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/statements/JLS-08.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Add https evidence 

Added evidence configuration for response time and URL.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix formatting in JLS-08.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Re add AOU-30

Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>

* Resolve TT-CONSTRUCTION Feedback (#23)

* Moving changes from json to inc_nlohmann_json

* Added checklist and evidence for TA-RELEASES

* Worked through TA-Iterations checklist and evidence

* added checklist and evidence for TA-TESTS

* fix smaller details

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-ITERATIONS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* resolved "binary" checklist points

* Added JLS-52

* added references for newly created JLS-52

* Update TSF/trustable/statements/JLS-52.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* added verbose file reference to JLS-51

* Update TSF/trustable/statements/JLS-51.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* deleted AOU-08 checklist references

* added JLS-51 link to TA-ITERATIONS, removed link to TA-RELEASES

* deleted JLS-21 including its links

* deleted JLS-21

* removed link TA-ITERATIONS -> JLS-51

* filled in JLS-53

* comments

* added TA-Releases checklist answer

* changed target to target_seconds

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>

* fixes for JLS-16

* adapted JLS-53 formulation

* fix for JLS-16

* Added item reference to JLS-53

* Update TA-RELEASES_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* created further statements

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-61.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added link from JLS-53 to JLS-14 and restructured JLS-52

* Provided evidence for JLS-63

* changed JLS-52, JLS-64 and JLS-65 formulation

* smaller changes

* Added references to JLS-65

* changed JLS-63 reference types

* ...

* completed JLS-64

* adding response time validator to JLS-64

* specifying remaining TODOs

* Specify remaining work #2

* deleted JLS-66

* reworked JLS-62 and deleted 46 and 66

* adapted TA-TESTS_CONTEXT

* fixed JLS-62

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/assertions/TA-RELEASES_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* Update TSF/trustable/statements/JLS-16.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>

* added non_reproducible_tests and its reference to JLS-62

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: LucaFgr <luca.fueger@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* Erikhu1 add missing links (nlohmann#25)

* add missing links

* fix faulty reference

* Reference corrections (#19)

* link TA-BEHAVIOURS to JLS-27 (#9)

* update JLS-01

* update JLS-05

* update JLS-11

* update JLS-12

* update JLS-29

* update JLS-30

* update JLS-35

* remove duplicate link

* Resolve TT-PROVENANCE Feedback (#14)

* added checklist items to TA_INPUTS

* move TSF instructions

* add JLS-47 and link TA-INPUTS to JLS-34

* create JLS-48

* update TA-INPUTS context

* update TA-INPUTS context

* add JLS-49

* update inputs context

* pin third party tools list to 3.12.0

* add JLS-50 and assessment of third party tools

* update TA-INPUTS context

* add reference to JLS-49

* link TA-RELEASES -> JLS-49

* Enhance third-party tools assessment documentation (#18)

* Enhance third-party tools assessment documentation

Expanded the assessment details for various third-party tools used in nlohmann/json

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance documentation for third-party tools assessment 2

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance third-party tools assessment details 3

Added comprehensive descriptions for Hedley, lcov, libFuzzer, Material for MkDocs, MkDocs, OSS-Fuzz, Probot, and Valgrind.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Revise risk categorization and tool assessment details

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* small fixes

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/docs/third_party_tools_assessment.md

typos

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* rename link

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* typo -

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Enhance OSS-Fuzz section with issue links

Updated the OSS-Fuzz role description to include links to specific GitHub issues.

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>

* add links from TA-SUPPLYCHAIN

* add answer to supply chain context

* remove dead link

* create JLS-66

* link JLS-66

* finish answer SUPPLY_CHAIN context

* misc fixes

* misc fixes

* misc fixes

* Update TSF/trustable/assertions/TA-SUPPLY_CHAIN_CONTEXT.md

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

* misc fixes

* update JLS-49

* Update TSF/README.md

Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: erikhu1 <erik.hu@d-fine.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* halnasri-Revisit TT-RESULTS (#17)

* revisit TT-RESULTS

* rebase

* resolve conflict

* fixing some typos

* AoU --> AOU

* reformulated JLS-22 and completed the checklist of TA-DATA

* Update TSF/trustable/statements/JLS-17.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in 'misbehaviours' in documentation

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Fix typo in file path for nlohmann misbehaviours

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Clarify answers in TA-ANALYSIS_CONTEXT.md

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* adress comment of TA-DATA context file

* fixed some issues in the TA-ANALYSIS context file

* typo in JLS-17

* added a reference to TA-ANALYSIS_CONTEXT.md

* added some answers to the checklist of TA-VALIDATION

* fix typos

Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* added one answer to the TA-VALIDATION and fixed typos

* answered checklist questions of TA-VALIDATION

* reformulated JLS-17 and added the failure rate analysis

* fix some checklist questions

* typo

* typos

* typos and rewrite JLS 17

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* Update TSF/trustable/assertions/TA-ANALYSIS_CONTEXT.md

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

* link formating

Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Erik Hu <erik.hu@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>

* added TA-Releases -> JLS-53 link (nlohmann#27)

Co-authored-by: LucaFgr <luca.fueger@d-fine.com>

* bump urllib3 version from 2.5.0 to 2.6.0 (nlohmann#26)

* bump urllib3 version from 2.5.0 to 2.6.0

* nitpick EOF line

* Erikhu1 sync with prod (nlohmann#31) (nlohmann#32)

* Adding scores for TT-Changes

* fix validators function signature

* add new trudag dependencies

* set review status of reviewed items again

* fix outdated dependency

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>

* Halnasri fix statements (nlohmann#34)

* Erikhu1 sync with prod (nlohmann#31)

* Adding scores for TT-Changes

* fix validators function signature

* add new trudag dependencies

* set review status of reviewed items again

* fix outdated dependency

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>

* fix JLS-08

* fix JLS-08 and JLS-10

* fix JLS-20

* fix JLS-11 and JLS-28

* fix JLS-16

* 2.0 --> 2

* Update JLS-11

* fix JLS-27

* fix JLS-65

* fix JLS-63

* added JLS-19 to build instructions

* lcov and coverity

* added clang-tidy

* removed one validator from JLS-16

* fix lcov and coverity part

* edited reference type for scorecard and inrospector

* fix JLS-02

---------

Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>

* Bump urllib3 from 2.6.0 to 2.6.3 in /.devcontainer/S-CORE

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Remove GitHub actions reference from JLS-16.md

Removed reference to GitHub actions page from JLS-16.md

Signed-off-by: Erik Hu <erik.hu@d-fine.com>

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Erikhu1 fix code scanning alerts (nlohmann#40)

* restructure requirements file

* update trustable pins

* install reqs before trustable

---------

Signed-off-by: Luca Füger <luca.fueger@d-fine.com>
Signed-off-by: Erik Hu <erik.hu@d-fine.com>
Signed-off-by: halnasri <hatem.alnasri@d-fine.com>
Signed-off-by: LucaFue <luca.fueger@d-fine.de>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: halnasri <hatem.alnasri@d-fine.com>
Co-authored-by: Luca <luca.fueger@d-fine.com>
Co-authored-by: LucaFue <luca.fueger@d-fine.de>
Co-authored-by: aschemmel-git <alexander.schemmel@bmw.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: 6 people

.devcontainer/S-CORE/Dockerfile

@@ -87,5 +87,5 @@ RUN groupadd --gid $USER_GID $USERNAME \
 USER $USERNAME
 
 # Install trudag using pipx
-RUN pipx install git+https://gitlab.com/CodethinkLabs/trustable/trustable@v2025.10.22 && \
+RUN pipx install git+https://gitlab.com/CodethinkLabs/trustable/trustable@83b4023d7e2bd2b984db2c81543266ce09a7cbf7 && \
     pipx ensurepath

.devcontainer/S-CORE/post_create_script.sh

@@ -5,4 +5,4 @@ source .venv/bin/activate
 
 # Install trustable
 pip install --require-hashes -r .devcontainer/S-CORE/requirements.txt
-pip install git+https://gitlab.com/CodethinkLabs/trustable/trustable@v2025.10.22
+pip install git+https://gitlab.com/CodethinkLabs/trustable/trustable@83b4023d7e2bd2b984db2c81543266ce09a7cbf7

.devcontainer/S-CORE/requirements.in

@@ -1,9 +1,11 @@
 pip==25.3
-setuptools==78.1.1
 sphinx==8.2.3
 sphinx-design==0.6.1
 sphinx-needs==5.1.0
 sphinxcontrib.plantuml==0.31
 pytest==8.4.1
 pyyaml==6.0.3
 pip-tools==7.5.2
+colorama>=0.4
+exceptiongroup>=1
+tomli>=1a

.devcontainer/S-CORE/requirements.txt

@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
-#    pip-compile --allow-unsafe --generate-hashes --output-file=.devcontainer/S-CORE/requirements.txt .devcontainer/S-CORE/requirements.in
+#    pip-compile --generate-hashes --output-file=.devcontainer/S-CORE/requirements.txt .devcontainer/S-CORE/requirements.in
 #
 alabaster==1.0.0 \
     --hash=sha256:c00dca57bca26fa62a6d7d0a9fcce65f3e026e9bfe33e9c538fd3fbb2144fd9e \
@@ -111,10 +111,18 @@ click==8.3.1 \
     --hash=sha256:12ff4785d337a1bb490bb7e9c2b1ee5da3112e94a8622f26a6c77f5d2fc6842a \
     --hash=sha256:981153a64e25f12d547d3426c367a4857371575ee7ad18df2a6183ab0545b2a6
     # via pip-tools
+colorama==0.4.6 \
+    --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
+    --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
+    # via -r .devcontainer/S-CORE/requirements.in
 docutils==0.21.2 \
     --hash=sha256:3a6b18732edf182daa3cd12775bbb338cf5691468f91eeeb109deff6ebfa986f \
     --hash=sha256:dafca5b9e384f0e419294eb4d2ff9fa826435bf15f15b7bd45723e8ad76811b2
     # via sphinx
+exceptiongroup==1.3.1 \
+    --hash=sha256:8b412432c6055b0b7d14c310000ae93352ed6754f70fa8f7c34141f91c4e3219 \
+    --hash=sha256:a7a39a3bd276781e98394987d3a5701d0c4edffb633bb7a5144577f82c773598
+    # via -r .devcontainer/S-CORE/requirements.in
 idna==3.10 \
     --hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \
     --hash=sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
@@ -212,7 +220,7 @@ packaging==25.0 \
 pip-tools==7.5.2 \
     --hash=sha256:2d64d72da6a044da1110257d333960563d7a4743637e8617dd2610ae7b82d60f \
     --hash=sha256:2fe16db727bbe5bf28765aeb581e792e61be51fc275545ef6725374ad720a1ce
-    # via -r requirements.in
+    # via -r .devcontainer/S-CORE/requirements.in
 pluggy==1.6.0 \
     --hash=sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3 \
     --hash=sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746
@@ -232,7 +240,7 @@ pyproject-hooks==1.2.0 \
 pytest==8.4.1 \
     --hash=sha256:539c70ba6fcead8e78eebbf1115e8b589e7565830d7d006a8723f19ac8a0afb7 \
     --hash=sha256:7c67fd69174877359ed9371ec3af8a3d2b04741818c51e5e99cc1742251fa93c
-    # via -r requirements.in
+    # via -r .devcontainer/S-CORE/requirements.in
 pyyaml==6.0.3 \
     --hash=sha256:00c4bdeba853cc34e7dd471f16b4114f4162dc03e6b7afcc2128711f0eca823c \
     --hash=sha256:0150219816b6a1fa26fb4699fb7daa9caf09eb1999f3b70fb6e786805e80375a \
@@ -307,7 +315,7 @@ pyyaml==6.0.3 \
     --hash=sha256:f7057c9a337546edc7973c0d3ba84ddcdf0daa14533c2065749c9075001090e6 \
     --hash=sha256:fa160448684b4e94d80416c0fa4aac48967a969efe22931448d853ada8baf926 \
     --hash=sha256:fc09d0aa354569bc501d4e787133afc08552722d3ab34836a80547331bb5d4a0
-    # via -r requirements.in
+    # via -r .devcontainer/S-CORE/requirements.in
 referencing==0.36.2 \
     --hash=sha256:df2e89862cd09deabbdba16944cc3f10feb6b3e6f18e902f7cc25609a34775aa \
     --hash=sha256:e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0
@@ -496,7 +504,7 @@ sphinx==8.2.3 \
     --hash=sha256:398ad29dee7f63a75888314e9424d40f52ce5a6a87ae88e7071e80af296ec348 \
     --hash=sha256:4405915165f13521d875a8c29c8970800a0141c14cc5416a38feca4ea5d9b9c3
     # via
-    #   -r requirements.in
+    #   -r .devcontainer/S-CORE/requirements.in
     #   sphinx-data-viewer
     #   sphinx-design
     #   sphinx-needs
@@ -509,11 +517,11 @@ sphinx-data-viewer==0.1.5 \
 sphinx-design==0.6.1 \
     --hash=sha256:b11f37db1a802a183d61b159d9a202314d4d2fe29c163437001324fe2f19549c \
     --hash=sha256:b44eea3719386d04d765c1a8257caca2b3e6f8421d7b3a5e742c0fd45f84e632
-    # via -r requirements.in
+    # via -r .devcontainer/S-CORE/requirements.in
 sphinx-needs==5.1.0 \
     --hash=sha256:23a0ca1dfe733a0a58e884b59ce53a8b63a530f0ac87ae5ab0d40f05f853fbe7 \
     --hash=sha256:7adf3763478e91171146918d8af4a22aa0fc062a73856f1ebeb6822a62cbe215
-    # via -r requirements.in
+    # via -r .devcontainer/S-CORE/requirements.in
 sphinxcontrib-applehelp==2.0.0 \
     --hash=sha256:2f29ef331735ce958efa4734873f084941970894c6090408b079c61b2e1c06d1 \
     --hash=sha256:4cd3f0ec4ac5dd9c17ec65e9ab272c9b867ea77425228e68ecf08d6b28ddbdb5
@@ -536,7 +544,7 @@ sphinxcontrib-jsmath==1.0.1 \
     # via sphinx
 sphinxcontrib-plantuml==0.31 \
     --hash=sha256:fd74752f8ea070e641c3f8a402fccfa1d4a4056e0967b56033d2a76282d9f956
-    # via -r requirements.in
+    # via -r .devcontainer/S-CORE/requirements.in
 sphinxcontrib-qthelp==2.0.0 \
     --hash=sha256:4fe7d0ac8fc171045be623aba3e2a8f613f8682731f9153bb2e40ece16b9bbab \
     --hash=sha256:b18a828cdba941ccd6ee8445dbe72ffa3ef8cbe7505d8cd1fa0d42d3f2d5f3eb
@@ -545,10 +553,61 @@ sphinxcontrib-serializinghtml==2.0.0 \
     --hash=sha256:6e2cb0eef194e10c27ec0023bfeb25badbbb5868244cf5bc5bdc04e4464bf331 \
     --hash=sha256:e9d912827f872c029017a53f0ef2180b327c3f7fd23c87229f7a8e8b70031d4d
     # via sphinx
+tomli==2.4.0 \
+    --hash=sha256:0408e3de5ec77cc7f81960c362543cbbd91ef883e3138e81b729fc3eea5b9729 \
+    --hash=sha256:0dc56fef0e2c1c470aeac5b6ca8cc7b640bb93e92d9803ddaf9ea03e198f5b0b \
+    --hash=sha256:0e0fe8a0b8312acf3a88077a0802565cb09ee34107813bba1c7cd591fa6cfc8d \
+    --hash=sha256:0f2e3955efea4d1cfbcb87bc321e00dc08d2bcb737fd1d5e398af111d86db5df \
+    --hash=sha256:133e93646ec4300d651839d382d63edff11d8978be23da4cc106f5a18b7d0576 \
+    --hash=sha256:1b168f2731796b045128c45982d3a4874057626da0e2ef1fdd722848b741361d \
+    --hash=sha256:1c8a885b370751837c029ef9bc014f27d80840e48bac415f3412e6593bbc18c1 \
+    --hash=sha256:1f776e7d669ebceb01dee46484485f43a4048746235e683bcdffacdf1fb4785a \
+    --hash=sha256:1fb2945cbe303b1419e2706e711b7113da57b7db31ee378d08712d678a34e51e \
+    --hash=sha256:20cedb4ee43278bc4f2fee6cb50daec836959aadaf948db5172e776dd3d993fc \
+    --hash=sha256:20ffd184fb1df76a66e34bd1b36b4a4641bd2b82954befa32fe8163e79f1a702 \
+    --hash=sha256:26ab906a1eb794cd4e103691daa23d95c6919cc2fa9160000ac02370cc9dd3f6 \
+    --hash=sha256:2add28aacc7425117ff6364fe9e06a183bb0251b03f986df0e78e974047571fd \
+    --hash=sha256:2b1e3b80e1d5e52e40e9b924ec43d81570f0e7d09d11081b797bc4692765a3d4 \
+    --hash=sha256:31d556d079d72db7c584c0627ff3a24c5d3fb4f730221d3444f3efb1b2514776 \
+    --hash=sha256:36b9d05b51e65b254ea6c2585b59d2c4cb91c8a3d91d0ed0f17591a29aaea54a \
+    --hash=sha256:39b0b5d1b6dd03684b3fb276407ebed7090bbec989fa55838c98560c01113b66 \
+    --hash=sha256:3cf226acb51d8f1c394c1b310e0e0e61fecdd7adcb78d01e294ac297dd2e7f87 \
+    --hash=sha256:3d895d56bd3f82ddd6faaff993c275efc2ff38e52322ea264122d72729dca2b2 \
+    --hash=sha256:413540dce94673591859c4c6f794dfeaa845e98bf35d72ed59636f869ef9f86f \
+    --hash=sha256:43e685b9b2341681907759cf3a04e14d7104b3580f808cfde1dfdb60ada85475 \
+    --hash=sha256:4cbcb367d44a1f0c2be408758b43e1ffb5308abe0ea222897d6bfc8e8281ef2f \
+    --hash=sha256:551e321c6ba03b55676970b47cb1b73f14a0a4dce6a3e1a9458fd6d921d72e95 \
+    --hash=sha256:5572e41282d5268eb09a697c89a7bee84fae66511f87533a6f88bd2f7b652da9 \
+    --hash=sha256:5aa48d7c2356055feef06a43611fc401a07337d5b006be13a30f6c58f869e3c3 \
+    --hash=sha256:5b5807f3999fb66776dbce568cc9a828544244a8eb84b84b9bafc080c99597b9 \
+    --hash=sha256:5e3f639a7a8f10069d0e15408c0b96a2a828cfdec6fca05296ebcdcc28ca7c76 \
+    --hash=sha256:685306e2cc7da35be4ee914fd34ab801a6acacb061b6a7abca922aaf9ad368da \
+    --hash=sha256:75c2f8bbddf170e8effc98f5e9084a8751f8174ea6ccf4fca5398436e0320bc8 \
+    --hash=sha256:7b438885858efd5be02a9a133caf5812b8776ee0c969fea02c45e8e3f296ba51 \
+    --hash=sha256:7d49c66a7d5e56ac959cb6fc583aff0651094ec071ba9ad43df785abc2320d86 \
+    --hash=sha256:7d6d9a4aee98fac3eab4952ad1d73aee87359452d1c086b5ceb43ed02ddb16b8 \
+    --hash=sha256:84d081fbc252d1b6a982e1870660e7330fb8f90f676f6e78b052ad4e64714bf0 \
+    --hash=sha256:8768715ffc41f0008abe25d808c20c3d990f42b6e2e58305d5da280ae7d1fa3b \
+    --hash=sha256:920b1de295e72887bafa3ad9f7a792f811847d57ea6b1215154030cf131f16b1 \
+    --hash=sha256:9a08144fa4cba33db5255f9b74f0b89888622109bd2776148f2597447f92a94e \
+    --hash=sha256:a26d7ff68dfdb9f87a016ecfd1e1c2bacbe3108f4e0f8bcd2228ef9a766c787d \
+    --hash=sha256:aa89c3f6c277dd275d8e243ad24f3b5e701491a860d5121f2cdd399fbb31fc9c \
+    --hash=sha256:b5ef256a3fd497d4973c11bf142e9ed78b150d36f5773f1ca6088c230ffc5867 \
+    --hash=sha256:b6c78bdf37764092d369722d9946cb65b8767bfa4110f902a1b2542d8d173c8a \
+    --hash=sha256:bbb1b10aa643d973366dc2cb1ad94f99c1726a02343d43cbc011edbfac579e7c \
+    --hash=sha256:c084ad935abe686bd9c898e62a02a19abfc9760b5a79bc29644463eaf2840cb0 \
+    --hash=sha256:c73add4bb52a206fd0c0723432db123c0c75c280cbd67174dd9d2db228ebb1b4 \
+    --hash=sha256:cae9c19ed12d4e8f3ebf46d1a75090e4c0dc16271c5bce1c833ac168f08fb614 \
+    --hash=sha256:d20b797a5c1ad80c516e41bc1fb0443ddb5006e9aaa7bda2d71978346aeb9132 \
+    --hash=sha256:d3d1654e11d724760cdb37a3d7691f0be9db5fbdaef59c9f532aabf87006dbaa \
+    --hash=sha256:d878f2a6707cc9d53a1be1414bbb419e629c3d6e67f69230217bb663e76b5087
+    # via -r .devcontainer/S-CORE/requirements.in
 typing-extensions==4.15.0 \
     --hash=sha256:0cea48d173cc12fa28ecabc3b837ea3cf6f38c6d1136f85cbaaf598984861466 \
     --hash=sha256:f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548
-    # via referencing
+    # via
+    #   exceptiongroup
+    #   referencing
 urllib3==2.6.3 \
     --hash=sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed \
     --hash=sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4
@@ -558,16 +617,8 @@ wheel==0.45.1 \
     --hash=sha256:708e7481cc80179af0e556bbf0cc00b8444c7321e2700b8d8580231d13017248
     # via pip-tools
 
-# The following packages are considered to be unsafe in a requirements file:
-pip==25.3 \
-    --hash=sha256:8d0538dbbd7babbd207f261ed969c65de439f6bc9e5dbd3b3b9a77f25d95f343 \
-    --hash=sha256:9655943313a94722b7774661c21049070f6bbb0a1516bf02f7c8d5d9201514cd
-    # via
-    #   -r requirements.in
-    #   pip-tools
-setuptools==78.1.1 \
-    --hash=sha256:c3a9c4211ff4c309edb8b8c4f1cbfa7ae324c4ba9f91ff254e3d305b9fd54561 \
-    --hash=sha256:fcc17fd9cd898242f6b4adfaca46137a9edef687f43e6f78469692a5e70d851d
-    # via
-    #   -r requirements.in
-    #   pip-tools
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes and the requirement is not
+# satisfied by a package already installed. Consider using the --allow-unsafe flag.
+# pip
+# setuptools

.dotstop.dot

@@ -83,6 +83,8 @@ digraph G {
 "JLS-51" [sha="190e17d59795c9ed3b25a0a8bf57497de1e0d06ab90b3f6ba47b543c95edea43"];
 "JLS-52" [sha="8539f924c31974a2722615d2410a25336a5d6a9f399f16dc485be83f7f87a5ff"];
 "JLS-53" [sha="d9f7e732e34b0ec79305dde4c5b3d60906559ef1d90bc3ce2906e28a90293844"];
+"JLS-57" [sha="6261b6cf44be2e742af1e1d687f1233161ab7cdaf6f1c0a6e31e671a7451adc5"];
+"JLS-58" [sha="dbdb83427fd82fd3be5e90ab761945a0346b33740b9ea80fd37122dfa6baaa60"];
 "JLS-61" [sha="151f1cda2384ae4935d29d300c3424bca710378fa3689bbcff69b06dc86bb692"];
 "JLS-62" [sha="60848232c2989d0282b64792d7da7a57c04ff368d2ac9deae09c3743251dfc79"];
 "JLS-63" [sha="2b50e79c3b43c6815b5dc15c7909ce5fb513e98fadb28ddfa40938f20f5d0427"];
@@ -443,6 +445,7 @@ digraph G {
 "TA-FIXES" -> "JLS-29" [sha="4add5e8bf6d1a461fcc22a0fe49556d96664ff147c7aa783c844bd6f3189f0d3"];
 "TA-FIXES" -> "JLS-28" [sha="0adb7ec9c6cc4338fa810442d22c8e4ca2a39cf33f0efaf859457ab32946991d"];
 "TA-FIXES" -> "JLS-33" [sha="56b526e261afa2da0793ec172850d227e4ed1d8c8a06e616c680c3db29648d45"];
+"TA-FIXES" -> "JLS-57" [sha="ada11447792ac70d2f87b81253379dd31d73eefa57554c9f0b1e067bf995812c"];
 "TA-INPUTS" -> "JLS-04" [sha="262db6d430e99ef3a23645c93a1cc5bda1270ceba90b4d8cccb40b1eb85e9860"];
 "TA-INPUTS" -> "JLS-47" [sha="b2da62290125ecc680f953dde166bb5f22e7f8c6e7e53a73136102e01dd013a7"];
 "TA-INPUTS" -> "JLS-34" [sha="b39b1a808b02bfcd5450ffea835179c862c19f7759de0508bac9249c02db58c1"];
@@ -479,6 +482,7 @@ digraph G {
 "TA-TESTS" -> "JLS-02" [sha="e99cf5b009b3cdc149edc81b3454dddfaf69ab10f80e70ce698bcfb823b5fbd1"];
 "TA-TESTS" -> "JLS-62" [sha="49b5e6c124bec20cbc7cf92118c2b87e5c3a92e242beefb87bd7a4f72570b356"];
 "TA-TESTS" -> "JLS-61" [sha="4f4501f46dc4ef8948768080f88af8c7c94d1532e03f20a9cc126e7c4f07457f"];
+"TA-TESTS" -> "JLS-58" [sha="05ffbf50bb06c5bfc0cf12905f0c441203b45a9022fb60cc6f5450cf99a7b49f"];
 "TA-UPDATES" -> "JLS-06" [sha="51c4bad3a735d138e20d6609abe6765fe92b6ed2bee5a7649f6a48ec9eec2410"];
 "TA-UPDATES" -> "JLS-07" [sha="83de3c6d8d7734c0dd455033615ec44c51abfe9c5078d8a00da5a7c543eaf4d2"];
 "TA-UPDATES" -> "JLS-12" [sha="ae9afa457f597efb82f57ff8716e16e12f1d0962b86e47a078ac2fc363029450"];

.dotstop_extensions/README.md

@@ -394,61 +394,6 @@ evidence:
         digits: 3
 ```
 
-## combinator
-
-The combinator validator serves as a meta-validator that enables the evaluation of complex items by running multiple validators and combining their scores into a single result using a weighted average. It accepts a list of validator configurations and optional weights, executes each validator independently, and then computes the weighted mean of their scores. If no weights are specified, all validators are treated equally. The validator supports a predefined set of underlying validator types and aggregates their exceptions and warnings in its output. All weights must be non-negative, and if the sum of weights is zero, the combinator returns a score of 0.0.
-
-The trudag tool does currently not support the use of multiple custom validators for one single TSF statement.
-
-The combinator accepts a list of validators, each with its own configuration and optional weight. Each validator is executed independently, and their scores are combined using the formula: `(score1 * weight1 + score2 * weight2 + ...) / (weight1 + weight2 + ...)`. If no weights are specified, all validators are treated with equal weight (weight = 1.0).
-
-The combinator supports the following validator types:
-- `check_artifact_exists`
-- `https_response_time` 
-- `check_test_results`
-- `file_exists`
-- `sha_checker`
-- `check_issues`
-- `did_workflows_fail`
-- `coveralls_reporter`
-
-The expected configuration is as follows:
-
-```
-evidence:
-    type: combinator
-    configuration:
-        validators:
-            - type: "check_test_results"
-              weight: 2.0  # optional, defaults to 1.0
-              configuration:
-                  tests:
-                      - class_lexer
-                      - unicode1
-            - type: "https_response_time"
-              weight: 1.0  # optional, defaults to 1.0  
-              configuration:
-                  target_seconds: 2
-                  urls:
-                      - "https://github.com/nlohmann/json/issues"
-            - type: "coveralls_reporter"
-              weight: 1.5  # optional, defaults to 1.0
-              configuration:
-                  owner: "score-json"
-                  repo: "json"
-                  branch: "main"
-                  line_coverage: 99.186
-                  branch_coverage: 93.865
-                  digits: 3
-            - type: "did_workflows_fail"
-              configuration:
-                  owner: "eclipse-score"
-                  repo: "inc_nlohmann_json" 
-                  branch: "json_version_3_12_0"
-```
-
-All weights must be non-negative. If the sum of all weights is zero, the combinator returns a score of 0.0. The combinator aggregates all exceptions and warnings from the individual validators and returns them alongside the combined score.
-
 # Data store interface
 
 The data store interface utilises the built-in the `dump` functionality of trudag to store the trustable score, and to include the development of the trustable score over time into the report.

.dotstop_extensions/validators.py

@@ -430,66 +430,3 @@ def coveralls_reporter(configuration: dict[str, yaml]) -> tuple[float, list[Exce
     if round(expected_branch_coverage, digits) != round(covered_branches/relevant_branches * 100, digits):
         return (0.0, [Warning("The branch coverage has changed!")])
     return (1.0, [])
-    
-
-
-def combinator(configuration: dict[str, yaml]) -> tuple[float, list[Exception | Warning]]:
-    validators = configuration.get("validators",None)
-    if validators is None:
-        return (1.0, [Warning("No validators were given, returning the void-validator.")])
-    elif not isinstance(validators,list):
-        return (0.0, [TypeError("The list of validators must be given as list.")])
-    scores = []
-    exceptions = []
-    weights = []
-    for validator in validators:
-        # fetch configuration
-        validator_configuration = validator.get("configuration", None)
-        if not isinstance(validator_configuration,dict[str, yaml]):
-            return (0.0, [TypeError("Validator configuration must be an object.")])
-        # fetch weight
-        weight = float(validator.get("weight",1.0))
-        if weight<0:
-            return (0.0, [TypeError("Validator weights must be non-negative.")])
-        weights.append(weight)
-        # fetch type
-        validator_type = validator.get("type", None)
-        if validator_type is None:
-            return (0.0, [TypeError("Missing validator type declaration.")])
-        # execute validator
-        if validator_type == "check_artifact_exists":
-            validator_score, validator_errors = check_artifact_exists(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-        elif validator_type == "https_response_time":
-            validator_score, validator_errors = https_response_time(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-        elif validator_type == "check_test_results":
-            validator_score, validator_errors = check_test_results(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-        elif validator_type == "file_exists":
-            validator_score, validator_errors = file_exists(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-        elif validator_type == "sha_checker":
-            validator_score, validator_errors = sha_checker(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-        elif validator_type == "check_issues":
-            validator_score, validator_errors = check_issues(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-        elif validator_type == "did_workflows_fail":
-            validator_score, validator_errors = did_workflows_fail(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-        elif validator_type == "coveralls_reporter":
-            validator_score, validator_errors = coveralls_reporter(validator_configuration)
-            scores.append(validator_score)
-            exceptions.extend(validator_errors)
-    if sum(weights) == 0.0:
-        return (0.0, exceptions)
-    else:
-        return (sum(list(map(lambda x,y: x*y, scores, weights)))/sum(weights),exceptions)