JLS-01

The JSON-library project CI executes on each pull request (opened, reopened, synchronized) the integration test suite, and failures in these runs are investigated by contributors.

Supported Requests:

• TA-VALIDATION

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-02

Fuzz testing is used to uncover edge cases and failure modes throughout development. (https://github.com/nlohmann/json/blob/develop/tests/fuzzing.md)

Supported Requests:

• TA-MISBEHAVIOURS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-03

Automated tests are reviewed by a Subject Matter Expert to verify they test the properties they claim to.

Supported Requests:

• TA-BEHAVIOURS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-04

The project runs dependabot on all code entering the main branch, blocking merges until all warnings are resolved. (https://github.com/score-json/json/blob/main/nlohmann_json/.github/dependabot.yml)

Supported Requests:

• TA-FIXES

• TA-INPUTS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-05

The OSS nlohmann_json is widely used, actively maintained and uses github issues to track bugs and misbehaviours.

Supported Requests:

• TA-FIXES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-06

Changes to the code (main branch) are applied only after code review and passing of all pipelines.

Supported Requests:

• TA-UPDATES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-07

Main branch is protected, i.e. no direct commits are possible.

Supported Requests:

• TA-UPDATES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-08

Each statement is scored based on SME reviews or automatic validation functions. (TODO)

Supported Requests:

• TA-CONFIDENCE

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-09

Scores are reasonably, systematically and repeatably accumulated. (TODO)

Supported Requests:

• TA-CONFIDENCE

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-10

Every release includes source code, build instructions, tests and attestations. (TODO: Test result summary)

Supported Requests:

• TA-ITERATIONS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-11

A score based on outstanding, fixed and mitigated faults is calculated based on github issues in nlohmann/json. (TODO)

Supported Requests:

• TA-FIXES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-12

The S-Core change process management is followed. (https://eclipse-score.github.io/process_description/main/process_areas/change_management/index.html)

Supported Requests:

• TA-UPDATES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-13

The S-Core methodologies are followed. (https://eclipse-score.github.io/process_description/main/general_concepts/score_review_concept.html).

Supported Requests:

• TA-METHODOLOGIES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-14

The builds are repeatable (i.e. different builds lead to the same SHA value). (TODO)

Supported Requests:

• TA-RELEASES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-16

A list of tests, which is extracted from the test execution, is provided, along with a list of test environments. (TODO)

Supported Requests:

• TA-TESTS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-17

A github workflow calculates the fraction of expectations covered by tests (TODO).

Supported Requests:

• TA-ANALYSIS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-18

Results from tests are accurately captured. (TODO)

Supported Requests:

• TA-DATA

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-19

All components, dependencies and tools are listed in a manifest.

Supported Requests:

• TA-ITERATIONS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-20

A github workflow saves the history of scores in the trustable graph to derive trends. (TODO)

Supported Requests:

• TA-CONFIDENCE

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-21

A score is calculated based on the number of mirrored and unmirrored things. (TODO)

Supported Requests:

• TA-RELEASES

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-22

The github workflow executes the unit tests daily and saves the results as time-series data. (TODO)

Supported Requests:

• TA-VALIDATION

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-23

The eclipse s-core organization mirrors the nlohmann_json library in a fork.

Supported Requests:

• TA-SUPPLY_CHAIN

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-24

The JSON library recognizes malformed JSON and returns an exception.

Supported Requests:

• TA-MISBEHAVIOURS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-25

Malicious code changes are mitigated by code reviews, adhering to Eclipse S-core contribution procedures and vigilance from the open-source community.

Supported Requests:

• TA-MISBEHAVIOURS

Supporting Items:

None

References:

None

Fallacies:

None

---

JLS-26

Pipeline execution results are analyzed in the fork and the original nlohmann_json repository.

Supported Requests:

• TA-ANALYSIS

Supporting Items:

None

References:

None

Fallacies:

None