Trustable Compliance Report
Item status guide
Each item in a Trustable Graph is scored with a number between 0 and 1. The score represents aggregated organizational confidence in a given Statement, with larger numbers corresponding to higher confidence. Scores in the report are indicated by both a numerical score and the colormap below:
1.00
0.00
The status of an item and its links also affect the score.
Unreviewed items are indicated by a cross in the status column. The score of unreviewed items is always set to zero.
Suspect links are indicated by a cross in the status column. The contribution to the score of a parent item by a suspiciously linked child is always zero, regardless of the child's own score.
Compliance for TSFTEMPLATE
| Item | Summary | Score | Score Origin | Status |
|---|---|---|---|---|
| TSFTEMPLATE-PROJECT_README | Project comes with a comprehensive README file, explaining goal, scope, and providing getting-started documentation. | 0.80 | SME with References | ✔ Item Reviewed ✔ All Children Linked |
| TSFTEMPLATE-PROJECT_SCOPE | The tsftemplate project README file defines the scope of the project, and lays out the why and to for reaching that goal. | 1.00 | SME with References | ✔ Item Reviewed ✔ All Children Linked |
| TSFTEMPLATE-SECURITY_POLICY | The tsftemplate project defines a securits policy for handling, analysis and resolution of security issues that are reported, which is based on and references the Eclipse Foundation Security Policy. |
1.00 | SME with References | ✔ Item Reviewed ✔ All Children Linked |
Compliance for UPSTREAM.ECLIPSE.ECLIPSE
| Item | Summary | Score | Score Origin | Status |
|---|---|---|---|---|
| UPSTREAM.ECLIPSE.ECLIPSE-BUILD_INSTRUCTIONS | An Eclipse project publicly documents build instructions that are easily reproducible. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-CODE_REVIEW | Any changes to an Eclipse projects always go through review, and are only merged on approval. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-COMMIT_RECORDS | Eclipse project commit records have a consistent form, include the author and should reference the issue that they are addressing. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-CONSTRUCTIVE_CULTURE | An Eclipse project handles bug reports, discussions and decisions in a healthy, constructive and welcoming manner, and that issues raised against the project are addressed in a timely manner. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-CONTRIBUTION_PROCESS | The contribution process for an Eclipse project is publicly documented and consistently followed. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-FORMAL_RELEASES | Each release of an Eclipse project undergoes formal review and approval. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-IP_COMPLIANCE | An Eclipse project follows the Eclipse Foundation IP Policy at all times. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-METADATA_CORRECTNESS | Technical metadata of an Eclipse project is always correct and up to date. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-PROCESSES | All Eclipse projects follow the Eclipse Foundation Development Process. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-PROJECT_README | An Eclipse projects must have a README file with information about the project. | 0.90 | Derived from supporting Statements | ✔ Item Reviewed ⨯ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-PROJECT_SCOPE | An Eclipse project's scope and objectives are formally documented and maintained. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-PUBLIC_CODE | All source code of an Eclipse project is kept and maintained via Eclipse-managed infrastructure. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-PUBLIC_RECORDS | All tickets, issue discussions, bug reports and decisions of an Eclipse project are kept and made publicly accessibly via Eclipse-managed infrastructure. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-SBOM_GENERATION | An Eclipse projects generates Software Bill of Materials (SBOM) documentation for the software that is produced. This is optional for libraries, but mandatory for applications or standalone components. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-SECURITY_POLICY | An Eclipse project defines a process for handling, analysis and resolution of security issues that are reported. | 1.00 | Derived from supporting Statements | ✔ Item Reviewed ⨯ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-SECURITY_REPORTING | An Eclipse project provides information about how and where to report security issues. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-VERSION_CONTROL | All changes to an Eclipse project are tracked through version control with full attribution. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.ECLIPSE.ECLIPSE-VULNERABILITY_MANAGEMENT | An Eclipse project follows obligations and practices regarding the analysis and reporting and disclosure of vulnerabilities. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
Compliance for UPSTREAM.TSF.TA
| Item | Summary | Score | Score Origin | Status |
|---|---|---|---|---|
| UPSTREAM.TSF.TA-ANALYSIS | Collected test and monitoring data for XYZ is analysed using verified methods to validate expected behaviours and identify new misbehaviours. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-BEHAVIOURS | Expected or required behaviours for XYZ are identified, specified, verified and validated based on analysis. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-CONFIDENCE | Confidence in XYZ is measured based on results of analysis | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-CONSTRAINTS | Constraints on adaptation and deployment of XYZ are specified. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-DATA | Test and monitoring data from development and production are appropriately collected and retained. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-FIXES | Known bugs or misbehaviours are analysed and triaged, and critical fixes or mitigations are implemented or applied. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-INDICATORS | Advance warning indicators for misbehaviours are identified, and monitoring mechanisms are specified, verified and validated based on analysis. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-INPUTS | All inputs to XYZ are assessed, to identify potential risks and issues | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-ITERATIONS | All constructed iterations of XYZ include source code, build and usage instructions, tests, results, and attestations. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-METHODOLOGIES | Manual methodologies applied for XYZ by contributors, and their results, are managed according to specified objectives. | 0.12 | Derived from supporting Statements | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-MISBEHAVIOURS | Prohibited misbehaviours for XYZ are identified, and mitigations are specified, verified and validated based on analysis. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-RELEASES | Construction of XYZ releases is fully repeatable and the results are fully reproducible, with any exceptions documented and justified. | 0.15 | Derived from supporting Statements | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-SUPPLY_CHAIN | All sources for XYZ and tools are mirrored in our controlled environment | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-TESTS | All tests for XYZ, and its build and test environments, are constructed from controlled/mirrored sources and are reproducible, with any exceptions documented | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-UPDATES | XYZ components, configurations and tools are updated under specified change and configuration management controls. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TA-VALIDATION | Tests exercise both stressed and representative conditions, validating behaviour through systematic, scheduled repetition. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
Compliance for UPSTREAM.TSF.TRUSTABLE
| Item | Summary | Score | Score Origin | Status |
|---|---|---|---|---|
| UPSTREAM.TSF.TRUSTABLE-SOFTWARE | This release of XYZ is Trustable. | 0.05 | Derived from supporting Statements | ✔ Item Reviewed ✔ All Children Linked |
Compliance for UPSTREAM.TSF.TT
| Item | Summary | Score | Score Origin | Status |
|---|---|---|---|---|
| UPSTREAM.TSF.TT-CHANGES | XYZ is actively maintained, with regular updates to dependencies, and changes are verified to prevent regressions. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TT-CONFIDENCE | Confidence in XYZ is achieved by measuring and analysing behaviour and evidence over time. | 0.06 | Derived from supporting Statements | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TT-CONSTRUCTION | Tools are provided to build XYZ from trusted sources (also provided) with full reproducibility. | 0.05 | Derived from supporting Statements | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TT-EXPECTATIONS | Documentation is provided, specifying what XYZ is expected to do, and what it must not do, and how this is verified. | 0.18 | Derived from supporting Statements | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TT-PROVENANCE | All inputs (and attestations for claims) for XYZ are provided with known provenance. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
| UPSTREAM.TSF.TT-RESULTS | Evidence is provided to demonstrate that XYZ does what it is supposed to do, and does not do what it must not do. | 0.00 | Missing | ✔ Item Reviewed ✔ All Children Linked |
Generated for: tsftemplate
- Repository root: /github/workspace
- Commit SHA: 67a3b30a47e8ec205bc63c1216461b398d07bdf0
- Commit date/time: 2026-04-15 14:16:52+00:00 UTC
- Commit tag: v0.1.6-0-g67a3b30