Generate SBOM for Container & application

[rkg-mm]

SBOM will be generated separately for Container (nuget packages) and container (excluding the nuget stuff) for easier handling in vulnerabiltiy Management.
SBOMs will be published in run artifacts.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/upload-artifact	ea165f8d65b6e75b540449e92b4886f43607fa02	🟢 6.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 29 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
actions/aquasecurity/trivy-action	b6643a29fecd7f34b3597bc6acb0a98b03d33ff8	🟢 5.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• .github/workflows/docker-publish.yml

[github-actions]

Test & Coverage Report

Test Results Summary

Metric	Count
✅ Passed	460
❌ Failed	0
⏭️ Skipped	0

View Detailed Test Results

---

Code Coverage

Unit Tests Coverage

Package	Line Rate	Branch Rate	Complexity	Health
AAS.TwinEngine.DataEngine	90%	80%	1188	✔
Summary	90% (2049 / 2273)	80% (836 / 1044)	1188	✔

Minimum allowed line rate is 80%

Module Tests Coverage

Package	Line Rate	Branch Rate	Complexity	Health
AAS.TwinEngine.DataEngine	56%	40%	1188	➖
Summary	56% (1279 / 2273)	40% (421 / 1044)	1188	➖