Skip to content

Release#26

Merged
mm-kgi merged 22 commits intomainfrom
develop
Jan 27, 2026
Merged

Release#26
mm-kgi merged 22 commits intomainfrom
develop

Conversation

@mm-kgi
Copy link
Contributor

@mm-kgi mm-kgi commented Jan 27, 2026
edited
Loading

Projects Overview

  • AAS.TwinEngine.DataEngine – main DataEngine API (net8.0)
  • AAS.TwinEngine.DataEngine.UnitTests – unit tests for DataEngine
  • AAS.TwinEngine.DataEngine.ModuleTests – module/integration tests for DataEngine
  • AAS.TwinEngine.Plugin.TestPlugin – example/test plugin API (net8.0)
  • AAS.TwinEngine.Plugin.TestPlugin.UnitTests – unit tests for the test plugin

APIs DataEngine

  • Implemented APIs:
    • AAS Registry
    • AAS Repository
    • Submodel Registry
    • Submodel Repository

APIs TestPlugin

  • Implemented APIs:
    • MetaData
    • Data

mm-psy and others added 21 commits December 18, 2025 12:55
@mm-psy
Add dependency-review (#3)
da56f4e 
* Add dependency-review

* Fix branch
@mm-psy
Add Scorecard supply-chain security (#2)
4739f08
@mm-psy
Create docker-publish.yml (#7)
d809ee7
@mm-psy
Create dotnet (#6)
bea4743 
* Create dotnet.yml

* Add comment

* Test

* Test

* Enhance CI workflow with code coverage reporting and PR comments

* Fix wrong test run

* Refactor CI workflow to improve test result handling and add module test execution

* Enhance CI workflow by combining test and coverage reports, and updating paths for coverage files
@mm-kgi
Enhance Submodel Element request handling(#8)
a166826
@mm-psy
Add dependabot-version-updates (#4)
0ca152b 
* Add dependabot-version-updates
@mm-kgi
Enhancement of DataEngine Implementation (#12)
e4fe5a6
@mm-hsh
Added example folder With Dpp-plugin (#13)
cf19f13
@mm-psy
Restructure Dockerfile for improved build process and clarity (#14)
69c50aa
@mm-kgi
Added Test Plugin and Example for 3 submodels using Test plugin (#11)
328dd9c
@HolgerSantelmann @mm-kgi
#182: Test plugin review results (#17)
6d9284a 
* #182: Rename of folder

* #182: Refinement of apiCollection Readmes and environments

* #182: Also rename of Aas.TwinEngine.Plugin.TestPlugin to AAS.TwinEngine.Plugin.TestPlugin in files

* Remove obsolete test project files and add new project files for Plugin testing

* Remove obsolete test project files and add new project files for Plugin testing

* #182: Rename of projects

* #182: Readme refined

* #182: Refinement of readme

* #182: Icons removed from readme

---------

Co-authored-by: Kevalkumar <kgi@mm-software.com>
@mm-psy
Add codeql (#5)
d27c181 
* Create codeql.yml

* Update branches
@mm-hsh
Enhancement of DataEngine Implementation (#18)
adad264
@mm-psy
Add hotfix develop release branches to actions (#15)
46acc89 
* Update dependency-review.yml

* Update dotnet.yml

* Update docker-publish.yml

* Update docker-publish.yml to refine branch triggers and enhance Docker metadata extraction

* Fix image name

* Add manually trigger a workflow
@HolgerSantelmann
#257: Enhancement TestPlugin to verify access SubmodelElement inside …
2b973bd 
…a SubmodelCollection within a SubmodelList (#19)
@mm-kgi
README.md with detailed DataEngine overview and feature descriptions (#…
01d0222 
…22)
@mm-kgi
Refactor SyncShellDescriptorsAsync to log errors and return instead o…
35e0d20 
…f throwing exceptions for null checks (#20)
@rkg-mm
Generate SBOM for Container & application (#23)
c4b9591 
* Generate SBOM for application dependencies

* Generate Container SBOM and extract App SBOM. Push both to Artifacts.

* Pin actions by hash and ensure app path casing aligns with Dockerfile

* Exclude SBOM generation from PR runs
@mm-psy
Add groups dependabot (#24)
71ba1a8
@mm-hsh
Enhance example-Docker setup (#16)
b9eae85
@mm-psy
Add manual trigger capability to .NET pipeline (#21)
ebeaef1
@github-actions
Copy link

github-actions bot commented Jan 27, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 4 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/actions/checkout 8e8c483db84b4bee98b60c0593521ed34d9990e8 🟢 6.6
Details
CheckScoreReason
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Vulnerabilities🟢 82 existing vulnerabilities detected
SAST🟢 8SAST tool detected but not run on all commits
actions/actions/upload-artifact 330a01c490aca151604b8cf639adc76d48f6c5d4 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1025 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif fe4161a26a8629af62121b670040955b330f9af2 UnknownUnknown
actions/ossf/scorecard-action 4eaacf0543bb3f2c246792bd56e8cdeffafb205a 🟢 9.1
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1017 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 10all changesets reviewed
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
License🟢 10license file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 16 contributing companies or organizations
nuget/Microsoft.Extensions.Logging.Abstractions 9.0.0 🟢 6.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
nuget/Microsoft.NET.Test.Sdk 17.8.0 🟢 5
Details
CheckScoreReason
Code-Review🟢 6Found 11/18 approved changesets -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1023 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts⚠️ 0binaries present in source code
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
nuget/NSubstitute 5.3.0 🟢 5.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1019 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/TngTech.ArchUnitNET.xUnit 0.11.2 UnknownUnknown
nuget/coverlet.collector 6.0.0 🟢 5.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/30 approved changesets -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1029 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 7binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
SAST🟢 9SAST tool detected but not run on all commits
nuget/xunit 2.5.3 ⚠️ 4.9
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 3/30 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 9license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/xunit.runner.visualstudio 2.5.3 UnknownUnknown
nuget/Asp.Versioning.Mvc 8.1.0 UnknownUnknown
nuget/FluentValidation 12.0.0 ⚠️ 4.6
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 4Found 14/30 approved changesets -- score normalized to 4
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/FluentValidation.AspNetCore 11.3.1 UnknownUnknown
nuget/FluentValidation.DependencyInjectionExtensions 12.0.0 ⚠️ 4.6
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 4Found 14/30 approved changesets -- score normalized to 4
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/JsonSchema.Net 7.3.4 UnknownUnknown
nuget/Microsoft.Extensions.DependencyInjection 9.0.7 🟢 6.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
nuget/NSwag.AspNetCore 14.4.0 ⚠️ 3.1
Details
CheckScoreReason
Code-Review⚠️ 4Found 12/30 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 99 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 6binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 010 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/OpenTelemetry 1.12.0 🟢 8.3
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 36 contributing companies or organizations
nuget/OpenTelemetry.Exporter.OpenTelemetryProtocol 1.12.0 🟢 8.3
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 36 contributing companies or organizations
nuget/OpenTelemetry.Extensions.Hosting 1.12.0 🟢 8.3
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 36 contributing companies or organizations
nuget/OpenTelemetry.Instrumentation.AspNetCore 1.12.0 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
CII-Best-Practices🟢 5badge detected: Passing
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 22 contributing companies or organizations
nuget/OpenTelemetry.Instrumentation.Http 1.12.0 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
CII-Best-Practices🟢 5badge detected: Passing
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 22 contributing companies or organizations
nuget/Serilog 4.3.0 🟢 6.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 6Found 15/24 approved changesets -- score normalized to 6
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 103 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Serilog.AspNetCore 9.0.0 🟢 5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 55 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Code-Review⚠️ 3Found 5/15 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Swashbuckle.AspNetCore 9.0.3 🟢 7.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/5 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Dependency-Update-Tool🟢 10update tool detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 55 contributing companies or organizations

Scanned Files

  • .github/workflows/scorecard.yml
  • source/AAS.TwinEngine.Plugin.TestPlugin.UnitTests/AAS.TwinEngine.Plugin.TestPlugin.UnitTests.csproj
  • source/AAS.TwinEngine.Plugin.TestPlugin/AAS.TwinEngine.Plugin.TestPlugin.csproj

@mm-kgi mm-kgi requested a review from mm-asha January 27, 2026 09:21
@mm-kgi mm-kgi changed the title Merge Development Branch to Main Branch Release Jan 27, 2026
@github-actions
Copy link

github-actions bot commented Jan 27, 2026

Test & Coverage Report

Test Results Summary

Metric Count
✅ Passed 460
❌ Failed 0
⏭️ Skipped 0

View Detailed Test Results

Code Coverage

Unit Tests Coverage

Package Line Rate Branch Rate Complexity Health
AAS.TwinEngine.DataEngine 90% 80% 1188
Summary 90% (2049 / 2273) 80% (836 / 1044) 1188

Minimum allowed line rate is 80%

Module Tests Coverage

Package Line Rate Branch Rate Complexity Health
AAS.TwinEngine.DataEngine 56% 40% 1188
Summary 56% (1279 / 2273) 40% (421 / 1044) 1188

@mm-kgi mm-kgi merged commit bd4a1fc into main Jan 27, 2026
11 checks passed
@mm-kgi mm-kgi removed the request for review from mm-asha January 27, 2026 11:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mm-mse mm-mse mm-mse approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mm-kgi @mm-mse @mm-psy @mm-hsh @HolgerSantelmann @rkg-mm

Comments