Create security-assessment.md

[SSIRKC]

Hello PURIS team,

as already announced we are moving the assessments to GitHub.

Please note that we have not published open severe findings if there any.

This assessment file is a requirement for all quality gates and has to be provided as proof.

Please also note that this current assessment file only documents the situtation of release 23.12.
An update is required for the Q1 release 2024.

@szymonkowalczykzf please add the dataflow diagram in a separate pull request.

[SSIRKC]

@szymonkowalczykzf please also have a look as from your point of view.

[SSIRKC]

@tom-rm-meyer-ISST please check if the file location suits you.

[tom-rm-meyer-ISST]

Location is fine. Thanks for providing. Had a few questions and adoptions. Sorry for not raising them earlier.

[tom-rm-meyer-ISST]

Security Assessment has been conducted for Release 24.03. Thus it is correct, isn't it? Just want to confirm

[SSIRKC]

Hi Tom, you need to schedule a new assessment for 24.03. This is only the migration to GitHub :)

[tom-rm-meyer-ISST]

Ah ok, We didn't participate in R23.12 and therefore just wanted to be fast enough for R24.03. Also when talking about prioritization things have been postponed for R24.05.

But I can open a ticket so that we're in line again :)

[tom-rm-meyer-ISST]

Raised issue for re-assesment for R24.03.

[tom-rm-meyer-ISST]

LGTM, thanks a lot! As commented I raised an assesment request for R24.03.

[tom-rm-meyer-ISST]

@SSIRKC could you please synchronize your fork and merge main? Seems like I can't automerge :(

[SSIRKC]

@SSIRKC could you please synchronize your fork and merge main? Seems like I can't automerge :(

Sinced my fork, but I cant automerge. Does it work now for you? :)

[szymonkowalczykzf]

@tom-rm-meyer-ISST You will have to first merge before I can provide changes with the regards to the diagram we have spoke about today. As soon as file will be merged I will pull request to include the diagram.

[tom-rm-meyer-ISST]

@szymonkowalczykzf sorry, I missed to merge it after past merge of @SSIRKC.

@SSIRKC could you please sync and merge again? :/

[SSIRKC]

@szymonkowalczykzf sorry, I missed to merge it after past merge of @SSIRKC.

@SSIRKC could you please sync and merge again? :/

Hi @tom-rm-meyer-ISST , I sinced again but I cant merge I think. Do I have the rights for it? I am not comitter

[tom-rm-meyer-ISST]

@szymonkowalczykzf sorry, I missed to merge it after past merge of @SSIRKC.
@SSIRKC could you please sync and merge again? :/

Hi @tom-rm-meyer-ISST , I sinced again but I cant merge I think. Do I have the rights for it? I am not comitter

It's still out of date in Github. Could you please check if you synchronized your branch beforehand merging main?

[SSIRKC]

Merged again, not sure what is going wrong :D

@szymonkowalczykzf sorry, I missed to merge it after past merge of @SSIRKC.
@SSIRKC could you please sync and merge again? :/

Hi @tom-rm-meyer-ISST , I sinced again but I cant merge I think. Do I have the rights for it? I am not comitter

It's still out of date in Github. Could you please check if you synchronized your branch beforehand merging main?

[tom-rm-meyer-ISST]

Merged again, not sure what is going wrong :D

@szymonkowalczykzf sorry, I missed to merge it after past merge of @SSIRKC.
@SSIRKC could you please sync and merge again? :/

Hi @tom-rm-meyer-ISST , I sinced again but I cant merge I think. Do I have the rights for it? I am not comitter

It's still out of date in Github. Could you please check if you synchronized your branch beforehand merging main?

Whatever you did differently or again - it worked :)

[szymonkowalczykzf]

Kristian, Tom, thanks for your work on that.
I have created another pull request with changes to the assessment md file.

Please let me know in case of any issues.