Merge remote-tracking branch 'remotes/upstream/main' into bt-rul-kit-…

…release

.github/workflows/dash.yaml

@@ -0,0 +1,46 @@
+# #############################################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# #############################################################################
+---
+
+name: "3rd Party dependency check (Eclipse Dash)"
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+  check-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # See https://github.com/eclipse-tractusx/sig-infra/tree/main/.github/actions/run-dash for infos
+      # about the dash actions and possible config
+      - name: Run dash
+        id: run-dash
+        uses: eclipse-tractusx/sig-infra/.github/actions/run-dash@main
+        with:
+          dash_input: "package-lock.json"
+          fail_on_restricted: "true"

.github/workflows/lint-on-pull-request.yaml

@@ -41,5 +41,8 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Run markdown lint
+      - name: Run markdown lint for docs folder
         run: npm run lint-doc
+
+      - name: Run markdown lint for docs-kits folder
+        run: npm run lint-kits

DEPENDENCIES

@@ -244,7 +244,7 @@ npm/npmjs/-/duplexer3/0.1.5, BSD-3-Clause, approved, clearlydefined
 npm/npmjs/-/eastasianwidth/0.2.0, MIT, approved, clearlydefined
 npm/npmjs/-/ee-first/1.1.1, MIT, approved, clearlydefined
 npm/npmjs/-/electron-to-chromium/1.4.284, ISC, approved, #1950
-npm/npmjs/-/elkjs/0.8.2, EPL-2.0, approved, clearlydefined
+npm/npmjs/-/elkjs/0.8.2, EPL-2.0 AND BSD-3-Clause, approved, #12671
 npm/npmjs/-/emoji-regex/8.0.0, MIT, approved, clearlydefined
 npm/npmjs/-/emoji-regex/9.2.2, MIT, approved, clearlydefined
 npm/npmjs/-/emojis-list/3.0.0, MIT, approved, clearlydefined
@@ -808,7 +808,7 @@ npm/npmjs/-/semver/6.3.0, ISC, approved, clearlydefined
 npm/npmjs/-/semver/7.3.5, ISC, approved, clearlydefined
 npm/npmjs/-/semver/7.3.8, ISC, approved, clearlydefined
 npm/npmjs/-/send/0.18.0, MIT, approved, clearlydefined
-npm/npmjs/-/serialize-javascript/6.0.0, BSD-3-Clause, approved, clearlydefined
+npm/npmjs/-/serialize-javascript/6.0.0, BSD-3-Clause, approved, #12680
 npm/npmjs/-/serve-handler/6.1.5, MIT, approved, clearlydefined
 npm/npmjs/-/serve-index/1.9.1, MIT, approved, clearlydefined
 npm/npmjs/-/serve-static/1.15.0, MIT, approved, clearlydefined

README.md

@@ -21,6 +21,6 @@ We do want to follow a specific style for our markdown based documentation.
 Therefore, this repository is configured to use a [markdown linter](https://github.com/DavidAnson/markdownlint-cli2).
 Specific rules are configured via [.markdownlint.yaml](./.markdownlint.yaml).
 
-Additionally, there is a npm script `lint-doc`, that will lint all the markdown files inside [docs](./docs).
+Additionally, there is a npm script `lint-doc`, that will lint all the markdown files inside [docs](./docs) and `lint-kits`, that will lint all the markdown files inside [docs-kits](./docs-kits).
 This script is also run as a pre-commit hook, set up via [husky](https://www.npmjs.com/package/husky).
-You can also run the linting step manually by running `npm run lint-doc`.
+You can also run the linting step manually by running `npm run lint-doc` or `npm run lint-kits`.

blog-meeting-minutes/2024-01-19-office-hour.md

@@ -0,0 +1,38 @@
+---
+slug: office-hour-19-01-2024
+title: Office hour 19.01.2024
+authors: 
+    - harald_zierer
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+- No update
+
+### Security team
+- Many open cases (>10) from GitGuardian, please check you inboxes (or spam folders)
+- A bug bounty program is in the making
+
+### FOSS
+- Happy new year: Don't forget to update the year in your copyright headers
+  - some corner cases will be clarified until next office hour
+- There is a new draft [TRG 2.06](https://eclipse-tractusx.github.io/docs/release/trg-0/trg-2-6) regarding dependabot usage
+  - please update your `DEPENDENCIES` file(s) to ensure that the suggested changes are license compliant
+
+### Open planning / community
+- Last open planning session went very well
+- There's a new [open meetings](https://eclipse-tractusx.github.io/community/open-meetings) page
+
+### Open discussion
+- discussion regarding the "Notice for docker image" to be moved into a separate file.
+  - [TRG 4.06](https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-06) will be updated to mandate a dedicated file.
+  - Please keep in mind to update your docker build workflow to include the new file instead of the `README.md`. See [example of TRG 4.05](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/blob/204cfddb5531fd6430001c0baf0ca12a97bb9718/docs/release/trg-4/trg-4-05.md?plain=1#L99-L100) for reference.
+- discussion on where to discuss about new / changes to existing TRGs: TRG draft section, within the PR or GitHub discussions
+  - Sebastian is going to create a PR so everybody can vote on it
+- As multiple people struggle with our current docusaurus[^1] setup, there will be a training/hands-on session soon. It's will be announced on the mailing list.
+- Content updates for KITs: Please ensure that no copyrighted content (incl. Catena-X) is contributed to Tractus-X.
+- False-positive issues opened by Trivy - please raise a "tooling support" issue in the [sig-security](https://github.com/eclipse-tractusx/sig-security) repository
+
+[^1]: [docusaurus](https://docusaurus.io/docs): the generator for the pages you are reading right now

blog-meeting-minutes/2024-01-26-office-hour.md

@@ -0,0 +1,50 @@
+---
+slug: office-hour-26-01-2024
+title: Office hour 26.01.2024
+authors: 
+    - almadi_gabor
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+
+- Whenever a new room is created in the Eclipse Matrix chat, please announce it in the main [Tractux-X](https://matrix.to/#/#tractusx:matrix.eclipse.org) room,
+  office hour and mailing list so everybody can learn about it and join.
+
+### Security team
+
+- New issue templates are available for the following topics:
+  - [OSS Tool membership request](https://github.com/eclipse-tractusx/sig-security/issues/new?assignees=SSIRKC&labels=security%2C+tool&projects=&template=tractus-x-oss-tool-membership-request.md&title=Requesting+access+to+%22%5BTOOL+NAME%5D+YOUR_REPOSITORY%22)
+  - [Ask the community](https://github.com/eclipse-tractusx/sig-security/discussions/categories/q-a) for security help via Discussions
+  - Keep an eye out on the [Security Announcements](https://github.com/eclipse-tractusx/sig-security/discussions/categories/announcements) where news 
+    about security topics are announces regularly
+- Get in touch with the Security Team for testing with [Snyk](https://snyk.io/)
+
+### FOSS
+
+- There was a new election for a project lead role for [Stephan Bauer](https://github.com/stephanbcbauer)
+- The Eclipse Project Handbook changed the section about handling copyright headers. A year range is not longer necessary, only the year when
+  the file was created so there is no need to keep an eye on updating the headers. It is still allowed to put year range (creation date and
+  last modification year) in the header but they have to be separated with comma character.
+- Please sign the Eclipse Contributor Agreement when trying to contribute to the webpage. Without that it is not possible to merge commits
+  to the main branch.
+- ❗ Please don't put any Catena-X content or resource on the website without permission.
+
+### Open planning / community
+
+- New [Open Meetings Links](https://eclipse-tractusx.github.io/community/open-meetings) are listed directly on our webpage to participate and separate calendar files can be downloaded from there.
+- Office hours will probably start a few minutes later so the people don't have to wait until everyone gets there.
+- Commiters and Contributors Meeting could be a new form of communication where the committers are more involved getting some pressure off the System Team.
+- Newjoiner rounds for basic introductions would be held every 2 weeks in a separate session.
+
+### Open discussion
+
+- [Umbrella chart](https://github.com/eclipse-tractusx/e2e-testing):
+  - Currently there is a temporary solution for the Managed Identity Wallet by SAP until the [open source version](https://github.com/eclipse-tractusx/managed-identity-wallet) is fixed. This is a COTS
+    application and it raises questions like how it can be integrated into an open source software stack like the umbrella chart. It is not confirmed yet
+    whether the version from SAP can be used without a license. Currently all components can run without MIW but data exchange functionality won't work.
+- Public API versioning is still an open topic where no decision has been made to create a TRG or guide the Tractus-X community to follow
+  one versioning strategy.
+- An alternative for MS Teams should be found as it is hard to manage for an open community (e.g. Discord).

blog-meeting-minutes/2024-02-02-office-hour.md

@@ -0,0 +1,36 @@
+---
+slug: office-hour-02-02-2024
+title: Office Hour 02.02.2024
+authors: 
+    - fabian_gruen
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+
+- Please be aware of our Markdown lint problem in the eclipse-tractusx.github.io that currently only the [`/docs`](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/blob/main/package.json#L15) folder is checked and should be extended to more markdown file directories 
+- TRG Update information about [TRG 3-1](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/618) that was superseded by [TRG 5-09](https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-09)
+- Upcoming Office Hours meeting minutes will be reported in the community section of our webpage and you can find [here](https://eclipse-tractusx.github.io/community/meeting-minutes)
+
+### Security team
+
+- New [security issue templates](https://github.com/eclipse-tractusx/sig-security/issues/new/choose) for sig-security repository
+- Security assessments [template](https://github.com/eclipse-tractusx/sig-security/issues/new?assignees=szymonkowalczykzf&labels=security%2C+assessment&projects=&template=security-assessment-request.md&title=%5BSecurity+Assessment%5D+SUBJECT_HERE) and [contact](https://github.com/szymonkowalczykzf)
+- Access to security tools [template](https://github.com/eclipse-tractusx/sig-security/issues/new?assignees=RoKrish14&labels=security%2C+tooling&projects=&template=security-tooling-support-request.md&title=%5BSecurity+Tooling%5D+YOUR_ISSUE_TITLE_HERE) like Snyk and other tools
+- [Snyk](https://snyk.io/) tool will be available after consortia time
+
+
+### FOSS
+
+- Please take your vote on a new [Committer Election](https://projects.eclipse.org/projects/automotive.tractusx/elections/election-f%C3%A1bio-mota-committer-eclipse-tractus-x) for [Fábio Mota](https://github.com/fabiodmota)
+- Please participate in [Eclipse Committer Office Hour Meetings](https://www.eclipse.org/projects/calendar/) and join the discussion about changes to the Eclipse IP Policy and Due Diligence Process
+
+### Open planning / community
+
+- Open [Meetings Links](https://eclipse-tractusx.github.io/community/open-meetings) with ics invitation files are available for the community
+
+### Open discussion
+
+- No open discussion

blog-meeting-minutes/2024-02-09-office-hour.md

@@ -0,0 +1,36 @@
+---
+slug: office-hour-09-02-2024
+title: Office Hour 09.02.2024
+authors: 
+    - tomasz_barwicki
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+
+- Kube Prometheus Stack upgraded to latest release [56.6.2](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-56.6.2).
+- Committer Election for [Tuncay Tunc](https://github.com/tuncaytunc-zf) on Eclipse Tractus-X has started.
+- The Committer Election for [Fábio Mota](https://github.com/fabiodmota) on project Eclipse Tractus-X concluded successfully.
+- Committer volunteers wanted to participate/shadow next Quality Gate process.
+
+### Security team
+
+- New TRG/s from security team was presented requesting for feedback [Security TRG 8.0](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/657).
+- Suggested to contact security team directly for any support required to use, complete Invicti related issues/tasks.
+- Update for static application security testing/source code scanning, ongoing transition from Veracode to CodeQL. Reach out to security team for any assistance.
+- Reminder on available onboarding process to [Snyk](https://snyk.io/).
+- There will be separate security office hours meeting, biweekly Thursdays 8:30 - 9:30.
+
+### FOSS
+
+- N/A
+
+### Open planning / community
+
+- Open meetings [PR](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/658).
+
+### Open discussion
+
+- Question related to [TRG 1.04 Diagrams as code](https://eclipse-tractusx.github.io/docs/release/trg-1/trg-1-4), if there a need/requirement to convert already existing .png diagrams. It is recommended to use described in the TRG toolset to keep good level of maintainability of the diagrams, not a hard requirement though in case there is lack of source.

blog-meeting-minutes/authors.yaml

@@ -4,3 +4,24 @@ sebastian_bezold:
   url: https://github.com/SebastianBezold
   image_url: https://github.com/SebastianBezold.png
 
+harald_zierer:
+  name: Harald Zierer
+  title: Consortia System Team Member
+  url: https://github.com/hzierer
+
+almadi_gabor:
+  name: Gabor Almadi
+  title: Consortia System Team Member
+  url: https://github.com/almadigabor
+  image_url: https://github.com/almadigabor.png
+
+fabian_gruen:
+  name: Fabian Grün
+  title: Consortia System Team Member
+  url: https://github.com/fagru3n
+  image_url: https://github.com/fagru3n.png
+
+tomasz_barwicki:
+  name: Tomasz Barwicki
+  title: Consortia System Team Member
+  url: https://github.com/tomaszbarwicki

blog/2023-11-22-release_tutorials.mdx

@@ -24,8 +24,8 @@ This new section aims to provide structured and detailed educational content for
 
 ## Details of the First E2E Adopter Journey Tutorial
 
-This tutorial is built for employees of the IT department who operates the IT stack of an adopter (data provider/consumer). It shows how to operate the various Tractus-X components in combination with each other. 
-It also explains the basic connection with the core services (e.g. KeyCloak and MIW), as provided by an operating company.
+This tutorial is built for employees of the IT department who operates the IT stack of an adopter (data provider/consumer). It shows how to operate the various Tractus-X components in combination with each other.
+It also explains the basic connection with the core services (e.g. Keycloak and MIW), as provided by an operating company.
 
 ![Five steps to gain value](@site/static/img/five_steps_to_gain_value.drawio.svg)
 
@@ -48,7 +48,7 @@ Please dont forget to add the label `documentation` to your discussion.
 
 :::
 
-### Accessing the Tutorial  
+### Accessing the Tutorial
 
 The E2E Adopter Journey Tutorial is now available and can be accessed through the [Tractus-X tutorial section](https://eclipse-tractusx.github.io/docs/tutorials). We invite our community members to engage with this new resource and enhance their understanding of the Tractus-X ecosystem.
 
@@ -61,6 +61,6 @@ For further information and to access the tutorial, please visit the [Tractus-X
 ## Stay Connected
 
 Follow our [news section](https://eclipse-tractusx.github.io/blog) and join our [Tractus-X mailing list](https://eclipse-tractusx.github.io/docs/oss/how-to-contribute/#dev-mailinglist)
-and be part of our [Matrix Chat from Eclipse Tractus-X](https://chat.eclipse.org/#/room/#tools.tractus-x:matrix.eclipse.org) 
+and be part of our [Matrix Chat from Eclipse Tractus-X](https://chat.eclipse.org/#/room/#tools.tractus-x:matrix.eclipse.org)
 
 For more details about Tractus-X, visit the official [Eclipse Tractus-X Project Page](https://projects.eclipse.org/projects/automotive.tractusx).