Date: 18.03.2026

This evaluation summarizes the current status of com-pas OpenSSF Silver Badge Status and outlines potential actions required to meet all criteria.

Current Status Overview

Category	Completed	Status

Evaluation

Requirement: Specify coding style guides and require that contributions generally comply with it.
Current Status:
- Style guide exists (STYLEGUIDE.html), recommends IntelliJ defaults.
  - ESlint is already in place for the front-end.
  - Sonarcloud already checks the code style with best practices
  - IntelliJ Default checkstyle is used for java (an example could be found in contribution project named .editorconfig)
Possible Actions:
- Check if current STYLE GUIDE fulfills requirement.
- Ensure that code standards are enforced in CI pipeline for all major repositories.

Requirement: Provide an easy way to install all project components and test environments.
Current Status:
- Developing Guide exists (DEVELOPING.html)
  - Run CoMPAS stack locally using: GitHub - com-pas/compas-deployment: CoMPAS Deployment repository
Possible Actions:
- Check if DEVELOPING guide already fulfills requirement.

Requirement: Provide a documented security assurance case covering:
- Threat model
- Trust boundaries
- Secure design principles applied
- Countermeasures against common weaknesses
Current Status: Document not yet written (as far as of our knowledge).
Possible Actions:
- Write Assurance Case document.
- Publish the document and provide a publicly accessible URL.

These requirements are not mandatory to meet the Silver Status criteria.

Requirement: It is SUGGESTED that the version control system, each important version tag be cryptographically signed and verifiable.
Current Status:
- Almost every commit is signed, but not enforced.
- Verify last signed commit for release is possible but not the tag itself.
Possible Actions:
- Enforce signed tag with CI.
- Publish public key to verify signature.
- Publish documentation on how to verify release tags.