improve rust coding guidelines and add CodeQL#2984
Conversation
github-project-automation
Bot
added this to
TLC - Technical Lead Circle and S-CORE Roadmap
|
The created documentation from the pull request is available at: docu-html |
PandaeDo
left a comment
PandaeDo
left a comment
There was a problem hiding this comment.
From my understanding we had selected another approach. This should be discussed with rust community. Would appreciate to have feedback form @PLeVasseur
darkwisebear
left a comment
darkwisebear
left a comment
There was a problem hiding this comment.
I don't think that we agreed on using SAE JA1020_202603 in S-Core.
While it seems tempting to do so because it's the only standard in this direction that exists and got approved, so far it does not seem to be a good fit for an open source project due to it's closed nature. If that did not change in the meantime, I fear we cannot simply use it. So if you (or any other company) want to use it, I think we cannot do so directly, but we need to extract concrete practices from this standard that every contributor has access to.
That's what I tried to do. There is a list of topics inside the JA1020, which is quite standard and they have some recommondations about the used settings for the current tools. So JA1020 is only the cross check. Maybe I can change it in this way. To not have any settings for the tools does not look like an solution. The tools itself are free, it is only about the settings of the tools. That's similar to the ISO26262 where we refer to and which is also not available for anyone. Nevertheless we fulfill it and refer to it. Maybe someone with access can review or I can made a session with workthrough. |
|
|
||
| # Cargo.toml | ||
|
|
||
| # Rust compiler lints (rustc) |
There was a problem hiding this comment.
Rather than mentioning in this document , i think we should keep it at - https://github.com/eclipse-score/score_rust_policies
4 participants
This pull request updates the Rust development documentation to align with the SAE JA1020_202603 standard for safety- and security-related projects. It introduces a new section summarizing key certification practices and explicitly references the standard as the baseline for SCORE's Rust-related safety and certification activities.
Documentation updates for Rust certification:
docs/contribute/development/rust/certification/index.rstsummarizing how SAE JA1020_202603 applies to Rust certification, including tool qualification, configuration management, and the inadvisability of relying solely on "proven in use" arguments.docs/contribute/development/rust/index.rstto reference SAE JA1020_202603 as the baseline guidance for safety- and security-related Rust development.See eclipse-score/process_description#544