Critical Software Summit

In Safety Critical applications it is mandatory to ensure Sw Requirements traceability to Sw Specifications, Test Cases, Test Results, Bugs and more. The process leading to this goal is usually complex and time-consuming and it is essential to understand the state step by step and highlight what remains to be done. Moreover, for the intrinsic nature of a software project, we need to ensure traceability and test verification following any evolution in the ecosystem of the project.

BASIL The FuSa Spice, is an open source sw that provides a quality management solution aimed to address the above mentioned challenges for SW developments that are code driven and equally for the ones requirements driven.

We will see how to implement in BASIL Sw Requirements traceability to the source Code and to existing upstream Test Cases, how to execute them, how to navigate Test Results and artifacts and how to link failures to a bug in a bug tracking system.

We will also go into the details of a pipeline implementation based on the BASIL HTTP Api to understand how changes in one or more work items can be managed through automation with the goal of implementing a continuous certification framework.

Red Hat’s Luigi Pellecchia, Principal Quality Software Engineer, and Gabriele Paoloni, Senior Principal Engineer and Open Source Community Technical Leader, gave a presentation, “Traceability and Automation Examples with Basil an Open Source Software for Quality Management ” at the Critical Software Summit, which took place at Open Source Summit Europe in September.  Check out the presentation here or watch the video below.

Watch the other sessions from the Critical Software Summit on the ELISA Youtube Channel here.

Stay tuned by subscribing to the ELISA Project newsletter or connect with us on LinkedIn or subscribe to the mailing lists to talk with community and TSC members.

Creating and maintaining a safety critical project comes with a lot of challenges. A central issue is keeping your documentation, starting from planning and guideline documents, down to requirements, safety analysis, reviews and tests, consistent and up to date. These artefacts often have their own lifecycle and are natively managed in different tools, with usually great traceability capabilities regarding dependencies between these artefacts as long as you stay within one tool or within a (usually propriety) tool family of one single tool vendor. Currently the resulting traceability gaps between these tools are handled either by the popular engineering tools like MS Excel or methods like “search for identical names”, depending highly on manual maintenance.

Using SPDX relationships, the upcoming Safety Profile in SPDX 3.1 will provide a model to represent all these dependencies as a knowledge model that can be used both to analyze possible impacts after a change (be it because of a security update or functional variants of your product), provide evidence of completeness and compliance as a Safety SBOM or simply keep track of your product variants.

Nicole Pappler, Senior Safety Expert at AlektoMetis, gave a presentation, “Application of the Upcoming SPDX Safety Profile,” at the Critical Software Summit, which took place at Open Source Summit Europe in September.  Check out the presentation here.

Watch the other sessions from the Critical Software Summit on the ELISA Youtube Channel here.

Stay tuned by subscribing to the ELISA Project newsletter or connect with us on X, LinkedIn or mailing lists to talk with community and TSC members.