Bump the major-minor-patch group with 9 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Updated coverlet.collector from 10.0.0 to 10.0.1.

Release notes

Sourced from coverlet.collector's releases.

10.0.1

Improvements

• Coverlet with MTP 2 doesn't show test coverage statistic in console #​1907
• Avoid unnecessary testhost restarts #​1912 by https://github.com/mawosoft

Fixed

• Fix inconsistent paths in cobertura reports #​1723
• Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal #​1313
• Fix Coverlet flagging a branch for an async functions finally block where none exists #​1337
• Fix Coverlet Tracker Missing CompilerGeneratedAttribute #​1828

Maintenance

• Add architecture docs and diagrams for all integrations #​1927
• Update NuGet packages and .NET SDK versions #​1933

Diff between 10.0.0 and 10.0.1

Commits viewable in compare view.

Updated JsonSchema.Net from 7.4.0 to 9.2.1.

Release notes

Sourced from JsonSchema.Net's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.7 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 10.0.7 to 10.0.8.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.5.1 to 18.6.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.6.0

What's Changed

• Revert removal of Video Recorder by @​nohwnd in Revert removal of Video Recorder microsoft/vstest#15336
• Speed up blame by filtering non-.NET processes from dump collection by @​nohwnd in Speed up blame tests by filtering non-.NET processes from dump collection microsoft/vstest#15518
• Add README.md to NuGet packages by @​nohwnd in Add README.md to NuGet packages microsoft/vstest#15550
• Report child process info on connection timeout by @​nohwnd in Report child process info on connection timeout microsoft/vstest#15603

Changes to tests and infra

• Brand as 18.6 by @​nohwnd in Brand as 18.6 microsoft/vstest#15423
• Upgrading code coverage version to 18.5.1, by @​fhnaseer in Upgrading code coverage version to 18.5.1, microsoft/vstest#15422
• Updating System.Collections.Immutable to 9.0.11 by @​MSLukeWest in Updating System.Collections.Immutable to 9.0.11 microsoft/vstest#15425
• Fix attachVS when used for debugging integration tests by @​nohwnd in Fix attachVS when used for debugging integration tests microsoft/vstest#15451
• Replace dotnet.config, with global.json by @​nohwnd in Replace dotnet.config, with global.json microsoft/vstest#15449
• Document debugging integration tests with AttachVS by @​Copilot in Document debugging integration tests with AttachVS microsoft/vstest#15452
• Fix stack overflow tests by @​nohwnd in Fix stack overflow tests microsoft/vstest#15461
• Make TestAssets.sln buildable locally by @​Youssef1313 in Make TestAssets.sln buildable locally microsoft/vstest#15466
• Try filtering out tests by @​nohwnd in Try filtering out tests microsoft/vstest#15463
• Build just once when tfms run in parallel by @​nohwnd in Build just once when tfms run in parallel microsoft/vstest#15465
• Review simplify compatibility sources, deduplicate tests by @​nohwnd in Review simplify compatibility sources, deduplicate tests microsoft/vstest#15472
• Cleanup dead TRX code by @​Youssef1313 in Cleanup dead TRX code microsoft/vstest#15474
• Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @​nohwnd in Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 microsoft/vstest#15481
• Compat matrix checker by @​nohwnd in Compat matrix checker microsoft/vstest#15480
• Add trx analysis skill by @​nohwnd in Add trx analysis skill microsoft/vstest#15486
• Split integration tests to single tfm and multi tfm project by @​nohwnd in Split integration tests to single tfm and multi tfm project microsoft/vstest#15484
• Update matrix by @​nohwnd in Update matrix microsoft/vstest#15477
• Break infinite restore loop in VS by @​nohwnd in Break infinite restore loop in VS microsoft/vstest#15503
• Use global package cache for build, and local for running integration tests by @​nohwnd in Use global package cache for build, and local for running integration tests microsoft/vstest#15500
• Update contributing by @​nohwnd in Update contributing microsoft/vstest#15505
• Reduce test wall-clock time by increasing minThreads by @​drognanar in Reduce test wall-clock time by increasing minThreads microsoft/vstest#15502
• Indicator flakiness by @​nohwnd in Indicator flakiness microsoft/vstest#15513
• Fix ci build by @​nohwnd in Fix ci build microsoft/vstest#15515
• Fix thread safety issues by @​Evangelink in Fix thread safety issues microsoft/vstest#15512
• Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by @​nohwnd in Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) microsoft/vstest#15516
• Build isolated test assets for single TFM instead of 7 by @​nohwnd in Build isolated test assets for single TFM instead of 7 microsoft/vstest#15517
• Remove unused dependencies from Library.IntegrationTests by @​nohwnd in Remove unused dependencies from Library.IntegrationTests microsoft/vstest#15527
• Remove printing _attachments content to console by @​nohwnd in Remove printing _attachments content to console microsoft/vstest#15520
• Add Linux/macOS test filtering guide to CONTRIBUTING.md by @​nohwnd in Add Linux/macOS test filtering guide to CONTRIBUTING.md microsoft/vstest#15521
• Change integration test parallelization from ClassLevel to MethodLevel by @​nohwnd in Change integration test parallelization from ClassLevel to MethodLevel microsoft/vstest#15526
• Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by @​nohwnd in Unify target framework checks with IsNetFrameworkTarget/IsNetTarget microsoft/vstest#15523
• Add unattended work instructions to copilot-instructions.md by @​nohwnd in Add unattended work instructions to copilot-instructions.md microsoft/vstest#15531
• Reduce code style rule severity from warning to suggestion by @​nohwnd in Reduce code style rule severity from warning to suggestion microsoft/vstest#15522
• Remove Debug/Release line number branching from tests by @​nohwnd in Remove Debug/Release line number branching from tests microsoft/vstest#15519
• Revise unattended work instructions in copilot-instructions.md by @​nohwnd in Revise unattended work instructions in copilot-instructions.md microsoft/vstest#15532
• Improve CompatibilityRowsBuilder error message with diagnostic details by @​nohwnd in Improve CompatibilityRowsBuilder error message with diagnostic details microsoft/vstest#15529
• docs: add git worktree and upstream sync workflow to copilot-instructions.md by @​nohwnd in docs: add git worktree and upstream sync workflow to copilot-instructions.md microsoft/vstest#15538
• Add VSIX runner to smoke tests by @​nohwnd in Add VSIX runner to smoke tests microsoft/vstest#15541
• Remove deprecated WebTest and TMI test methods by @​nohwnd in Remove deprecated WebTest and TMI test methods microsoft/vstest#15525
• Fix compatibility test failures for legacy vstest.console and MSTest adapter by @​nohwnd in Fix compatibility test failures for legacy vstest.console and MSTest adapter microsoft/vstest#15534
• Convert TestPlatform.sln to slnx format by @​nohwnd in Convert TestPlatform.sln to slnx format microsoft/vstest#15551
• Convert test/TestAssets .sln files to .slnx format by @​nohwnd in Convert test/TestAssets .sln files to .slnx format microsoft/vstest#15557
  ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Playwright from 1.59.0 to 1.60.0.

Release notes

Sourced from Microsoft.Playwright's releases.

1.60.0

💬 Custom assertion messages

Expect() overloads now accept a custom message that is prepended to any failure, giving extra context in test reports:

await Expect(page.Locator("#status"), "Should be logged in").ToBeVisibleAsync();

When the assertion fails, the message is prefixed:

Should be logged in
Locator expected to be visible

🌐 HAR recording on Tracing

Tracing.StartHarAsync() / Tracing.StopHarAsync() expose HAR recording as a first-class tracing API, with the same Content, Mode and UrlFilter options as RecordHar:

await context.Tracing.StartHarAsync("trace.har");
var page = await context.NewPageAsync();
await page.GotoAsync("https://playwright.dev");
await context.Tracing.StopHarAsync();

🪝 Drop API

New Locator.DropAsync() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.Locator("#dropzone").DropAsync(new() {
    Files = new FilePayload() {
        Name = "note.txt",
        MimeType = "text/plain",
        Buffer = Encoding.UTF8.GetBytes("hello"),
    },
});

await page.Locator("#dropzone").DropAsync(new() {
    Data = new Dictionary<string, string> {
        ["text/plain"] = "hello world",
        ["text/uri-list"] = "https://example.com",
    },
});

🎯 Aria snapshots

• Expect(page).ToMatchAriaSnapshotAsync() now works on a Page, in addition to a Locator — equivalent to asserting against Page.Locator("body").
• New Boxes option on Locator.AriaSnapshotAsync() / Page.AriaSnapshotAsync() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.
  ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Playwright.NUnit from 1.59.0 to 1.60.0.

Release notes

Sourced from Microsoft.Playwright.NUnit's releases.

1.60.0

💬 Custom assertion messages

Expect() overloads now accept a custom message that is prepended to any failure, giving extra context in test reports:

await Expect(page.Locator("#status"), "Should be logged in").ToBeVisibleAsync();

When the assertion fails, the message is prefixed:

Should be logged in
Locator expected to be visible

🌐 HAR recording on Tracing

Tracing.StartHarAsync() / Tracing.StopHarAsync() expose HAR recording as a first-class tracing API, with the same Content, Mode and UrlFilter options as RecordHar:

await context.Tracing.StartHarAsync("trace.har");
var page = await context.NewPageAsync();
await page.GotoAsync("https://playwright.dev");
await context.Tracing.StopHarAsync();

🪝 Drop API

New Locator.DropAsync() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.Locator("#dropzone").DropAsync(new() {
    Files = new FilePayload() {
        Name = "note.txt",
        MimeType = "text/plain",
        Buffer = Encoding.UTF8.GetBytes("hello"),
    },
});

await page.Locator("#dropzone").DropAsync(new() {
    Data = new Dictionary<string, string> {
        ["text/plain"] = "hello world",
        ["text/uri-list"] = "https://example.com",
    },
});

🎯 Aria snapshots

• Expect(page).ToMatchAriaSnapshotAsync() now works on a Page, in addition to a Locator — equivalent to asserting against Page.Locator("body").
• New Boxes option on Locator.AriaSnapshotAsync() / Page.AriaSnapshotAsync() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.
  ... (truncated)

Commits viewable in compare view.

Updated Npgsql from 10.0.2 to 10.0.3.

Release notes

Sourced from Npgsql's releases.

10.0.3

Release milestone

Full Changelog: npgsql/npgsql@v10.0.2...v10.0.3

Commits viewable in compare view.

Updated Swashbuckle.AspNetCore from 10.1.7 to 10.2.1.

Release notes

Sourced from Swashbuckle.AspNetCore's releases.

10.2.1

What's Changed

• Update Microsoft.OpenApi to 2.7.5 to pick up fix for GHSA-v5pm-xwqc-g5wc by @​martincostello in Update Microsoft.OpenApi to 2.7.5 domaindrivendev/Swashbuckle.AspNetCore#3974

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.2.0...v10.2.1

10.2.0

What's Changed

• Add MapSwaggerUI and MapReDoc to support endpoint routing by @​Strepto in Add MapSwaggerUI and MapReDoc to support endpoint routing domaindrivendev/Swashbuckle.AspNetCore#3822
• Bump version to 10.2.0 by @​martincostello in Bump version to 10.2.0 domaindrivendev/Swashbuckle.AspNetCore#3872
• Bump swagger-ui-dist from 5.32.1 to 5.32.2 by @​dependabot in Bump swagger-ui-dist from 5.32.1 to 5.32.2 in /src/Swashbuckle.AspNetCore.SwaggerUI domaindrivendev/Swashbuckle.AspNetCore#3883
• Support HEAD requests by @​snebjorn in Support HEAD requests domaindrivendev/Swashbuckle.AspNetCore#3887
• Use IAsyncSwaggerProvider in CLI tofile command by @​bt-Knodel in Use IAsyncSwaggerProvider in CLI tofile command domaindrivendev/Swashbuckle.AspNetCore#3910
• Pin runner images by @​martincostello in Pin runner images domaindrivendev/Swashbuckle.AspNetCore#3944
• Disable npm install scripts by @​martincostello in Disable npm install scripts domaindrivendev/Swashbuckle.AspNetCore#3946
• Bump redoc from 2.5.2 to 2.5.3 by @​dependabot in Bump redoc from 2.5.2 to 2.5.3 in /src/Swashbuckle.AspNetCore.ReDoc domaindrivendev/Swashbuckle.AspNetCore#3967

New Contributors

• @​Strepto made their first contribution in Add MapSwaggerUI and MapReDoc to support endpoint routing domaindrivendev/Swashbuckle.AspNetCore#3822
• @​snebjorn made their first contribution in Support HEAD requests domaindrivendev/Swashbuckle.AspNetCore#3887
• @​bt-Knodel made their first contribution in Use IAsyncSwaggerProvider in CLI tofile command domaindrivendev/Swashbuckle.AspNetCore#3910

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.7...v10.2.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 51 package(s) with unknown licenses.
• ⚠️ 2 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

source/AAS.TwinEngine.Plugin.RelationalDatabase/AAS.TwinEngine.Plugin.RelationalDatabase.csproj

Package	Version	License	Issue Type
JsonSchema.Net	9.2.1	Null	Unknown License
Microsoft.Extensions.DependencyInjection	10.0.8	Null	Unknown License
Microsoft.OpenApi	2.7.5	Null	Unknown License
Npgsql	10.0.3	Null	Unknown License
Swashbuckle.AspNetCore	10.2.1	Null	Unknown License
Swashbuckle.AspNetCore.Swagger	10.2.1	Null	Unknown License
Swashbuckle.AspNetCore.SwaggerGen	10.2.1	Null	Unknown License
Swashbuckle.AspNetCore.SwaggerUI	10.2.1	Null	Unknown License
Humanizer.Core	3.0.10	Null	Unknown License

source/AAS.TwinEngine.Plugin.DPP.PlaywrightTests/AAS.TwinEngine.Plugin.DPP.PlaywrightTests.csproj

Package	Version	License	Issue Type
Microsoft.AspNetCore.Mvc.Testing	10.0.8	Null	Unknown License
Microsoft.AspNetCore.TestHost	10.0.8	Null	Unknown License
Microsoft.CodeCoverage	18.6.0	Null	Unknown License
Microsoft.Extensions.Configuration	10.0.8	Null	Unknown License
Microsoft.Extensions.Configuration.Abstractions	10.0.8	Null	Unknown License
Microsoft.Extensions.Configuration.Binder	10.0.8	Null	Unknown License
Microsoft.Extensions.Configuration.CommandLine	10.0.8	Null	Unknown License
Microsoft.Extensions.Configuration.EnvironmentVariables	10.0.8	Null	Unknown License
Microsoft.Extensions.Configuration.FileExtensions	10.0.8	Null	Unknown License
Microsoft.Extensions.Configuration.Json	10.0.8	Null	Unknown License
Microsoft.Extensions.Configuration.UserSecrets	10.0.8	Null	Unknown License
Microsoft.Extensions.DependencyInjection	10.0.8	Null	Unknown License
Microsoft.Extensions.DependencyInjection.Abstractions	10.0.8	Null	Unknown License
Microsoft.Extensions.DependencyModel	10.0.8	Null	Unknown License
Microsoft.Extensions.Diagnostics	10.0.8	Null	Unknown License
Microsoft.Extensions.Diagnostics.Abstractions	10.0.8	Null	Unknown License
Microsoft.Extensions.FileProviders.Abstractions	10.0.8	Null	Unknown License
Microsoft.Extensions.FileProviders.Physical	10.0.8	Null	Unknown License
Microsoft.Extensions.FileSystemGlobbing	10.0.8	Null	Unknown License
Microsoft.Extensions.Hosting	10.0.8	Null	Unknown License
Microsoft.Extensions.Hosting.Abstractions	10.0.8	Null	Unknown License
Microsoft.Extensions.Logging	10.0.8	Null	Unknown License
Microsoft.Extensions.Logging.Abstractions	10.0.8	Null	Unknown License
Microsoft.Extensions.Logging.Configuration	10.0.8	Null	Unknown License
Microsoft.Extensions.Logging.Console	10.0.8	Null	Unknown License
Microsoft.Extensions.Logging.Debug	10.0.8	Null	Unknown License
Microsoft.Extensions.Logging.EventLog	10.0.8	Null	Unknown License
Microsoft.Extensions.Logging.EventSource	10.0.8	Null	Unknown License
Microsoft.Extensions.Options	10.0.8	Null	Unknown License
Microsoft.Extensions.Options.ConfigurationExtensions	10.0.8	Null	Unknown License
Microsoft.Extensions.Primitives	10.0.8	Null	Unknown License
Microsoft.NET.Test.Sdk	18.6.0	Null	Unknown License
Microsoft.Playwright	1.60.0	Null	Unknown License
Microsoft.Playwright.NUnit	1.60.0	Null	Unknown License
Microsoft.Playwright.TestAdapter	1.60.0	Null	Unknown License
Microsoft.TestPlatform.ObjectModel	18.6.0	Null	Unknown License
Microsoft.TestPlatform.TestHost	18.6.0	Null	Unknown License
System.Diagnostics.EventLog	10.0.8	Null	Unknown License

source/AAS.TwinEngine.Plugin.RelationalDatabase.UnitTests/AAS.TwinEngine.Plugin.RelationalDatabase.UnitTests.csproj

Package	Version	License	Issue Type
Microsoft.CodeCoverage	18.6.0	Null	Unknown License
Microsoft.NET.Test.Sdk	18.6.0	Null	Unknown License
Microsoft.TestPlatform.ObjectModel	18.6.0	Null	Unknown License
Microsoft.TestPlatform.TestHost	18.6.0	Null	Unknown License

Allowed Licenses:

Apache-1.0, Apache-1.1, Apache-2.0, BSL-1.0, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-3-Clause, BSD-3-Clause-Clear, BSD-3-Clause-No-Nuclear-License, BSD-3-Clause-No-Nuclear-License-2014, BSD-3-Clause-No-Nuclear-Warranty, BSD-3-Clause-Open-MPI, BSD-4-Clause, BSD-Protection, BSD-Source-Code, BSD-3-Clause-Attribution, 0BSD, BSD-2-Clause-Patent, BSD-4-Clause-UC, MIT-CMU, CC-BY-3.0, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, WTFPL, MIT-enna, MIT-feh, ISC, JSON, BSD-3-Clause-LBNL, MITNFA, MIT, MIT-0, UPL-1.0, NCSA, X11, Xerox, BlueOak-1.0.0, CC-BY-4.0, MS-PL, PostgreSQL, Python-2.0, SSPL-1.0, OFL-1.1, Unlicense, Unicode-DFS-2016, Unicode-3.0

Excluded from license check:

pkg:nuget/AasCore.Aas3_0, pkg:nuget/AasCore.Aas3.Package

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
nuget/Humanizer.Core	3.0.10	🟢 5.2	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 3 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST 🟢 10 SAST tool is run on all commits
nuget/Json.More.Net	3.0.1	Unknown	Unknown
nuget/JsonPointer.Net	7.0.1	Unknown	Unknown
nuget/JsonSchema.Net	9.2.1	Unknown	Unknown
nuget/Microsoft.Extensions.DependencyInjection	10.0.8	Unknown	Unknown
nuget/Microsoft.OpenApi	2.7.5	Unknown	Unknown
nuget/Npgsql	10.0.3	🟢 6.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 3 Found 7/22 approved changesets -- score normalized to 3 Security-Policy ⚠️ 0 security policy file not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 4 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST 🟢 5 SAST tool is not run on all commits -- score normalized to 5
nuget/Swashbuckle.AspNetCore	10.2.1	Unknown	Unknown
nuget/Swashbuckle.AspNetCore.Swagger	10.2.1	Unknown	Unknown
nuget/Swashbuckle.AspNetCore.SwaggerGen	10.2.1	Unknown	Unknown
nuget/Swashbuckle.AspNetCore.SwaggerUI	10.2.1	Unknown	Unknown
nuget/Microsoft.AspNetCore.Mvc.Testing	10.0.8	Unknown	Unknown
nuget/Microsoft.AspNetCore.TestHost	10.0.8	Unknown	Unknown
nuget/Microsoft.CodeCoverage	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.Extensions.Configuration	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Configuration.Abstractions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Configuration.Binder	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Configuration.CommandLine	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Configuration.EnvironmentVariables	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Configuration.FileExtensions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Configuration.Json	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Configuration.UserSecrets	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.DependencyInjection	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.DependencyInjection.Abstractions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.DependencyModel	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Diagnostics	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Diagnostics.Abstractions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.FileProviders.Abstractions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.FileProviders.Physical	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.FileSystemGlobbing	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Hosting	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Hosting.Abstractions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Logging	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Logging.Abstractions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Logging.Configuration	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Logging.Console	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Logging.Debug	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Logging.EventLog	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Logging.EventSource	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Options	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Options.ConfigurationExtensions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Primitives	10.0.8	Unknown	Unknown
nuget/Microsoft.NET.Test.Sdk	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.Playwright	1.60.0	Unknown	Unknown
nuget/Microsoft.Playwright.NUnit	1.60.0	Unknown	Unknown
nuget/Microsoft.Playwright.TestAdapter	1.60.0	Unknown	Unknown
nuget/Microsoft.TestPlatform.ObjectModel	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.TestPlatform.TestHost	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/System.Diagnostics.EventLog	10.0.8	Unknown	Unknown
nuget/coverlet.collector	10.0.1	⚠️ 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/26 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 7 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 10 SAST tool is run on all commits
nuget/Microsoft.CodeCoverage	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.NET.Test.Sdk	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.TestPlatform.ObjectModel	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.TestPlatform.TestHost	18.6.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 5 Found 14/27 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
nuget/coverlet.collector	10.0.1	⚠️ 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/26 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 7 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• source/AAS.TwinEngine.Plugin.DPP.PlaywrightTests/AAS.TwinEngine.Plugin.DPP.PlaywrightTests.csproj
• source/AAS.TwinEngine.Plugin.RelationalDatabase.UnitTests/AAS.TwinEngine.Plugin.RelationalDatabase.UnitTests.csproj
• source/AAS.TwinEngine.Plugin.RelationalDatabase/AAS.TwinEngine.Plugin.RelationalDatabase.csproj