eclipse-tractusx
diff --git a/‎.github/workflows/dash.yaml
+46 b/‎.github/workflows/dash.yaml
+46
diff --git a/‎.github/workflows/lint-on-pull-request.yaml
+4-1 b/‎.github/workflows/lint-on-pull-request.yaml
+4-1
diff --git a/‎DEPENDENCIES
+2-2 b/‎DEPENDENCIES
+2-2
diff --git a/‎README.md
+2-2 b/‎README.md
+2-2
diff --git a/‎blog-meeting-minutes/2023-12-06-new-open-meeting-blog.md
+3-1 b/‎blog-meeting-minutes/2023-12-06-new-open-meeting-blog.md
+3-1
diff --git a/‎blog-meeting-minutes/2024-01-19-office-hour.md
+38 b/‎blog-meeting-minutes/2024-01-19-office-hour.md
+38
diff --git a/‎blog-meeting-minutes/2024-01-26-office-hour.md
+50 b/‎blog-meeting-minutes/2024-01-26-office-hour.md
+50
diff --git a/‎blog-meeting-minutes/2024-02-02-office-hour.md
+36 b/‎blog-meeting-minutes/2024-02-02-office-hour.md
+36
diff --git a/‎blog-meeting-minutes/2024-02-09-office-hour.md
+36 b/‎blog-meeting-minutes/2024-02-09-office-hour.md
+36
diff --git a/‎blog-meeting-minutes/2024-02-16-office-hour.md
+35 b/‎blog-meeting-minutes/2024-02-16-office-hour.md
+35
diff --git a/‎blog-meeting-minutes/2024-02-23-office-hour.md
+43 b/‎blog-meeting-minutes/2024-02-23-office-hour.md
+43
diff --git a/‎blog-meeting-minutes/authors.yaml
+21 b/‎blog-meeting-minutes/authors.yaml
+21
@@ -0,0 +1,46 @@
+# #############################################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# #############################################################################
+---
+
+name: "3rd Party dependency check (Eclipse Dash)"
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+  check-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # See https://github.com/eclipse-tractusx/sig-infra/tree/main/.github/actions/run-dash for infos
+      # about the dash actions and possible config
+      - name: Run dash
+        id: run-dash
+        uses: eclipse-tractusx/sig-infra/.github/actions/run-dash@main
+        with:
+          dash_input: "package-lock.json"
+          fail_on_restricted: "true"
@@ -41,5 +41,8 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Run markdown lint
+      - name: Run markdown lint for docs folder
         run: npm run lint-doc
+
+      - name: Run markdown lint for docs-kits folder
+        run: npm run lint-kits
@@ -244,7 +244,7 @@ npm/npmjs/-/duplexer3/0.1.5, BSD-3-Clause, approved, clearlydefined
 npm/npmjs/-/eastasianwidth/0.2.0, MIT, approved, clearlydefined
 npm/npmjs/-/ee-first/1.1.1, MIT, approved, clearlydefined
 npm/npmjs/-/electron-to-chromium/1.4.284, ISC, approved, #1950
-npm/npmjs/-/elkjs/0.8.2, EPL-2.0, approved, clearlydefined
+npm/npmjs/-/elkjs/0.8.2, EPL-2.0 AND BSD-3-Clause, approved, #12671
 npm/npmjs/-/emoji-regex/8.0.0, MIT, approved, clearlydefined
 npm/npmjs/-/emoji-regex/9.2.2, MIT, approved, clearlydefined
 npm/npmjs/-/emojis-list/3.0.0, MIT, approved, clearlydefined
@@ -808,7 +808,7 @@ npm/npmjs/-/semver/6.3.0, ISC, approved, clearlydefined
 npm/npmjs/-/semver/7.3.5, ISC, approved, clearlydefined
 npm/npmjs/-/semver/7.3.8, ISC, approved, clearlydefined
 npm/npmjs/-/send/0.18.0, MIT, approved, clearlydefined
-npm/npmjs/-/serialize-javascript/6.0.0, BSD-3-Clause, approved, clearlydefined
+npm/npmjs/-/serialize-javascript/6.0.0, BSD-3-Clause, approved, #12680
 npm/npmjs/-/serve-handler/6.1.5, MIT, approved, clearlydefined
 npm/npmjs/-/serve-index/1.9.1, MIT, approved, clearlydefined
 npm/npmjs/-/serve-static/1.15.0, MIT, approved, clearlydefined
 
@@ -21,6 +21,6 @@ We do want to follow a specific style for our markdown based documentation.
 Therefore, this repository is configured to use a [markdown linter](https://github.com/DavidAnson/markdownlint-cli2).
 Specific rules are configured via [.markdownlint.yaml](./.markdownlint.yaml).
 
-Additionally, there is a npm script `lint-doc`, that will lint all the markdown files inside [docs](./docs).
+Additionally, there is a npm script `lint-doc`, that will lint all the markdown files inside [docs](./docs) and `lint-kits`, that will lint all the markdown files inside [docs-kits](./docs-kits).
 This script is also run as a pre-commit hook, set up via [husky](https://www.npmjs.com/package/husky).
-You can also run the linting step manually by running `npm run lint-doc`.
+You can also run the linting step manually by running `npm run lint-doc` or `npm run lint-kits`.
@@ -8,4 +8,6 @@ tags: [meeting-minutes, community]
 
 ## New home for open meeting minutes
 
-We are happy to announce a new blog, that will host meeting minutes of all our open meetings
+We are happy to announce a new blog, that will host meeting minutes of all our open meetings in the future.
+
+Looking for past blog entries? You can find previous posts on this [consortia site](https://catenax-ng.github.io/blog/) or by visiting this [consortia repo](https://github.com/catenax-ng/catenax-ng.github.io/tree/main/blog).
@@ -0,0 +1,38 @@
+---
+slug: office-hour-19-01-2024
+title: Office hour 19.01.2024
+authors: 
+    - harald_zierer
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+- No update
+
+### Security team
+- Many open cases (>10) from GitGuardian, please check you inboxes (or spam folders)
+- A bug bounty program is in the making
+
+### FOSS
+- Happy new year: Don't forget to update the year in your copyright headers
+  - some corner cases will be clarified until next office hour
+- There is a new draft [TRG 2.06](https://eclipse-tractusx.github.io/docs/release/trg-0/trg-2-6) regarding dependabot usage
+  - please update your `DEPENDENCIES` file(s) to ensure that the suggested changes are license compliant
+
+### Open planning / community
+- Last open planning session went very well
+- There's a new [open meetings](https://eclipse-tractusx.github.io/community/open-meetings) page
+
+### Open discussion
+- discussion regarding the "Notice for docker image" to be moved into a separate file.
+  - [TRG 4.06](https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-06) will be updated to mandate a dedicated file.
+  - Please keep in mind to update your docker build workflow to include the new file instead of the `README.md`. See [example of TRG 4.05](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/blob/204cfddb5531fd6430001c0baf0ca12a97bb9718/docs/release/trg-4/trg-4-05.md?plain=1#L99-L100) for reference.
+- discussion on where to discuss about new / changes to existing TRGs: TRG draft section, within the PR or GitHub discussions
+  - Sebastian is going to create a PR so everybody can vote on it
+- As multiple people struggle with our current docusaurus[^1] setup, there will be a training/hands-on session soon. It's will be announced on the mailing list.
+- Content updates for KITs: Please ensure that no copyrighted content (incl. Catena-X) is contributed to Tractus-X.
+- False-positive issues opened by Trivy - please raise a "tooling support" issue in the [sig-security](https://github.com/eclipse-tractusx/sig-security) repository
+
+[^1]: [docusaurus](https://docusaurus.io/docs): the generator for the pages you are reading right now
@@ -0,0 +1,50 @@
+---
+slug: office-hour-26-01-2024
+title: Office hour 26.01.2024
+authors: 
+    - almadi_gabor
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+
+- Whenever a new room is created in the Eclipse Matrix chat, please announce it in the main [Tractux-X](https://matrix.to/#/#tractusx:matrix.eclipse.org) room,
+  office hour and mailing list so everybody can learn about it and join.
+
+### Security team
+
+- New issue templates are available for the following topics:
+  - [OSS Tool membership request](https://github.com/eclipse-tractusx/sig-security/issues/new?assignees=SSIRKC&labels=security%2C+tool&projects=&template=tractus-x-oss-tool-membership-request.md&title=Requesting+access+to+%22%5BTOOL+NAME%5D+YOUR_REPOSITORY%22)
+  - [Ask the community](https://github.com/eclipse-tractusx/sig-security/discussions/categories/q-a) for security help via Discussions
+  - Keep an eye out on the [Security Announcements](https://github.com/eclipse-tractusx/sig-security/discussions/categories/announcements) where news 
+    about security topics are announces regularly
+- Get in touch with the Security Team for testing with [Snyk](https://snyk.io/)
+
+### FOSS
+
+- There was a new election for a project lead role for [Stephan Bauer](https://github.com/stephanbcbauer)
+- The Eclipse Project Handbook changed the section about handling copyright headers. A year range is not longer necessary, only the year when
+  the file was created so there is no need to keep an eye on updating the headers. It is still allowed to put year range (creation date and
+  last modification year) in the header but they have to be separated with comma character.
+- Please sign the Eclipse Contributor Agreement when trying to contribute to the webpage. Without that it is not possible to merge commits
+  to the main branch.
+- ❗ Please don't put any Catena-X content or resource on the website without permission.
+
+### Open planning / community
+
+- New [Open Meetings Links](https://eclipse-tractusx.github.io/community/open-meetings) are listed directly on our webpage to participate and separate calendar files can be downloaded from there.
+- Office hours will probably start a few minutes later so the people don't have to wait until everyone gets there.
+- Commiters and Contributors Meeting could be a new form of communication where the committers are more involved getting some pressure off the System Team.
+- Newjoiner rounds for basic introductions would be held every 2 weeks in a separate session.
+
+### Open discussion
+
+- [Umbrella chart](https://github.com/eclipse-tractusx/e2e-testing):
+  - Currently there is a temporary solution for the Managed Identity Wallet by SAP until the [open source version](https://github.com/eclipse-tractusx/managed-identity-wallet) is fixed. This is a COTS
+    application and it raises questions like how it can be integrated into an open source software stack like the umbrella chart. It is not confirmed yet
+    whether the version from SAP can be used without a license. Currently all components can run without MIW but data exchange functionality won't work.
+- Public API versioning is still an open topic where no decision has been made to create a TRG or guide the Tractus-X community to follow
+  one versioning strategy.
+- An alternative for MS Teams should be found as it is hard to manage for an open community (e.g. Discord).
@@ -0,0 +1,36 @@
+---
+slug: office-hour-02-02-2024
+title: Office Hour 02.02.2024
+authors: 
+    - fabian_gruen
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+
+- Please be aware of our Markdown lint problem in the eclipse-tractusx.github.io that currently only the [`/docs`](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/blob/main/package.json#L15) folder is checked and should be extended to more markdown file directories 
+- TRG Update information about [TRG 3-1](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/618) that was superseded by [TRG 5-09](https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-09)
+- Upcoming Office Hours meeting minutes will be reported in the community section of our webpage and you can find [here](https://eclipse-tractusx.github.io/community/meeting-minutes)
+
+### Security team
+
+- New [security issue templates](https://github.com/eclipse-tractusx/sig-security/issues/new/choose) for sig-security repository
+- Security assessments [template](https://github.com/eclipse-tractusx/sig-security/issues/new?assignees=szymonkowalczykzf&labels=security%2C+assessment&projects=&template=security-assessment-request.md&title=%5BSecurity+Assessment%5D+SUBJECT_HERE) and [contact](https://github.com/szymonkowalczykzf)
+- Access to security tools [template](https://github.com/eclipse-tractusx/sig-security/issues/new?assignees=RoKrish14&labels=security%2C+tooling&projects=&template=security-tooling-support-request.md&title=%5BSecurity+Tooling%5D+YOUR_ISSUE_TITLE_HERE) like Snyk and other tools
+- [Snyk](https://snyk.io/) tool will be available after consortia time
+
+
+### FOSS
+
+- Please take your vote on a new [Committer Election](https://projects.eclipse.org/projects/automotive.tractusx/elections/election-f%C3%A1bio-mota-committer-eclipse-tractus-x) for [Fábio Mota](https://github.com/fabiodmota)
+- Please participate in [Eclipse Committer Office Hour Meetings](https://www.eclipse.org/projects/calendar/) and join the discussion about changes to the Eclipse IP Policy and Due Diligence Process
+
+### Open planning / community
+
+- Open [Meetings Links](https://eclipse-tractusx.github.io/community/open-meetings) with ics invitation files are available for the community
+
+### Open discussion
+
+- No open discussion
@@ -0,0 +1,36 @@
+---
+slug: office-hour-09-02-2024
+title: Office Hour 09.02.2024
+authors: 
+    - tomasz_barwicki
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+
+- Kube Prometheus Stack upgraded to latest release [56.6.2](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-56.6.2).
+- Committer Election for [Tuncay Tunc](https://github.com/tuncaytunc-zf) on Eclipse Tractus-X has started.
+- The Committer Election for [Fábio Mota](https://github.com/fabiodmota) on project Eclipse Tractus-X concluded successfully.
+- Committer volunteers wanted to participate/shadow next Quality Gate process.
+
+### Security team
+
+- New TRG/s from security team was presented requesting for feedback [Security TRG 8.0](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/657).
+- Suggested to contact security team directly for any support required to use, complete Invicti related issues/tasks.
+- Update for static application security testing/source code scanning, ongoing transition from Veracode to CodeQL. Reach out to security team for any assistance.
+- Reminder on available onboarding process to [Snyk](https://snyk.io/).
+- There will be separate security office hours meeting, biweekly Thursdays 8:30 - 9:30.
+
+### FOSS
+
+- N/A
+
+### Open planning / community
+
+- Open meetings [PR](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/658).
+
+### Open discussion
+
+- Question related to [TRG 1.04 Diagrams as code](https://eclipse-tractusx.github.io/docs/release/trg-1/trg-1-4), if there a need/requirement to convert already existing .png diagrams. It is recommended to use described in the TRG toolset to keep good level of maintainability of the diagrams, not a hard requirement though in case there is lack of source.
@@ -0,0 +1,35 @@
+---
+slug: office-hour-2024-02-16
+title: Office Hour 16.02.2024
+authors: 
+    - sebastian_bezold
+tags: [meeting-minutes, community]
+---
+
+## Office Hour meeting minutes
+
+### System team
+
+- Still looking for volunteers to work on QG reviews together with the system team
+  - Goal is to spread knowledge on how TRGs are checked
+  - Especially interesting for committers, that already know they will stay post consortia
+- Preparing an open description on our release process. Feel free to comment any suggestion or important topics, you think should be covered [on this draft](https://github.com/eclipse-tractusx/sig-release/pull/519)
+- Markdown linting will again be enabled for KITs. Findings will be collected as issue per KIT
+- OpenAPI plugin for docusaurus will be removed
+  - OpenAPI definitions will be pushed to SwaggerHub. User credentials available as org secrets
+  - Ongoing discussions: Some definitions might be published through standard and therefore out of eclipse-tractusx
+
+### Security team
+
+- New TRG suggestion PR: [eclipse-tractusx/eclipse-tractusx.github.io#681](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/681)
+- Reminder: please focus on `eclipse-tractusx` instead of `catenax-ng`
+- Please reach out to the security team, as soon as the security scans for QG checks are ready for QG review
+
+### FOSS
+
+- Election for Jim Marino open: https://projects.eclipse.org/projects/automotive.tractusx/elections/election-james-marino-committer-eclipse-tractus-x
+
+### Open planning / community
+
+- New open meeting links available in the [community section](https://eclipse-tractusx.github.io/community/open-meetings)
+
@@ -0,0 +1,43 @@
+---
+slug: office-hour-2024-02-23
+title: Office Hour 23.02.2024
+authors: 
+    - sebastian_bezold
+tags: [meeting-minutes, community]
+---
+
+## Office Hour meeting minutes
+
+### System team
+
+- Quality Gate Reviews in progress. Please keep an eye on your issues
+
+### Security team
+
+- New "Read only filesystem" TRG will be introduced to the "Container" category
+- New "Dependabot" TRG will be worked on via [PR #659](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/659) and moved to the security section afterwards
+- With Release `24.05`, Veracode will no longer be part of the QGate. We move to CodeQL. Do necessary migration early on, if possible
+
+### FOSS
+
+- Ongoing discussion on usage of the Catena-X logo in Tractus-X context.
+- Recommendation: Watch the [Eclipse Foundation Office Hour recording](https://www.eclipse.org/projects/calendar/#office-hours) about IP issue handling: 
+
+### Open planning / community
+
+- n/a
+
+### Open Discussions
+
+- Automated email about upgrades to Kubernetes and PostgreSQL version: What does it mean?
+  - See it as a discussion starter and reminder
+  - Potentially, the committer group can use that as a trigger for alignment on these two crucial topics
+- Is there a publicly available test installation of a dataspace build from Tractus-X components
+  - No. Tractus-X is not maintaining any persistent installations
+  - There are tutorials available on how to set this up yourself
+  - [MXD tutorial](https://github.com/eclipse-tractusx/tutorial-resources)
+  - [E2E adopter journey](https://eclipse-tractusx.github.io/docs/tutorials/e2e)
+- Is there a possibility to enable contributors ot edit other contributors issue descriptions
+  - No. This is only possible with write permissions
+  - Write permissions are only granted to the committer role
+
@@ -4,3 +4,24 @@ sebastian_bezold:
   url: https://github.com/SebastianBezold
   image_url: https://github.com/SebastianBezold.png
 
+harald_zierer:
+  name: Harald Zierer
+  title: Consortia System Team Member
+  url: https://github.com/hzierer
+
+almadi_gabor:
+  name: Gabor Almadi
+  title: Consortia System Team Member
+  url: https://github.com/almadigabor
+  image_url: https://github.com/almadigabor.png
+  
+fabian_gruen:
+  name: Fabian Grün
+  title: Consortia System Team Member
+  url: https://github.com/fagru3n
+  image_url: https://github.com/fagru3n.png
+
+tomasz_barwicki:
+  name: Tomasz Barwicki
+  title: Consortia System Team Member
+  url: https://github.com/tomaszbarwicki