feat(doc): #919 more assurance cases

kamadorueda · kamadorueda · commit e0449d8a1a5d · 2022-09-24T10:29:54.000-06:00
- Add a few other assurance cases regarding
  the python code of the CLI
diff --git a/docs/src/security/assurance.md b/docs/src/security/assurance.md
@@ -6,10 +6,37 @@ SPDX-License-Identifier: MIT
 
 # Software Assurance
 
-This is what user can expect from Makes in terms of security:
+This is what user can expect from Makes in terms of security,
+the notation is that of a _Structured Assurance Case Model_[^1].
 
 - The Makes CLI application is free of known security vulnerabilities.
 
+  - The Python code of the Makes CLI application
+    is free of known security vulnerabilities.
+
+    - [SonarCloud](https://sonarcloud.io/)
+      reviews every pull request.
+
+      Proof:
+
+      - You can check the
+        [SonarCloud pull requests list for Makes](https://sonarcloud.io/project/pull_requests_list?id=fluidattacks_makes)
+
+      - You can check the
+        [pull requests history](https://github.com/fluidattacks/makes/pulls)
+        and see if the latest pull requests
+        have a comment
+        from SonarCloud.
+        For example:
+        [PR 925, Comment 1256837172](https://github.com/fluidattacks/makes/pull/925#issuecomment-1256837172)
+
+    - Vulnerabilities count on [SonarCloud](https://sonarcloud.io/) is zero.
+
+      Proof:
+
+      - Visit the [SonarCloud dashboard](https://sonarcloud.io/project/overview?id=fluidattacks_makes).
+        The vulnerabilities count should be zero.
+
   - The dependencies of the Makes CLI application
     are free of known security vulnerabilities.
 
@@ -45,10 +72,12 @@ This is what user can expect from Makes in terms of security:
 
 ## References
 
-- Rhodes, T. , Boland Jr., F. , Fong, E. and Kass, M. (2009),
-  Software Assurance Using Structured Assurance Case Models,
-  NIST Interagency/Internal Report (NISTIR),
-  National Institute of Standards and Technology,
-  Gaithersburg, MD, [online],
-  https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=902688
-  (Accessed September 23, 2022)
+[^1]:
+
+Rhodes, T. , Boland Jr., F. , Fong, E. and Kass, M. (2009),
+Software Assurance Using Structured Assurance Case Models,
+NIST Interagency/Internal Report (NISTIR),
+National Institute of Standards and Technology,
+Gaithersburg, MD, [online],
+https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=902688
+(Accessed September 23, 2022)
