72 items across 6 document types — generated 2026-05-11
| UID | Title | Type | Importance | Urgency | Vm | Release | Active | Parent links |
|---|---|---|---|---|---|---|---|---|
MRS-001 | Inventory cryptography across code and network surfaces | F | 5 | 5 | T | Alpha | active | — |
MRS-010 | Produce open, reusable output artifacts | NF | 4 | 4 | T | Alpha | active | — |
MRS-011 | Assess quantum risk of discovered cryptographic assets | F | 5 | 5 | T | Alpha | active | — |
MRS-002 | Recognize post-quantum and hybrid algorithms | F | 5 | 5 | T | Alpha | active | — |
MRS-003 | Produce standardized CBOM artifacts | F | 5 | 4 | T | Alpha | active | — |
MRS-004 | Support source-code analysis for current target languages | F | 4 | 4 | T | Alpha | active | — |
MRS-005 | Support TLS service assessment | F | 5 | 4 | T | Alpha | active | — |
MRS-006 | Support SSH service assessment | F | 5 | 4 | T | Alpha | active | — |
MRS-007 | Run in a reproducible Linux-based environment | NF | 4 | 4 | T | Alpha | active | — |
MRS-008 | Orchestrate open-source analysis tooling | F | 4 | 4 | T | Alpha | active | — |
MRS-009 | Preserve non-invasive assessment behavior | NF | 5 | 4 | T | Alpha | active | — |
| UID | Title | Release | Active | Parent links |
|---|---|---|---|---|
ARC-001 | VECTOR runtime context | Alpha | active | MRS-007 |
ARC-010 | Open artifact interfaces | Alpha | active | MRS-010 |
ARC-011 | VECTOR-Score: standalone quantum risk scoring module | Alpha | active | MRS-011 |
ARC-002 | VECTOR-Code processing component | Alpha | active | MRS-004 |
ARC-003 | Unified inventory coverage boundary | Alpha | active | MRS-001 |
ARC-004 | External analysis tool adapters | Alpha | active | MRS-008 |
ARC-005 | TLS assessment workflow | Alpha | active | MRS-005 |
ARC-006 | SSH assessment workflow | Alpha | active | MRS-006 |
ARC-007 | CBOM generation and storage | Alpha | active | MRS-003 |
ARC-008 | Non-invasive network trust boundary | Alpha | active | MRS-009 |
ARC-009 | Algorithm modeling layer | Alpha | active | MRS-002 |
| UID | Title | Release | Type | Importance | Urgency | Vm | Active | Parent links |
|---|---|---|---|---|---|---|---|---|
SRS-001 | Persist output artifacts in predictable locations | Alpha | F | 4 | 4 | T | active | MRS-010 |
SRS-010 | Fail safely for invalid inputs, missing tools, and incomplete outputs | Alpha | F | 5 | 4 | T | active | MRS-009 |
SRS-011 | Classify cryptographic algorithm components in a CBOM by quantum risk | Alpha | F | 5 | 5 | T | active | MRS-011 |
SRS-012 | Produce an annotated CBOM with quantum risk properties on each scored component | Alpha | F | 5 | 5 | T | active | MRS-011 |
SRS-013 | Produce a human-readable Markdown risk report grouped by classification | Alpha | F | 4 | 4 | T | active | MRS-011 |
SRS-002 | Detect supported source languages from the target project | Alpha | F | 5 | 4 | T | active | MRS-004 |
SRS-003 | Create CodeQL databases through the external CLI | Alpha | F | 4 | 4 | T | active | MRS-008 |
SRS-004 | Run cryptographic inventory queries on created databases | Alpha | F | 5 | 5 | T | active | MRS-001 |
SRS-005 | Convert source-analysis findings into CBOM artifacts | Alpha | F | 5 | 4 | T | active | MRS-003 |
SRS-006 | Scan TLS-enabled services by target and port | Alpha | F | 5 | 4 | T | active | MRS-005 |
SRS-007 | Model TLS findings with classical, hybrid, and PQ-aware decomposition | Alpha | F | 5 | 4 | T | active | MRS-002 |
SRS-008 | Scan SSH-enabled services by target and port | Alpha | F | 5 | 4 | T | active | MRS-006 |
SRS-009 | Execute within a Linux workspace with explicit runtime assumptions | Alpha | F | 4 | 4 | T | active | MRS-007 |
| UID | Title | Release | Active | Parent links |
|---|---|---|---|---|
SWD-001 | Entry points and directory initialization | Alpha | active | ARC-001 |
SWD-010 | JSON interface and naming conventions | Alpha | active | ARC-010 |
SWD-011 | VECTOR-Score module decomposition and internal design | Alpha | active | ARC-011 |
SWD-002 | Source inventory pipeline sequencing | Alpha | active | ARC-002 |
SWD-003 | Inventory artifact segregation by analysis surface | Alpha | active | ARC-003 |
SWD-004 | External command invocation contracts | Alpha | active | ARC-004 |
SWD-005 | TLS scan lifecycle and parser handoff | Alpha | active | ARC-005 |
SWD-006 | SSH scan lifecycle and parser handoff | Alpha | active | ARC-006 |
SWD-007 | CBOM generation routines | Alpha | active | ARC-007 |
SWD-008 | Defensive validation and failure boundaries | Alpha | active | ARC-008 |
SWD-009 | Algorithm decomposition and modeling | Alpha | active | ARC-009 |
| UID | Title | Platform | Execution type | Verification method | Release | Complexity | Test data | Version | Active | Parent links |
|---|---|---|---|---|---|---|---|---|---|---|
TCS-001 | Verify persisted output locations for VECTOR-Code artifacts | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | A readable sample project path with writable local output directories | 0.1 | active | SRS-001 |
TCS-010 | Verify safe failure behavior | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | Invalid ports, empty targets, missing tools, and empty result files | 0.1 | active | SRS-010 |
TCS-011 | Verify classification of quantum-vulnerable algorithms | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | A CBOM fixture containing algorithm components named RSA, ECDHE, DHE, and ECDSA. | 0.1 | active | SRS-011 |
TCS-012 | Verify classification of post-quantum algorithms | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | Direct calls to algorithm_classifier.classify() with ML-KEM-768, ML-KEM-1024, ML-DSA-65, SLH-DSA. | 0.1 | active | SRS-011 |
TCS-013 | Verify annotated CBOM contains pqcmat risk properties | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | tests/content/sample_tls_cbom.json — a minimal fixture containing RSA, AES-128-GCM, and ML-KEM-768 algorithm components. | 0.1 | active | SRS-012 |
TCS-002 | Verify supported language detection | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | Sample projects containing Python, C, and C++ code above and below threshold | 0.1 | active | SRS-002 |
TCS-003 | Verify CodeQL database creation | GNU/Linux workstation or dev container | Manual | Test | alpha | 3 | Sample project with detectable supported language content and CodeQL CLI installed | 0.1 | active | SRS-003 |
TCS-004 | Verify SARIF generation from CodeQL queries | GNU/Linux workstation or dev container | Manual | Test | alpha | 3 | Created CodeQL databases and available inventory query packs | 0.1 | active | SRS-004 |
TCS-005 | Verify SARIF-to-CBOM conversion | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | Valid SARIF output files and cryptobom CLI installed | 0.1 | active | SRS-005 |
TCS-006 | Verify raw TLS scan output generation | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | Controlled TLS endpoint and reachable port | 0.1 | active | SRS-006 |
TCS-007 | Verify TLS CBOM decomposition | GNU/Linux workstation or dev container | Manual | Test | alpha | 3 | TLS scan JSON containing cipher suites, groups, and supported mapped entries | 0.1 | active | SRS-007 |
TCS-008 | Verify raw SSH scan output generation | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | Controlled SSH endpoint and reachable port | 0.1 | active | SRS-008 |
TCS-009 | Verify Linux runtime assumptions and tool-path checks | GNU/Linux workstation or dev container | Manual | Test | alpha | 2 | Runtime environment with and without required tool paths and writable output locations | 0.1 | active | SRS-009 |
| UID | Title | Test date | Tester | Defect category | Passed steps | Failed steps | Not executed steps | Release version | Verification method | Active | Parent links |
|---|---|---|---|---|---|---|---|---|---|---|---|
TRP-001 | Starter report for persisted output verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-001 |
TRP-010 | Starter report for safe failure verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-010 |
TRP-011 | Test report for quantum-vulnerable algorithm classification | 2026-05-07 | VECTOR-Score automated test suite (pytest 7.4.4 / Python 3.11) | 0 — flawless | 33 | 0 | 0 | 0.1 | T | active | TCS-011 |
TRP-012 | Test report for post-quantum algorithm classification | 2026-05-07 | VECTOR-Score automated test suite (pytest 7.4.4 / Python 3.11) | 0 — flawless | 33 | 0 | 0 | 0.1 | T | active | TCS-012 |
TRP-013 | Test report for annotated CBOM pqcmat property verification | 2026-05-07 | VECTOR-Score automated test suite (pytest 7.4.4 / Python 3.11) | 0 — flawless | 10 | 0 | 0 | 0.1 | T | active | TCS-013 |
TRP-002 | Starter report for language detection verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-002 |
TRP-003 | Starter report for CodeQL database verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-003 |
TRP-004 | Starter report for SARIF generation verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-004 |
TRP-005 | Starter report for SARIF-to-CBOM verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-005 |
TRP-006 | Starter report for raw TLS scan verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-006 |
TRP-007 | Starter report for TLS CBOM verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-007 |
TRP-008 | Starter report for raw SSH scan verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-008 |
TRP-009 | Starter report for runtime assumption verification | 2026-04-11 | Pending execution | 0 — flawless | 0 | 0 | 3 | 0.1 | T | active | TCS-009 |