process: add initial tool management

docs/platform_management_plan/tool_management.rst

@@ -12,14 +12,140 @@
    # SPDX-License-Identifier: Apache-2.0
    # *******************************************************************************
 
-Tool Management
-------------------------
+.. document:: Tool Management Plan
+   :id: doc__platform_tool_management_plan
+   :status: draft
+   :safety: ASIL_B
+   :tags: platform_management
+   :realizes: wp__tlm_plan
+
+
+Tool Management/ Tool Management Plan
+-------------------------------------
+
+This document implements parts of the :need:`wp__platform_mgmt`.
 
 Purpose
 +++++++
+The purpose of the Tool Management Plan is to guide the identification, evaluation and qualification of
+project tools.
+
+S-CORE objectives is to use OSS tools for the generation of all required work products. Thus all
+tools which will be used as part of the tool chain for the work product generation must be identified,
+documented and evaluated and if applicable, qualified.
+
 
-Objectives and scope
+Objectives and Scope
 ++++++++++++++++++++
 
+Tool Management Goals
+^^^^^^^^^^^^^^^^^^^^^
+
+* Tools are identified and documented
+* Tools are evaluated
+* Tools are qualified, if applicable
+
 Approach
 ++++++++
+
+
+Identification
+^^^^^^^^^^^^^^
+
+Each tool is identified by its name or UID and version.
+The tools are stored in one GitHub repository, `tooling repository <https://GitHub.com/eclipse-score/tooling/>`_.
+
+For each tool the :need:`gd_temp__tool_management__verif_rpt_template` shall be used to document
+the relevant information.
+
+:need:`gd_chklst__tool__cr_review` shall be used to check that all relevant information is considered.
+
+The configuration of tools is part of the :need:`doc__config_mgt_plan`.
+
+
+Evaluation
+^^^^^^^^^^
+
+The tool confidence level (TCL) must be determined as outlined in the
+:need:`doc_concept__tool__process`.
+
+Step-by-Step guide:
+
+1. Determine the tool impact
+2. Determine the tool error detection
+3. Determine the tool confidence level
+
+**To Step 1**
+
+Based on the found malfunctions or threats judge, if any safety or security requirements may violated.
+If this is the case, determine tool impact to "YES" otherwise to "NO".
+
+If tool impact is "NO", continue with 3, otherwise 2.
+
+**To Step 2**
+
+Based on the found malfunctions or threats judge, if these can be all detected or prevented?
+Consider also potential safety measures and security controls to increase the detection and
+prevention of these, if applicable.
+If there is no guarantee to either detect or prevent these, judge tool error detection to "NO",
+otherwise to "YES".
+
+**To Step 3**
+
+If tool impact is judged to "YES" and tool error detection judged to "NO", the tool confidence
+level is determined to "LOW", otherwise "HIGH".
+
+In case the tool confidence level is "LOW", tool qualification is required.
+
+
+Qualification
+^^^^^^^^^^^^^
+
+As method validation of software tool is applied.
+
+Specify requirements for the tools purpose and usage in the S-CORE context.
+Analyze the malfunctions and threats and specify safety measures and security controls to increase
+the prevention and detection of them.
+Specify test cases and tests to verify the requirements and generate a test report.
+Update the Tool Verification Report accordingly to document the outcomes.
+
+For the generation of requirements, verification and analyses the processes defined in the
+:need:`wp__platform_mgmt` shall be used (Requirements Engineering, Verification,
+Safety/Security Analyzes).
+
+Tailoring
+^^^^^^^^^
+Tailoring of safety activities for confidence in the use of software tools:
+
+The following ISO 26262 defined safety requirements are not relevant for the S-CORE SW platform
+development, as they are not used:
+
+:need:`std_req__iso26262__support_11471`, :need:`std_req__iso26262__support_11472`,
+:need:`std_req__iso26262__support_11473`, :need:`std_req__iso26262__support_11474`,
+:need:`std_req__iso26262__support_11481`, :need:`std_req__iso26262__support_11482`,
+:need:`std_req__iso26262__support_11483`
+
+
+Tool List
+^^^^^^^^^
+
+.. _platform_tool_list:
+
+.. list-table:: SW Platform tool overview
+    :header-rows: 1
+
+    * - tool Id
+      - tool name
+      - tool status
+      - tool TCL
+      - Link to evaluation issue
+      - Link to qualification issue
+      - Link to verification report (contains version, use cases, link to manuals, etc.)
+
+    * - #
+      - sphinx-needs
+      - draft <automated>
+      - not evaluated yet
+      - <Link to issue>
+      - <Link to issue>
+      - <Link to tool verification report>

docs/process/process_areas/index.rst

@@ -28,4 +28,5 @@ Process Areas
    problem_resolution/index.rst
    requirements_engineering/index.rst
    safety_management/index.rst
+   tool_management/index.rst
    verification/index.rst

docs/process/process_areas/tool_management/guidance/index.rst

@@ -0,0 +1,22 @@
+..
+   # *******************************************************************************
+   # Copyright (c) 2025 Contributors to the Eclipse Foundation
+   #
+   # See the NOTICE file(s) distributed with this work for additional
+   # information regarding copyright ownership.
+   #
+   # This program and the accompanying materials are made available under the
+   # terms of the Apache License Version 2.0 which is available at
+   # https://www.apache.org/licenses/LICENSE-2.0
+   #
+   # SPDX-License-Identifier: Apache-2.0
+   # *******************************************************************************
+
+Guidance
+########
+
+.. toctree::
+   :maxdepth: 1
+
+   tool_management_checklist
+   tool_management_template

docs/process/process_areas/tool_management/guidance/tool_management_checklist.rst

@@ -0,0 +1,118 @@
+..
+   # *******************************************************************************
+   # Copyright (c) 2025 Contributors to the Eclipse Foundation
+   #
+   # See the NOTICE file(s) distributed with this work for additional
+   # information regarding copyright ownership.
+   #
+   # This program and the accompanying materials are made available under the
+   # terms of the Apache License Version 2.0 which is available at
+   # https://www.apache.org/licenses/LICENSE-2.0
+   #
+   # SPDX-License-Identifier: Apache-2.0
+   # *******************************************************************************
+
+.. _tlm_checklist:
+
+Tool Verification Report Review Checklist
+#########################################
+
+.. gd_chklst:: Tool Verification Report Review Checklist
+   :id: gd_chklst__tool__cr_review
+   :status: valid
+   :tags: tool_management
+   :complies: std_req__iso26262__support_1141, std_req__iso26262__support_1142, std_req__iso26262__support_1143, std_req__iso26262__support_11441, std_req__iso26262__support_11442, std_req__iso26262__support_11451, std_req__iso26262__support_11452, std_req__iso26262__support_11453, std_req__iso26262__support_11454, std_req__iso26262__support_11461, std_req__iso26262__support_11462
+
+   | **1. Purpose**
+   | The purpose of this checklist is to collect the topics to be checked during a tool verification..
+   | It will not be filled out but considered during the review and monitoring to complete of the Tool Verification Report.
+   |
+   | **2. Checklist**
+   |
+
+   .. list-table:: Tool Verification Report Review Checklist
+      :header-rows: 1
+      :widths: 10,30,6
+
+      * - Id
+        - Topic
+        - Status [FAIL|PASS]
+      * - 1
+        - Is the tool uniquely by name and/or UID defined?
+        -
+
+      * - 2
+        - Is the tool version defined?
+        -
+
+      * - 3
+        - Is the tool verification status (draft, evaluated, qualified) defined?
+        -
+
+      * - 4
+        - Are the purposes of the tool (e.g. use cases) defined?
+        -
+
+      * - 5
+        - Are the inputs of the tool defined?
+        -
+
+      * - 6
+        - Are the outputs of the tool defined?
+        -
+
+      * - 7
+        - Are the configurations of the tool defined?
+        -
+
+      * - 8
+        - Are the environmental constraints/limitations defined?
+        -
+
+      * - 9
+        - Are the links to the tool documentations available?
+        -
+
+      * - 10
+        - Are the tool usage constraints/limitations available?
+        -
+
+      * - 11
+        - Are the possible malfunctions of the tool described?
+        -
+
+      * - 12
+        - Are the threats of the tool described?
+        -
+
+      * - 13
+        - Is the tool impact based on malfunctions/threats defined?
+        -
+
+      * - 14
+        - Are safety measures/security controls against the tool malfunctions/threats defined?
+        -
+
+      * - 15
+        - Is the tool error detection based on confidence on the defined safety measures/security controls defined?
+        -
+
+      * - 16
+        - Is the tool confidence level based on tool impact and tool error detection defined?
+        -
+
+      * - 17
+        - If applicable, are the requirements for software tool qualification defined?
+        -
+
+      * - 18
+        - If applicable, are the test cases and tests for software tool qualification defined?
+        -
+
+      * - 19
+        - If applicable, are the test reports for software tool qualification defined?
+        -
+
+      * - 20
+        - If applicable, are the analyses for software tool qualification defined?
+        -