Merge pull request #85 from namjoshiniks/OCP_Safe/PieC_Zephyr_Dependencies_SFR

Add SFR Google PieC Zephyr Software Dependencies

Author: nickhummel

Reports/Google/2026/PieC_Zephyr_Software_Dependencies/PieC_Zephyr_Software_Dependencies_Scope_1.json

@@ -0,0 +1,30 @@
+{
+    "review_framework_version": "1.1",
+    "device": {
+        "vendor": "Google Inc",
+        "product": "Zephyr RTOS and its dependencies (MCUboot, CMSIS, hal_nxp, nanopb) for Google Data Center Rack Telemetry and Control",
+        "category": "open-source dependencies",
+        "repo_tag": "",
+        "fw_version": "Zephyr v4.4.0-rc1, MCUboot v2.4.0-rc1, CMSIS version 6, hal_nxp, nanopb 0.4.9.1",
+        "fw_hash_sha2_384": "",
+        "fw_hash_sha2_512": ""
+    },
+    "audit": {
+        "srp": "Keysight Riscure",
+        "methodology": "whitebox",
+        "completion_date": "2026-04-15",
+        "report_version": "1.0",
+        "scope_number": 1,
+        "cvss_version": "3.1",
+        "issues": [
+            {
+                "title": "Reliance of assert statements in Zephyr OS",
+                "cvss_score": "0.0",
+                "cvss_vector": "N/A",
+                "cwe": "CWE-691",
+                "description": "Zephyr OS relies heavily on asserts to validate function inputs and return values rather than performing runtime validation. This finding regards defense in depth. Google accepts the compromise between performance and security.",
+                "cve": null
+            }
+        ]
+    }
+}

Reports/Google/2026/PieC_Zephyr_Software_Dependencies/PieC_Zephyr_Software_Dependencies_Scope_1.jws

@@ -0,0 +1 @@
+eyJhbGciOiJFUzUxMiIsImtpZCI6IktleXNpZ2h0IiwidHlwIjoiSldUIn0.eyJyZXZpZXdfZnJhbWV3b3JrX3ZlcnNpb24iOiIxLjEiLCJkZXZpY2UiOnsidmVuZG9yIjoiR29vZ2xlIEluYyIsInByb2R1Y3QiOiJHb29nbGUgTUNVIFNvZnR3YXJlIERlcGVuZGVuY2llcyIsImNhdGVnb3J5IjoiZGVwZW5kZW5jaWVzIiwicmVwb190YWciOiIiLCJmd192ZXJzaW9uIjoiWmVwaHlyIHY0LjQuMC1yYzEsIE1DVWJvb3QgdjIuNC4wLXJjMSwgQ01TSVMgdmVyc2lvbiA2LCBoYWxfbnhwLCBuYW5vcGIgMC40LjkuMSIsImZ3X2hhc2hfc2hhMl8zODQiOiIiLCJmd19oYXNoX3NoYTJfNTEyIjoiIn0sImF1ZGl0Ijp7InNycCI6IktleXNpZ2h0IFJpc2N1cmUiLCJtZXRob2RvbG9neSI6IndoaXRlYm94IiwiY29tcGxldGlvbl9kYXRlIjoiMjAyNi0wNC0xNSIsInJlcG9ydF92ZXJzaW9uIjoiMS4wIiwic2NvcGVfbnVtYmVyIjoxLjAsImN2c3NfdmVyc2lvbiI6IjMuMSIsImlzc3VlcyI6W3sidGl0bGUiOiJSZWxpYW5jZSBvZiBhc3NlcnQgc3RhdGVtZW50cyBpbiBaZXBoeXIgT1MiLCJjdnNzX3Njb3JlIjoiMC4wIiwiY3Zzc192ZWN0b3IiOiJOL0EiLCJjd2UiOiJDV0UtNjkxIiwiZGVzY3JpcHRpb24iOiJaZXBoeXIgT1MgcmVsaWVzIGhlYXZpbHkgb24gYXNzZXJ0cyB0byB2YWxpZGF0ZSBmdW5jdGlvbiBpbnB1dHMgYW5kIHJldHVybiB2YWx1ZXMgcmF0aGVyIHRoYW4gcGVyZm9ybWluZyBydW50aW1lIHZhbGlkYXRpb24uIFRoaXMgZmluZGluZyByZWdhcmRzIGRlZmVuc2UgaW4gZGVwdGguIEdvb2dsZSBhY2NlcHRzIHRoZSBjb21wcm9taXNlIGJldHdlZW4gcGVyZm9ybWFuY2UgYW5kIHNlY3VyaXR5LiIsImN2ZSI6bnVsbH1dfX0.AZrr8nlYROX5LAjUL7P6TZn0bvUPMoI-8uCipsXFKTmr5NlDqXwmnMn38YpwVrMD2djb28Ghumya82VTHQAo2XeIAak3PAuOI8rLu5lPyG1bbhEPfAnn9HId7uKmBDUWTUT0R9_dJ9nJJPKETKAo8vQshxxnjCBNvvSAjRNbQ-kOOo1d