diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4abab1b..b8fbe12 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,9 @@ We encourage you to read this project's CONTRIBUTING policy (you are here), its If you would like to comment and provide feedback on the metadata standard, please let us know by filing an **issue on our GitHub repository.** -We are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). +We encourage agencies to contribute by submitting a pull request to [include their extended schema in the repository](../schemas). This helps foster collaboration and ensures shared improvements benefit the wider community. + +For CMS, we are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). ### Team Specific Guidelines @@ -52,7 +54,7 @@ N/A If you would like to comment on the metadata standard, please let us know by filing an **issue on our GitHub repository.** -We are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). +For CMS, we are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). ### Writing Pull Requests @@ -102,7 +104,7 @@ Pull requests will be reviewed by the CMS Open Source Program Office team as det ## Documentation -Refer to [/docs](./docs/) for information about CMS code.json metadata standard. +Refer to [/docs](./docs/) for information about code.json metadata standard. ## Policies diff --git a/README.md b/README.md index 720ef2c..e46d57c 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,15 @@ # gov-codejson -CMS code.json: An agency-wide metadata standard for software projects +code.json: An agency-wide metadata standard for software projects ## About the Project -This repository contains documentation on CMS code.json, a metadata standard used to collect information on the agency's software projects in compliance with [M-16-21](https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2016/m_16_21.pdf) and the [SHARE IT Act](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih). +This repository contains documentation on code.json, a metadata standard used to collect information on the agency's software projects in compliance with [M-16-21](https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2016/m_16_21.pdf) and the [SHARE IT Act](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih). -- [metadata.md](./docs/metadata.md): Overview on CMS code.json metadata standard -- [schemas](./schemas): code.json schema +- [metadata.md](./docs/metadata.md): Overview on code.json metadata standard +- [schemas](./schemas): code.json generic schema and agency-level schemas - [procedures.md](./docs/procedures.md): Procedures and tools on creating and updating metadata -- [examples.md](./docs/metadata_examples.md): Good examples of metadata in current agency code.json files +- [examples.md](./docs/examples.md): Good examples of metadata in current agency code.json files - [faq.md](./docs/faq.md): Frequently Asked Questions ### Project Vision @@ -112,7 +112,7 @@ Information about how the gov-codejson community is governed may be found in [GO If you would like to comment on the metadata standard, please let us know by filing an **issue on our GitHub repository.** -We are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). +We are open to adding more CMS fields to code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). If you have ideas for how we can improve or add to our capacity building efforts and methods for welcoming people into our community, please let us know at opensource@cms.hhs.gov. diff --git a/code.json b/code.json index 80511d3..ffcb0e6 100644 --- a/code.json +++ b/code.json @@ -1,7 +1,7 @@ { "name": "gov-codejson", - "description": "CMS code.json: An agency-wide metadata standard for software projects", - "longDescription": "This repository contains documentation on CMS code.json, a metadata standard used to collect information on the agency's software projects in compliance with M-16-21 and the SHARE IT Act.", + "description": "code.json: An agency-wide metadata standard for software projects", + "longDescription": "This repository contains documentation on code.json, a metadata standard used to collect information on the agency's software projects in compliance with M-16-21 and the SHARE IT Act.", "status": "Production", "permissions": { "license": [ diff --git a/docs/faq.md b/docs/faq.md index fa5104c..cb40124 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -1,20 +1,63 @@ -# Frequently Asked Questions (FAQ) +# Frequently Asked Questions (FAQs) + +## Policies + +### What is the Federal Source Code Policy / M-16-21? -### 1. What is the Federal Source Code Policy / M-16-21? The Federal Source Code Policy (M-16-21) is a policy issued by the U.S. government that aims to improve software reuse and collaboration across federal agencies. It requires agencies to: + - Create an inventory of their custom developed code. - Share code within and across agencies to reduce duplication and costs. - Maintain metadata records of their software assets for transparency and tracking. -### 2. What is the SHARE IT Act of 2024? +### What is the SHARE IT Act of 2024? + The SHARE IT Act of 2024 is legislation designed to enhance transparency, collaboration, and efficiency in government software development. It mandates: + - Greater adoption of open source software in federal agencies. - Improved sharing of government software projects with the public. - Standardized reporting on software development and licensing practices. - Establishment of metadata guidelines to ensure clear documentation and discoverability of software assets. -### 3. What is code.json? +### Does the SHARE IT Act also apply retroactively to previous custom-developed code? + +No. The SHARE IT Act applies only to custom-developed code created on or after July 21, 2025. Code developed prior to this date is not subject to its requirements, however, code created after August 8, 2016 is subject to the Federal Source Code Policy. + +### Are there any source code exemptions under the SHARE IT Act? + +There are [4 exemptions](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih#HB45699B7E8734166BE2F6DA2A80F7909): + +1. Source code developed primarily for use in a national security system +2. Source code developed by an agency, or part of an agency, that is an element of the intelligence community +3. Source code that falls under the Freedom of Information Act +4. Source code identified by the agency’s CIO + +### Does SHARE IT Act apply to data analysis code? + +Yes. All custom-developed code—whether it involves software applications, data analysis, infrastructure/devops, interoperability, or internal tools/scripts—must reside in a repository, unless it qualifies for one of the [four exemptions](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih#HB45699B7E8734166BE2F6DA2A80F7909). + +## code.json Metadata Standard + +### What is code.json? + `code.json` is a metadata file used by U.S. federal agencies to document and share their software projects. It provides: + - A standardized format for describing open source and custom developed software. - Key details such as the project's name, description, license, repository URL, and labor hours. - Integration with government wide platforms to facilitate code sharing and reuse. + +### Why is code.json important? + +By collecting metadata on every software project, this allows the agency to build a comprehensive inventory of agency software, enabling strategic decisions about cost reduction and efficiencies through reuse of code. + +### Is code.json mandatory for all repositories? + +Yes. As per M-16-21 and the SHARE IT Act, agencies are required to publish metadata on all custom-developed code after August 8th 2016, which is not subject to exemptions (see: Sec 6 of [M-16-21](https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2016/m_16_21.pdf) and SHARE IT ACT exemptions) + +### I have feedback on additions and improvements to the code.json metadata standard. Where can I share this? + +For CMS, we are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). + +### My agency extended the code.json schema to add more metadata fields. Where can I share this? + +We encourage agencies to contribute by submitting a pull request to [include their extended schema in the repository](../schemas). This helps foster collaboration and ensures shared improvements benefit the wider community. diff --git a/docs/metadata.md b/docs/metadata.md index 944aa91..023aca9 100644 --- a/docs/metadata.md +++ b/docs/metadata.md @@ -1,14 +1,23 @@ # Code.json -CMS `code.json` is a metadata standard created to collect information on the agency's software projects. This is composed of: +`code.json` is a metadata standard created to collect information on the agency's software projects. This is composed of: - federal code.json standard, created as part of [M-16-21](https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2016/m_16_21.pdf) -- metadata CMS would like to collect (e.g. FISMA level, repository host, group) - required metadata outlined in the [SHARE IT ACT](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih) (e.g. repository visibility, contract number) - publiccode.yml metadata, an international metadata standard By harmonizing various standards, this opens up the opportunity to share our work not just on an agency level but also on a national and international level. +The generic code.json schema can be found in the [`schemas` directory](../schemas/schema.1.0.0.json). + +### Extending the schema for agency use + +The generic schema is designed to be extensible, allowing agencies to add metadata fields that are relevant to their specific needs. + +For example, CMS has their [own schema](../schemas/cms/) that includes new fields such as FISMA level, subset in healthcare, and systems. + +We encourage agencies to contribute by submitting a pull request to [include their extended schema in the repository](../schemas). This helps foster collaboration and ensures shared improvements benefit the wider community. + ### Fields **Legend** @@ -433,4 +442,4 @@ By harmonizing various standards, this opens up the opportunity to share our wor ### Adding new metadata fields -We are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). +For CMS, we are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md). diff --git a/schemas/schema-0.0.0.json b/schemas/cms/schema-0.0.0.json similarity index 100% rename from schemas/schema-0.0.0.json rename to schemas/cms/schema-0.0.0.json diff --git a/schemas/schema-0.1.0.json b/schemas/cms/schema-0.1.0.json similarity index 100% rename from schemas/schema-0.1.0.json rename to schemas/cms/schema-0.1.0.json diff --git a/schemas/schema.1.0.0.json b/schemas/schema.1.0.0.json new file mode 100644 index 0000000..a399aed --- /dev/null +++ b/schemas/schema.1.0.0.json @@ -0,0 +1,292 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "code.json metadata", + "description": "A metadata standard for software repositories", + "type": "object", + "properties": { + "items": { + "name": { + "type": "string", + "description": "Name of the project or software" + }, + "description": { + "type": "string", + "description": "A short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed.", + "maxLength": 150 + }, + "longDescription": { + "type": "string", + "description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.", + "minLength": 150, + "maxLength": 10000 + }, + "status": { + "type": "string", + "enum": [ + "Ideation", + "Development", + "Alpha", + "Beta", + "Release Candidate", + "Production", + "Archival" + ], + "description": "Development status of the project" + }, + "permissions": { + "type": "object", + "description": "An object containing description of the usage/restrictions regarding the release", + "properties": { + "licenses": { + "type": "array", + "description": "License(s) for the release", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "enum": [ + "CC0-1.0", + "Apache-2.0", + "MIT", + "MPL-2.0", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-only", + "LGPL-3.0-only", + "BSD-2-Clause", + "BSD-3-Clause", + "EPL-2.0", + "Other", + "None" + ], + "description": "An abbreviation for the name of the license" + }, + "URL": { + "type": "string", + "format": "uri", + "description": "The URL of the release license in the repository" + } + }, + "required": [ + "name", + "URL" + ] + } + }, + "usageType": { + "type": "string", + "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByLaw: The sharing of the source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; (4) exemptByNationalSecurity: The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; (5) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel, (6) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (7) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (8) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", + "enum": [ + "openSource", + "governmentWideReuse", + "exemptByLaw", + "exemptByNationalSecurity", + "exemptByAgencySystem", + "exemptByAgencyMission", + "exemptByCIO", + "exemptByPolicyDate" + ], + "additionalProperties": false + }, + "exemptionText": { + "type": [ + "string", + "null" + ], + "description": "If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used." + } + }, + "additionalProperties": false, + "required": [ + "licenses", + "usageType" + ] + }, + "organization": { + "type": "string", + "description": "Organization responsible for the project", + "enum": [ + "Centers for Medicare & Medicaid Services" + ] + }, + "repositoryURL": { + "type": "string", + "format": "uri", + "description": "The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions)." + }, + "repositoryVisibility": { + "type": "string", + "enum": ["public", "private"], + "description": "Visibility of repository" + }, + "vcs": { + "type": "string", + "description": "Version control system used", + "enum": [ + "git", + "hg", + "svn", + "rcs", + "bzr" + ] + }, + "laborHours": { + "type": "number", + "description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo" + }, + "reuseFrequency": { + "type": "object", + "description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)", + "properties": { + "forks": { + "type": "integer" + }, + "clones": { + "type": "integer" + } + }, + "additionalProperties": true + }, + "platforms": { + "type": "array", + "description": "Platforms supported by the project", + "items": { + "type": "string", + "enum": [ + "web", + "windows", + "mac", + "linux", + "ios", + "android", + "other" + ] + } + }, + "categories": { + "type": "array", + "description": "Categories the project belongs to. Select from: https://yml.publiccode.tools/categories-list.html", + "items": { + "type": "string" + } + }, + "softwareType": { + "type": "string", + "description": "Type of software", + "enum": [ + "standalone/mobile", + "standalone/iot", + "standalone/desktop", + "standalone/web", + "standalone/backend", + "standalone/other", + "addon", + "library", + "configurationFiles" + ] + }, + "languages": { + "type": "array", + "description": "Programming languages that make up the codebase", + "items": { + "type": "string" + } + }, + "maintenance": { + "type": "string", + "description": "The dedicated staff that keeps the software up-to-date, if any", + "enum": [ + "internal", + "contract", + "community", + "none" + ] + }, + "contractNumber": { + "type": "string", + "description": "Contract number" + }, + "date": { + "type": "object", + "description": "A date object describing the release", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "Creation date of project." + }, + "lastModified": { + "type": "string", + "format": "date-time", + "description": "Date when the project was last modified" + }, + "metaDataLastUpdated": { + "type": "string", + "format": "date-time", + "description": "Date when metadata was last updated" + } + } + }, + "tags": { + "type": "array", + "description": "Topics and keywords associated with the project to improve search and discoverability", + "items": { + "type": "string" + } + }, + "contact": { + "type": "object", + "description": "Point of contact for the release", + "properties": { + "email": { + "type": "string", + "format": "email", + "description": "Email address of the point of contact" + }, + "name": { + "type": "string", + "description": "Name of the point of contact" + } + } + }, + "feedbackMechanisms": { + "type": "array", + "description": "Methods a repository receives feedback from the community. Default value is the URL to GitHub repository issues page.", + "items": { + "type": "string" + } + }, + "localisation": { + "type": "boolean", + "description": "Indicates if the project supports multiple languages" + } + } + }, + "required": [ + "name", + "description", + "longDescription", + "status", + "permissions", + "organization", + "repositoryURL", + "repositoryVisibility", + "vcs", + "laborHours", + "reuseFrequency", + "platforms", + "categories", + "softwareType", + "languages", + "maintenance", + "contractNumber", + "date", + "tags", + "contact", + "feedbackMechanisms", + "localisation" + ], + "additionalProperties": false +}