From 30af3b323b990a42eb640c43ce01e4dc0b9f5ca1 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 6 Aug 2025 07:47:27 -0700 Subject: [PATCH 1/4] Add M-16-21 fields to schema Signed-off-by: Natalia Luzuriaga --- schemas/schema-2.0.0.json | 247 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 247 insertions(+) create mode 100644 schemas/schema-2.0.0.json diff --git a/schemas/schema-2.0.0.json b/schemas/schema-2.0.0.json new file mode 100644 index 0000000..161e9f2 --- /dev/null +++ b/schemas/schema-2.0.0.json @@ -0,0 +1,247 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "code.json metadata", + "description": "A metadata standard for software repositories", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the project or software" + }, + "description": { + "type": "string", + "description": "A short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed.", + "maxLength": 150 + }, + "status": { + "type": "string", + "enum": [ + "Ideation", + "Development", + "Alpha", + "Beta", + "Release Candidate", + "Production", + "Archival" + ], + "description": "Development status of the project" + }, + "permissions": { + "type": "object", + "description": "An object containing description of the usage/restrictions regarding the release", + "properties": { + "licenses": { + "type": "array", + "description": "License(s) for the release", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "enum": [ + "CC0-1.0", + "Apache-2.0", + "MIT", + "MPL-2.0", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-only", + "LGPL-3.0-only", + "BSD-2-Clause", + "BSD-3-Clause", + "EPL-2.0", + "Other", + "None" + ], + "description": "An abbreviation for the name of the license" + }, + "URL": { + "type": "string", + "format": "uri", + "description": "The URL of the release license in the repository" + } + }, + "required": [ + "name", + "URL" + ] + } + }, + "usageType": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "openSource", + "governmentWideReuse", + "exemptByNationalSecurity", + "exemptByIntelligence", + "exemptByFOIA", + "exemptByEAR", + "exemptByITAR", + "exemptByTSA", + "exemptByClassifiedInformation", + "exemptByPrivacyRisk", + "exemptByAgencySystem", + "exemptByAgencyMission", + "exemptByCIO", + "exemptByPolicyDate" + ] + }, + "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByLaw: The sharing of the source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; (4) exemptByNationalSecurity: The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; (5) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel, (6) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (7) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (8) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", + "additionalProperties": false + }, + "exemptionText": { + "type": [ + "string", + "null" + ], + "description": "If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used." + } + }, + "additionalProperties": false, + "required": [ + "licenses", + "usageType" + ] + }, + "organization": { + "type": "string", + "description": "Organization responsible for the project", + "enum": [ + "The organization or component within the agency to which the releases listed belong. For example, '18F' or 'Navy'." + ] + }, + "repositoryURL": { + "type": "string", + "format": "uri", + "description": "The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed." + }, + "repositoryVisibility": { + "type": "string", + "enum": [ + "public", + "private" + ], + "description": "Visibility of repository" + }, + "vcs": { + "type": "string", + "description": "Version control system used", + "enum": [ + "git", + "hg", + "svn", + "rcs", + "bzr" + ] + }, + "laborHours": { + "type": "number", + "description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo" + }, + "reuseFrequency": { + "type": "object", + "description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)", + "properties": { + "forks": { + "type": "integer" + }, + "clones": { + "type": "integer" + } + }, + "additionalProperties": true + }, + "maintenance": { + "type": "string", + "description": "The dedicated staff that keeps the software up-to-date, if any", + "enum": [ + "internal", + "contract", + "community", + "none" + ] + }, + "contractNumber": { + "type": "string", + "description": "Contract number" + }, + "date": { + "type": "object", + "description": "A date object describing the release", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "Creation date of project." + }, + "lastModified": { + "type": "string", + "format": "date-time", + "description": "Date when the project was last modified" + }, + "metaDataLastUpdated": { + "type": "string", + "format": "date-time", + "description": "Date when metadata was last updated" + } + } + }, + "tags": { + "type": "array", + "description": "Topics and keywords associated with the project to improve search and discoverability", + "items": { + "type": "string" + } + }, + "contact": { + "type": "object", + "description": "Point of contact for the release", + "properties": { + "email": { + "type": "string", + "format": "email", + "description": "Email address of the point of contact" + }, + "name": { + "type": "string", + "description": "Name of the point of contact" + } + } + }, + "feedbackMechanisms": { + "type": "array", + "description": "Methods a repository receives feedback from the community. Default value is the URL to GitHub repository issues page.", + "items": { + "type": "string" + } + }, + "AIUseCaseInventory": { + "type": "boolean", + "description": "Is the software included in the agency's AI use case inventory?" + } + }, + "required": [ + "name", + "description", + "status", + "permissions", + "organization", + "repositoryURL", + "repositoryVisibility", + "vcs", + "laborHours", + "reuseFrequency", + "languages", + "maintenance", + "contractNumber", + "date", + "tags", + "contact", + "feedbackMechanisms", + "AIUseCaseInventory" + ], + "additionalProperties": false +} \ No newline at end of file From c1b0a0dbfb8c24e1f58ce871750a277e79b15a26 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 6 Aug 2025 07:54:14 -0700 Subject: [PATCH 2/4] Updates to feedbackMechanisms and description fields Signed-off-by: Natalia Luzuriaga --- schemas/schema-2.0.0.json | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/schemas/schema-2.0.0.json b/schemas/schema-2.0.0.json index 161e9f2..aaf1a50 100644 --- a/schemas/schema-2.0.0.json +++ b/schemas/schema-2.0.0.json @@ -10,8 +10,7 @@ }, "description": { "type": "string", - "description": "A short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed.", - "maxLength": 150 + "description": "A one or two sentence description of the software." }, "status": { "type": "string", @@ -212,11 +211,9 @@ } }, "feedbackMechanisms": { - "type": "array", - "description": "Methods a repository receives feedback from the community. Default value is the URL to GitHub repository issues page.", - "items": { - "type": "string" - } + "type": "string", + "format": "uri", + "description": "Method a repository receives feedback from the community (i.e. URL to GitHub repository issues page)" }, "AIUseCaseInventory": { "type": "boolean", From 2a47cf45e15fd8ab0b9d1aabd4b0ab568cb4e282 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 6 Aug 2025 08:35:28 -0700 Subject: [PATCH 3/4] Update contractNumber to be an array Signed-off-by: Natalia Luzuriaga --- schemas/schema-2.0.0.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/schemas/schema-2.0.0.json b/schemas/schema-2.0.0.json index aaf1a50..ab35bb9 100644 --- a/schemas/schema-2.0.0.json +++ b/schemas/schema-2.0.0.json @@ -164,8 +164,11 @@ ] }, "contractNumber": { - "type": "string", - "description": "Contract number" + "type": "array", + "description": "Contract number(s) under which the project was developed", + "items": { + "type": "string" + } }, "date": { "type": "object", From 0fa201fe247911a360acdb778e5131999d96acf3 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 6 Aug 2025 12:57:01 -0700 Subject: [PATCH 4/4] Update usageType field Signed-off-by: Natalia Luzuriaga --- schemas/schema-2.0.0.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/schema-2.0.0.json b/schemas/schema-2.0.0.json index ab35bb9..15936b1 100644 --- a/schemas/schema-2.0.0.json +++ b/schemas/schema-2.0.0.json @@ -88,7 +88,7 @@ "exemptByPolicyDate" ] }, - "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByLaw: The sharing of the source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; (4) exemptByNationalSecurity: The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; (5) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel, (6) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (7) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (8) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", + "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", "additionalProperties": false }, "exemptionText": {