diff --git a/docs/examples.md b/docs/examples.md index 8948779..c622a24 100644 --- a/docs/examples.md +++ b/docs/examples.md @@ -8,55 +8,85 @@ DedupliFHIR is a desktop app tool that uses AI deduplication to identify duplica ``` { - "name": "dedupliFHIR", - "description": "Prototype for basic deduplication and aggregation of eCQM data","longDescription": "A CLI bundled with an electron front-end that provides data-linkage and AI deduplication for reported ACO data at scale.", - "status": "Production", - "permissions": { - "license": [ - { - "name": "CC0 1.0 Universal", - "URL": "https://github.com/DSACMS/dedupliFHIR/blob/main/LICENSE" - } - ], - "usageType": "openSource", - "exemptionText": "" - }, - "organization": "Centers for Medicare & Medicaid Services", - "repositoryURL": "https://github.com/DSACMS/dedupliFHIR", - "vcs": "git", - "laborHours": 4252, - "platforms": ["windows", "mac", "linux"], - "categories": ["data-analytics", "application-development", "data-collection"], - "softwareType": "standalone/desktop", - "languages": [ - "Python", - "JavaScript", - "HTML", - "CSS", - "Shell", - "Makefile" + "name": "dedupliFHIR", + "description": "Prototype for basic deduplication and aggregation of eCQM data", + "longDescription": "A CLI bundled with an electron front-end that provides data-linkage and AI deduplication for reported ACO data at scale.", + "status": "Production", + "permissions": { + "license": [ + { + "name": "CC0 1.0 Universal", + "URL": "https://github.com/DSACMS/dedupliFHIR/blob/main/LICENSE" + } ], - "maintenance": "internal", - "date": { - "created": "2023-06-22T17:08:19Z", - "lastModified": "2025-02-10T19:13:19Z", - "metaDataLastUpdated": "2025-02-10T19:14:29.970Z" - }, - "tags": ["AI", "deduplication", "data", "ACA", "FHIR"], - "contact": { - "email": "opensource@cms.hhs.gov", - "name": "CMS Open Source Team" - }, - "localisation": false, - "repositoryType": "application", - "userInput": "Yes", - "fismaLevel": "Moderate", - "group": "CMS/OA/DSAC", - "subsetInHealthcare": "Operational", - "userType": "Providers", - "repositoryHost": "Github.com", - "maturityModelTier": "3", - "projectType": "Tools" + "usageType": "openSource", + "exemptionText": "" + }, + "organization": "Centers for Medicare & Medicaid Services", + "repositoryURL": "https://github.com/DSACMS/dedupliFHIR", + "projectURL": "", + "repositoryHost": "github.com/DSACMS", + "repositoryVisibility": "public", + "vcs": "git", + "laborHours": 4271, + "reuseFrequency": { + "forks": 3, + "clones": 0 + }, + "platforms": [ + "windows", + "mac", + "linux" + ], + "categories": [ + "data-analytics", + "application-development", + "data-collection" + ], + "softwareType": "standalone/desktop", + "languages": [ + "Python", + "JavaScript", + "HTML", + "CSS", + "Shell", + "Makefile" + ], + "maintenance": "internal", + "contractNumber": [], + "date": { + "created": "2023-06-22T17:08:19Z", + "lastModified": "2025-02-13T18:44:26Z", + "metaDataLastUpdated": "2025-06-10T14:55:32.836Z" + }, + "tags": [ + "AI", + "deduplication", + "data", + "ACA", + "FHIR", + "featured" + ], + "contact": { + "email": "opensource@cms.hhs.gov", + "name": "CMS Open Source Team" + }, + "feedbackMechanisms": "https://github.com/DSACMS/dedupliFHIR/issues", + "localisation": false, + "repositoryType": "application", + "userInput": "true", + "fismaLevel": "Moderate", + "group": "CMS/OA/DSAC", + "projects": [], + "systems": [], + "upstream": "https://github.com/DSACMS/dedupliFHIR/network/dependencies", + "subsetInHealthcare": [ + "Operational" + ], + "userType": [ + "Providers" + ], + "maturityModelTier": "3" } ``` @@ -66,54 +96,78 @@ The CMS Metrics Website is a [tier 3](https://github.com/DSACMS/repo-scaffolder/ ``` { - "name": "metrics", - "description": "Experimentations in Open Source Repository Metrics", - "longDescription": "The CMS Repository Metrics Website shows an overview of software development activity across open source projects within a specified organization. This webpage is meant to be used by developers and program managers interested in repository health within CMS open source projects.", - "status": "Production", - "permissions": { - "license": [ - { - "name": "CC0 1.0 Universal", - "URL": "https://github.com/DSACMS/metrics/blob/main/LICENSE.md" - } - ], - "usageType": "openSource", - "exemptionText": "" - }, - "organization": "Centers for Medicare & Medicaid Services", - "repositoryURL": "https://github.com/DSACMS/metrics", - "vcs": "git", - "laborHours": 20475, - "platforms": ["web"], - "categories": ["data-visualization", "data-analytics"], - "softwareType": "standalone/web", - "languages": [ - "Liquid", - "JavaScript", - "CSS", - "Shell", - "Python" + "name": "metrics", + "description": "CMS Open Source Repository Metrics Website", + "longDescription": "The CMS Repository Metrics Website shows an overview of software development activity across open source projects within a specified organization. It is designed for developers and program managers interested in monitoring health and activity of CMS open source repositories.", + "status": "Production", + "permissions": { + "license": [ + { + "name": "CC0 1.0 Universal", + "URL": "https://github.com/DSACMS/metrics/blob/main/LICENSE.md" + } ], - "maintenance": "internal", - "date": { - "created": "2023-07-18T14:10:58Z", - "lastModified": "2025-02-11T19:10:14Z", - "metaDataLastUpdated": "2025-02-11T19:20:16.212Z" - }, - "tags": ["metrics", "ospo", "repository"], - "contact": { - "email": "opensource@cms.hhs.gov", - "name": "CMS/OA/DSAC" - }, - "localisation": false, - "repositoryType": "website", - "userInput": "No", - "fismaLevel": "Low", - "group": "CMS/OA/DSAC", - "subsetInHealthcare": "Operational", - "userType": "Government", - "repositoryHost": "Github.com", - "maturityModelTier": 3, - "projectType": "Website" + "usageType": "openSource", + "exemptionText": "" + }, + "organization": "Centers for Medicare & Medicaid Services", + "repositoryURL": "https://github.com/DSACMS/metrics", + "projectURL": "https://dsacms.github.io/metrics/", + "repositoryHost": "github.com/DSACMS", + "repositoryVisibility": "public", + "vcs": "git", + "laborHours": 20722, + "reuseFrequency": { + "forks": 4, + "clones": 0 + }, + "platforms": [ + "web" + ], + "categories": [ + "data-visualization", + "data-analytics" + ], + "softwareType": "standalone/web", + "languages": [ + "Liquid", + "JavaScript", + "CSS", + "Python", + "Shell" + ], + "maintenance": "internal", + "contractNumber": [], + "date": { + "created": "2023-07-18T14:10:58Z", + "lastModified": "2025-06-01T11:36:12Z", + "metaDataLastUpdated": "2025-06-06T16:36:38.949Z" + }, + "tags": [ + "metrics", + "ospo", + "repository", + "featured" + ], + "contact": { + "email": "opensource@cms.hhs.gov", + "name": "CMS/OA/DSAC/OSPO" + }, + "feedbackMechanisms": "https://github.com/DSACMS/metrics/issues", + "localisation": false, + "repositoryType": "website", + "userInput": "No", + "fismaLevel": "Low", + "group": "CMS/OA/DSAC", + "projects": [], + "systems": [], + "upstream": "https://github.com/DSACMS/metrics/network/dependencies", + "subsetInHealthcare": [ + "Operational" + ], + "userType": [ + "Government" + ], + "maturityModelTier": 3 } ``` diff --git a/docs/faq.md b/docs/faq.md index 671a7ab..3775599 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -19,6 +19,8 @@ The SHARE IT Act of 2024 is legislation designed to enhance transparency, collab - Standardized reporting on software development and licensing practices. - Establishment of metadata guidelines to ensure clear documentation and discoverability of software assets. +Learn more at: https://dsacms.github.io/share-it-act-lp/ + ### Does the SHARE IT Act also apply retroactively to previous custom-developed code? No. The SHARE IT Act applies only to custom-developed code created on or after July 21, 2025. Code developed prior to this date is not subject to its requirements, however, code created after August 8, 2016 is subject to the Federal Source Code Policy. @@ -36,6 +38,12 @@ There are [4 exemptions](https://www.congress.gov/bill/118th-congress/house-bill Yes. All custom-developed codeโ€”whether it involves software applications, data analysis, infrastructure/devops, interoperability, or internal tools/scriptsโ€”must reside in a repository, unless it qualifies for one of the [four exemptions](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih#HB45699B7E8734166BE2F6DA2A80F7909). +### When do agencies have to comply? +The SHARE IT Act applies to custom-developed code created on or after July 21, 2025 where agencies must: +- store custom-developed code in a repository +- ensure code is accessible to federal employees and is owned by the agency +- publish metadata on all custom-developed code + ## code.json Metadata Standard ### What is code.json? diff --git a/docs/metadata.md b/docs/metadata.md index 8037e16..bf40a2a 100644 --- a/docs/metadata.md +++ b/docs/metadata.md @@ -18,7 +18,254 @@ For example, CMS has their [own schema](../schemas/cms/) that includes new field We encourage agencies to contribute by [submitting an agency schema addition issue](https://github.com/DSACMS/gov-codejson/issues) to [include their extended schema in the repository](../schemas). This helps foster collaboration and ensures shared improvements benefit the wider community. -### Fields +### code.json Fields + +**Legend** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Metadata StandardOriginIcon
code.jsonFederal๐Ÿ‡บ๐Ÿ‡ธ
publiccode.ymlInternational๐ŸŒŽ
SHARE IT ActFederal๐Ÿ“œ
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldPresenceSourceTypeDescriptionOptions/Examples
namerequired๐Ÿ‡บ๐Ÿ‡ธ๐ŸŒŽstrName of the project or software
descriptionrequired๐Ÿ‡บ๐Ÿ‡ธstrA short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed.
statusrequired๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ“œstrDevelopment status of the project + - Ideation
+ - Development
+ - Alpha
+ - Beta
+ - Release Candidate
+ - Production
+ - Archival +
permissions/license/url
permissions/license/name		required๐Ÿ‡บ๐Ÿ‡ธ๐ŸŒŽobj + An object containing description of the usage/restrictions regarding the release.

+ An abbreviation for the name of the license. The URL of the release license. +
permissions/usageTyperequired๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ“œstrA list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agencyโ€™s systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", + + - openSource
+ - governmentWideReuse
+ - exemptByNationalSecurity
+ - exemptByNationalIntelligence
+ - exemptByFOIA
+ - exemptByEAR
+ - exemptByITAR
+ - exemptByTSA
+ - exemptByClassifiedInformation
+ - exemptByPrivacyRisk
+ - exemptByIPRestriction
+ - exemptByAgencySystem
+ - exemptByAgencyMission
+ - exemptByCIO
+ - exemptByPolicyDate +
permissions/exemptionTextoptional๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ“œstrIf an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used.
organizationrequired๐Ÿ‡บ๐Ÿ‡ธstrThe organization or component within the agency to which the releases listed belong.Centers for Medicare & Medicaid Services, 18F, Navy
repositoryURLrequired๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ“œstrThe URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed.
repositoryVisibilityrequired๐Ÿ“œstrVisibility of repository + - public
+ - private +
vcsrequired๐Ÿ‡บ๐Ÿ‡ธstrVersion control system used + - git
+ - hg
+ - svn
+ - rcs
+ - bzr +
laborHoursrequired๐Ÿ‡บ๐Ÿ‡ธintLabor hours invested in the project. Calculated through COCOMO & SCC tool
reuseFrequency/forks
reuseFrequency/clones		required๐Ÿ“œobjMeasures frequency of code reuse in various forms
maintenancerequired๐ŸŒŽ๐Ÿ“œstrThe dedicated staff that keeps the software up-to-date, if any + - internal
+ - contract
+ - community
+ - none +
contractNumberrequired๐Ÿ“œarrayContract number
date/created
date/lastModified date/metadataLastUpdated		required๐Ÿ‡บ๐Ÿ‡ธobjA date object describing the release
tagsrequired๐Ÿ‡บ๐Ÿ‡ธarrTopics and keywords associated with the project to improve search and discoverability
contact/email
contact/name		required๐Ÿ‡บ๐Ÿ‡ธ๐ŸŒŽobjPoint of contact for the release
Email of point of contact
Name of point of contact
feedbackMechanismsrequired๐Ÿ“œstrMethod a repository receives feedback from the community (i.e. URL to GitHub repository issues page) + - Submitting issues to repo
+
AIUseCaseInventoryrequired๐Ÿ“œboolIndicates if the software is included in the agency's AI use case inventory + - true
+ - false +
+ +Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). + +### CMS code.json Fields **Legend** @@ -289,7 +536,7 @@ We encourage agencies to contribute by [submitting an agency schema addition iss contractNumber required ๐Ÿ“œ - int + array Contract number @@ -317,17 +564,14 @@ We encourage agencies to contribute by [submitting an agency schema addition iss Point of contact for the release
Email of point of contact
Name of point of contact - + feedbackMechanisms required ๐Ÿ“œ - arr - Array of methods repositories receive feedback. Default value is the URL to GitHub repository issues + str + Method a repository receives feedback from the community (i.e. URL to GitHub repository issues) - Submitting issues to repo
- - Submitting PRs to repo
- - Project website
- - Email @@ -449,7 +693,7 @@ We encourage agencies to contribute by [submitting an agency schema addition iss -Full schema can be found in [schema-1.0.0.json](../schemas/schema-1.0.0.json). +Full schema can be found in [schema-0.1.0.json](../schemas/cms/schema-0.1.0.json). ### Adding new metadata fields diff --git a/docs/procedures.md b/docs/procedures.md index 3ad85b3..e2bed30 100644 --- a/docs/procedures.md +++ b/docs/procedures.md @@ -2,6 +2,8 @@ The CMS Open Source Program Office developed various tools that can automate detecting, adding, and updating metadata to repositories. +Learn more at: https://dsacms.github.io/share-it-act-lp/ + ## Creating a code.json file ### Using repo-scaffolder diff --git a/schemas/cms/schema-0.1.0.json b/schemas/cms/schema-0.1.0.json index e26e71a..6e30324 100644 --- a/schemas/cms/schema-0.1.0.json +++ b/schemas/cms/schema-0.1.0.json @@ -4,369 +4,367 @@ "description": "A metadata standard for software repositories of CMS", "type": "object", "properties": { - "items": { - "name": { - "type": "string", - "description": "Name of the project or software" - }, - "description": { - "type": "string", - "description": "A short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed.", - "maxLength": 150 - }, - "longDescription": { - "type": "string", - "description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.", - "minLength": 150, - "maxLength": 10000 - }, - "status": { - "type": "string", - "enum": [ - "Ideation", - "Development", - "Alpha", - "Beta", - "Release Candidate", - "Production", - "Archival" - ], - "description": "Development status of the project" - }, - "permissions": { - "type": "object", - "description": "An object containing description of the usage/restrictions regarding the release", - "properties": { - "licenses": { - "type": "array", - "description": "License(s) for the release", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "enum": [ - "CC0-1.0", - "Apache-2.0", - "MIT", - "MPL-2.0", - "GPL-2.0-only", - "GPL-3.0-only", - "GPL-3.0-or-later", - "LGPL-2.1-only", - "LGPL-3.0-only", - "BSD-2-Clause", - "BSD-3-Clause", - "EPL-2.0", - "Other", - "None" - ], - "description": "An abbreviation for the name of the license" - }, - "URL": { - "type": "string", - "format": "uri", - "description": "The URL of the release license in the repository" - } + "name": { + "type": "string", + "description": "Name of the project or software" + }, + "description": { + "type": "string", + "description": "A one or two sentence description of the software." + }, + "longDescription": { + "type": "string", + "description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.", + "minLength": 150, + "maxLength": 10000 + }, + "status": { + "type": "string", + "enum": [ + "Ideation", + "Development", + "Alpha", + "Beta", + "Release Candidate", + "Production", + "Archival" + ], + "description": "Development status of the project" + }, + "permissions": { + "type": "object", + "description": "An object containing description of the usage/restrictions regarding the release", + "properties": { + "licenses": { + "type": "array", + "description": "License(s) for the release", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "enum": [ + "CC0-1.0", + "Apache-2.0", + "MIT", + "MPL-2.0", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-only", + "LGPL-3.0-only", + "BSD-2-Clause", + "BSD-3-Clause", + "EPL-2.0", + "Other", + "None" + ], + "description": "An abbreviation for the name of the license" }, - "required": [ - "name", - "URL" - ] - } - }, - "usageType": { - "type": "string", - "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByLaw: The sharing of the source code is restricted by law or regulation, includingโ€”but not limited toโ€”patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; (4) exemptByNationalSecurity: The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; (5) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agencyโ€™s systems or personnel, (6) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (7) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (8) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", - "enum": [ - "openSource", - "governmentWideReuse", - "exemptByLaw", - "exemptByNationalSecurity", - "exemptByAgencySystem", - "exemptByAgencyMission", - "exemptByCIO", - "exemptByPolicyDate" - ], - "additionalProperties": false - }, - "exemptionText": { - "type": [ - "string", - "null" - ], - "description": "If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used." + "URL": { + "type": "string", + "format": "uri", + "description": "The URL of the release license in the repository" + } + }, + "required": [ + "name", + "URL" + ] } }, - "additionalProperties": false, - "required": [ - "licenses", - "usageType" - ] - }, - "organization": { - "type": "string", - "description": "Organization responsible for the project", - "enum": [ - "Centers for Medicare & Medicaid Services" - ] - }, - "repositoryURL": { - "type": "string", - "format": "uri", - "description": "The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed." - }, - "projectURL": { - "type": "string", - "format": "uri", - "description": "URL to landing page, demo, or production instance of project" - }, - "repositoryHost": { - "type": "string", - "description": "Location where source code is hosted", - "enum": [ - "github.com/CMSgov", - "github.com/CMS-Enterprise", - "github.com/Enterprise-CMCS", - "github.com/DSACMS", - "github.cms.gov", - "CCSQ GitHub" - ] - }, - "repositoryVisibility": { - "type": "string", - "enum": [ - "public", - "private" - ], - "description": "Visibility of repository" - }, - "vcs": { - "type": "string", - "description": "Version control system used", - "enum": [ - "git", - "hg", - "svn", - "rcs", - "bzr" - ] - }, - "laborHours": { - "type": "number", - "description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo" - }, - "reuseFrequency": { - "type": "object", - "description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)", - "properties": { - "forks": { - "type": "integer" - }, - "clones": { - "type": "integer" - } - }, - "additionalProperties": true - }, - "platforms": { - "type": "array", - "description": "Platforms supported by the project", - "items": { + "usageType": { "type": "string", + "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByLaw: The sharing of the source code is restricted by law or regulation, includingโ€”but not limited toโ€”patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; (4) exemptByNationalSecurity: The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; (5) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agencyโ€™s systems or personnel, (6) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (7) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (8) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", "enum": [ - "web", - "windows", - "mac", - "linux", - "ios", - "android", - "other" - ] - } - }, - "categories": { - "type": "array", - "description": "Categories the project belongs to. Select from: https://yml.publiccode.tools/categories-list.html", - "items": { - "type": "string" + "openSource", + "governmentWideReuse", + "exemptByLaw", + "exemptByNationalSecurity", + "exemptByAgencySystem", + "exemptByAgencyMission", + "exemptByCIO", + "exemptByPolicyDate" + ], + "additionalProperties": false + }, + "exemptionText": { + "type": [ + "string", + "null" + ], + "description": "If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used." } }, - "softwareType": { - "type": "string", - "description": "Type of software", - "enum": [ - "standalone/mobile", - "standalone/iot", - "standalone/desktop", - "standalone/web", - "standalone/backend", - "standalone/other", - "addon", - "library", - "configurationFiles" - ] - }, - "languages": { - "type": "array", - "description": "Programming languages that make up the codebase", - "items": { - "type": "string" + "additionalProperties": false, + "required": [ + "licenses", + "usageType" + ] + }, + "organization": { + "type": "string", + "description": "Organization responsible for the project", + "enum": [ + "Centers for Medicare & Medicaid Services" + ] + }, + "repositoryURL": { + "type": "string", + "format": "uri", + "description": "The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed." + }, + "projectURL": { + "type": "string", + "format": "uri", + "description": "URL to landing page, demo, or production instance of project" + }, + "repositoryHost": { + "type": "string", + "description": "Location where source code is hosted", + "enum": [ + "github.com/CMSgov", + "github.com/CMS-Enterprise", + "github.com/Enterprise-CMCS", + "github.com/DSACMS", + "github.cms.gov", + "CCSQ GitHub" + ] + }, + "repositoryVisibility": { + "type": "string", + "enum": [ + "public", + "private" + ], + "description": "Visibility of repository" + }, + "vcs": { + "type": "string", + "description": "Version control system used", + "enum": [ + "git", + "hg", + "svn", + "rcs", + "bzr" + ] + }, + "laborHours": { + "type": "number", + "description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo" + }, + "reuseFrequency": { + "type": "object", + "description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)", + "properties": { + "forks": { + "type": "integer" + }, + "clones": { + "type": "integer" } }, - "maintenance": { + "additionalProperties": true + }, + "platforms": { + "type": "array", + "description": "Platforms supported by the project", + "items": { "type": "string", - "description": "The dedicated staff that keeps the software up-to-date, if any", "enum": [ - "internal", - "contract", - "community", - "none" + "web", + "windows", + "mac", + "linux", + "ios", + "android", + "other" ] - }, - "contractNumber": { - "type": "string", - "description": "Contract number" - }, - "date": { - "type": "object", - "description": "A date object describing the release", - "properties": { - "created": { - "type": "string", - "format": "date-time", - "description": "Creation date of project." - }, - "lastModified": { - "type": "string", - "format": "date-time", - "description": "Date when the project was last modified" - }, - "metaDataLastUpdated": { - "type": "string", - "format": "date-time", - "description": "Date when metadata was last updated" - } - } - }, - "tags": { - "type": "array", - "description": "Topics and keywords associated with the project to improve search and discoverability", - "items": { - "type": "string" - } - }, - "contact": { - "type": "object", - "description": "Point of contact for the release", - "properties": { - "email": { - "type": "string", - "format": "email", - "description": "Email address of the point of contact" - }, - "name": { - "type": "string", - "description": "Name of the point of contact" - } + } + }, + "categories": { + "type": "array", + "description": "Categories the project belongs to. Select from: https://yml.publiccode.tools/categories-list.html", + "items": { + "type": "string" + } + }, + "softwareType": { + "type": "string", + "description": "Type of software", + "enum": [ + "standalone/mobile", + "standalone/iot", + "standalone/desktop", + "standalone/web", + "standalone/backend", + "standalone/other", + "addon", + "library", + "configurationFiles" + ] + }, + "languages": { + "type": "array", + "description": "Programming languages that make up the codebase", + "items": { + "type": "string" + } + }, + "maintenance": { + "type": "string", + "description": "The dedicated staff that keeps the software up-to-date, if any", + "enum": [ + "internal", + "contract", + "community", + "none" + ] + }, + "contractNumber": { + "type": "array", + "description": "Contract number(s) under which the project was developed", + "items": { + "type": "string" + } + }, + "date": { + "type": "object", + "description": "A date object describing the release", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "Creation date of project." + }, + "lastModified": { + "type": "string", + "format": "date-time", + "description": "Date when the project was last modified" + }, + "metaDataLastUpdated": { + "type": "string", + "format": "date-time", + "description": "Date when metadata was last updated" } - }, - "feedbackMechanisms": { - "type": "array", - "description": "Methods a repository receives feedback from the community. Default value is the URL to GitHub repository issues page.", - "items": { - "type": "string" + } + }, + "tags": { + "type": "array", + "description": "Topics and keywords associated with the project to improve search and discoverability", + "items": { + "type": "string" + } + }, + "contact": { + "type": "object", + "description": "Point of contact for the release", + "properties": { + "email": { + "type": "string", + "format": "email", + "description": "Email address of the point of contact" + }, + "name": { + "type": "string", + "description": "Name of the point of contact" } - }, - "localisation": { - "type": "boolean", - "description": "Indicates if the project supports multiple languages" - }, - "repositoryType": { + } + }, + "feedbackMechanisms": { + "type": "string", + "format": "uri", + "description": "Method a repository receives feedback from the community (i.e. URL to GitHub repository issues page)" + }, + "localisation": { + "type": "boolean", + "description": "Indicates if the project supports multiple languages" + }, + "repositoryType": { + "type": "string", + "description": "Purpose and functionality of the repository", + "enum": [ + "package", + "website", + "standards", + "libraries", + "data", + "application", + "tools", + "APIs" + ] + }, + "userInput": { + "type": "boolean", + "description": "Does the software accept user input?" + }, + "fismaLevel": { + "type": "string", + "description": "Level of security categorization assigned to an information system under the Federal Information Security Modernization Act (FISMA): https://security.cms.gov/learn/federal-information-security-modernization-act-fisma", + "enum": [ + "Low", + "Moderate", + "High" + ] + }, + "group": { + "type": "string", + "description": "Home Department / Org / Group associated with the project" + }, + "projects": { + "type": "array", + "description": "Project(s) that is associated or related to the repository, if any (e.g. Bluebutton, MPSM)", + "items": { + "type": "string" + } + }, + "systems": { + "type": "array", + "description": "CMS systems that the repository interfaces with or depends on, if any (e.g. IDR, PECOS)", + "items": { + "type": "string" + } + }, + "upstream": { + "type": "string", + "description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM (https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)" + }, + "subsetInHealthcare": { + "type": "array", + "items": { "type": "string", - "description": "Purpose and functionality of the repository", "enum": [ - "package", - "website", - "standards", - "libraries", - "data", - "application", - "tools", - "APIs" + "Policy", + "Operational", + "Medicare", + "Medicaid" ] }, - "userInput": { - "type": "boolean", - "description": "Does the software accept user input?" - }, - "fismaLevel": { + "description": "Healthcare-related subset" + }, + "userType": { + "type": "array", + "items": { "type": "string", - "description": "Level of security categorization assigned to an information system under the Federal Information Security Modernization Act (FISMA): https://security.cms.gov/learn/federal-information-security-modernization-act-fisma", "enum": [ - "Low", - "Moderate", - "High" + "Providers", + "Patients", + "Government" ] }, - "group": { - "type": "string", - "description": "Home Department / Org / Group associated with the project" - }, - "projects": { - "type": "array", - "description": "Project(s) that is associated or related to the repository, if any (e.g. Bluebutton, MPSM)", - "items": { - "type": "string" - } - }, - "systems": { - "type": "array", - "description": "CMS systems that the repository interfaces with or depends on, if any (e.g. IDR, PECOS)", - "items": { - "type": "string" - } - }, - "upstream": { - "type": "string", - "description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM (https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)" - }, - "subsetInHealthcare": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "Policy", - "Operational", - "Medicare", - "Medicaid" - ] - }, - "description": "Healthcare-related subset" - }, - "userType": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "Providers", - "Patients", - "Government" - ] - }, - "description": "Types of users who interact with the software" - }, - "maturityModelTier": { - "type": "integer", - "enum": [ - 0, - 1, - 2, - 3, - 4 - ], - "description": "Maturity model tier according to the CMS Open Source Repository Maturity Model Framework: https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md" - } + "description": "Types of users who interact with the software" + }, + "maturityModelTier": { + "type": "integer", + "enum": [ + 0, + 1, + 2, + 3, + 4 + ], + "description": "Maturity model tier according to the CMS Open Source Repository Maturity Model Framework: https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md" } }, "required": [ @@ -403,4 +401,4 @@ "maturityModelTier" ], "additionalProperties": false -} +} \ No newline at end of file diff --git a/schemas/cms/schema-0.2.0.json b/schemas/cms/schema-0.2.0.json new file mode 100644 index 0000000..eb53488 --- /dev/null +++ b/schemas/cms/schema-0.2.0.json @@ -0,0 +1,419 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "CMS Code.json Metadata", + "description": "A metadata standard for software repositories of CMS", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the project or software" + }, + "description": { + "type": "string", + "description": "A one or two sentence description of the software." + }, + "longDescription": { + "type": "string", + "description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.", + "minLength": 150, + "maxLength": 10000 + }, + "status": { + "type": "string", + "enum": [ + "Ideation", + "Development", + "Alpha", + "Beta", + "Release Candidate", + "Production", + "Archival" + ], + "description": "Development status of the project" + }, + "permissions": { + "type": "object", + "description": "An object containing description of the usage/restrictions regarding the release", + "properties": { + "licenses": { + "type": "array", + "description": "License(s) for the release", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "enum": [ + "CC0-1.0", + "Apache-2.0", + "MIT", + "MPL-2.0", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-only", + "LGPL-3.0-only", + "BSD-2-Clause", + "BSD-3-Clause", + "EPL-2.0", + "Other", + "None" + ], + "description": "An abbreviation for the name of the license" + }, + "URL": { + "type": "string", + "format": "uri", + "description": "The URL of the release license in the repository" + } + }, + "required": [ + "name", + "URL" + ] + } + }, + "usageType": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "openSource", + "governmentWideReuse", + "exemptByNationalSecurity", + "exemptByNationalIntelligence", + "exemptByFOIA", + "exemptByEAR", + "exemptByITAR", + "exemptByTSA", + "exemptByClassifiedInformation", + "exemptByPrivacyRisk", + "exemptByIPRestriction", + "exemptByAgencySystem", + "exemptByAgencyMission", + "exemptByCIO", + "exemptByPolicyDate" + ] + }, + "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agencyโ€™s systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", + "additionalProperties": false + }, + "exemptionText": { + "type": [ + "string", + "null" + ], + "description": "If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used." + } + }, + "additionalProperties": false, + "required": [ + "licenses", + "usageType" + ] + }, + "organization": { + "type": "string", + "description": "Organization responsible for the project", + "enum": [ + "Centers for Medicare & Medicaid Services" + ] + }, + "repositoryURL": { + "type": "string", + "format": "uri", + "description": "The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed." + }, + "projectURL": { + "type": "string", + "format": "uri", + "description": "URL to landing page, demo, or production instance of project" + }, + "repositoryHost": { + "type": "string", + "description": "Location where source code is hosted", + "enum": [ + "github.com/CMSgov", + "github.com/CMS-Enterprise", + "github.com/Enterprise-CMCS", + "github.com/DSACMS", + "github.cms.gov", + "CCSQ GitHub" + ] + }, + "repositoryVisibility": { + "type": "string", + "enum": [ + "public", + "private" + ], + "description": "Visibility of repository" + }, + "vcs": { + "type": "string", + "description": "Version control system used", + "enum": [ + "git", + "hg", + "svn", + "rcs", + "bzr" + ] + }, + "laborHours": { + "type": "number", + "description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo" + }, + "reuseFrequency": { + "type": "object", + "description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)", + "properties": { + "forks": { + "type": "integer" + }, + "clones": { + "type": "integer" + } + }, + "additionalProperties": true + }, + "platforms": { + "type": "array", + "description": "Platforms supported by the project", + "items": { + "type": "string", + "enum": [ + "web", + "windows", + "mac", + "linux", + "ios", + "android", + "other" + ] + } + }, + "categories": { + "type": "array", + "description": "Categories the project belongs to. Select from: https://yml.publiccode.tools/categories-list.html", + "items": { + "type": "string" + } + }, + "softwareType": { + "type": "string", + "description": "Type of software", + "enum": [ + "standalone/mobile", + "standalone/iot", + "standalone/desktop", + "standalone/web", + "standalone/backend", + "standalone/other", + "addon", + "library", + "configurationFiles" + ] + }, + "languages": { + "type": "array", + "description": "Programming languages that make up the codebase", + "items": { + "type": "string" + } + }, + "maintenance": { + "type": "string", + "description": "The dedicated staff that keeps the software up-to-date, if any", + "enum": [ + "internal", + "contract", + "community", + "none" + ] + }, + "contractNumber": { + "type": "array", + "description": "Contract number(s) under which the project was developed", + "items": { + "type": "string" + } + }, + "date": { + "type": "object", + "description": "A date object describing the release", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "Creation date of project." + }, + "lastModified": { + "type": "string", + "format": "date-time", + "description": "Date when the project was last modified" + }, + "metaDataLastUpdated": { + "type": "string", + "format": "date-time", + "description": "Date when metadata was last updated" + } + } + }, + "tags": { + "type": "array", + "description": "Topics and keywords associated with the project to improve search and discoverability", + "items": { + "type": "string" + } + }, + "contact": { + "type": "object", + "description": "Point of contact for the release", + "properties": { + "email": { + "type": "string", + "format": "email", + "description": "Email address of the point of contact" + }, + "name": { + "type": "string", + "description": "Name of the point of contact" + } + } + }, + "feedbackMechanisms": { + "type": "string", + "format": "uri", + "description": "Method a repository receives feedback from the community (i.e. URL to GitHub repository issues page)" + }, + "AIUseCaseInventory": { + "type": "boolean", + "description": "Is the software included in the agency's AI use case inventory?" + }, + "localisation": { + "type": "boolean", + "description": "Indicates if the project supports multiple languages" + }, + "repositoryType": { + "type": "string", + "description": "Purpose and functionality of the repository", + "enum": [ + "package", + "website", + "standards", + "libraries", + "data", + "application", + "tools", + "APIs" + ] + }, + "userInput": { + "type": "boolean", + "description": "Does the software accept user input?" + }, + "fismaLevel": { + "type": "string", + "description": "Level of security categorization assigned to an information system under the Federal Information Security Modernization Act (FISMA): https://security.cms.gov/learn/federal-information-security-modernization-act-fisma", + "enum": [ + "Low", + "Moderate", + "High" + ] + }, + "group": { + "type": "string", + "description": "Home Department / Org / Group associated with the project" + }, + "projects": { + "type": "array", + "description": "Project(s) that is associated or related to the repository, if any (e.g. Bluebutton, MPSM)", + "items": { + "type": "string" + } + }, + "systems": { + "type": "array", + "description": "CMS systems that the repository interfaces with or depends on, if any (e.g. IDR, PECOS)", + "items": { + "type": "string" + } + }, + "upstream": { + "type": "string", + "description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM (https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)" + }, + "subsetInHealthcare": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "Policy", + "Operational", + "Medicare", + "Medicaid" + ] + }, + "description": "Healthcare-related subset" + }, + "userType": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "Providers", + "Patients", + "Government" + ] + }, + "description": "Types of users who interact with the software" + }, + "maturityModelTier": { + "type": "integer", + "enum": [ + 0, + 1, + 2, + 3, + 4 + ], + "description": "Maturity model tier according to the CMS Open Source Repository Maturity Model Framework: https://github.com/DSACMS/repo-scaffolder/blob/main/maturity-model-tiers.md" + } + }, + "required": [ + "name", + "description", + "longDescription", + "status", + "permissions", + "organization", + "repositoryURL", + "repositoryHost", + "repositoryVisibility", + "vcs", + "laborHours", + "reuseFrequency", + "platforms", + "categories", + "softwareType", + "languages", + "maintenance", + "contractNumber", + "date", + "tags", + "contact", + "feedbackMechanisms", + "AIUseCaseInventory", + "localisation", + "repositoryType", + "userInput", + "fismaLevel", + "group", + "projects", + "subsetInHealthcare", + "userType", + "maturityModelTier" + ], + "additionalProperties": false +} \ No newline at end of file diff --git a/schemas/schema-2.0.0.json b/schemas/schema-2.0.0.json index 2c451c7..4bb7729 100644 --- a/schemas/schema-2.0.0.json +++ b/schemas/schema-2.0.0.json @@ -75,7 +75,7 @@ "openSource", "governmentWideReuse", "exemptByNationalSecurity", - "exemptByIntelligence", + "exemptByNationalIntelligence", "exemptByFOIA", "exemptByEAR", "exemptByITAR",