Skip to content

Schemas: Update schema to use JSON v2020-12 and validation #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
natalialuzuriaga merged 5 commits into from
Sep 3, 2025
Merged

Schemas: Update schema to use JSON v2020-12 and validation #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f1e54bd
Changed gov schema to include usage of JSON 2020-12. Included new SBO…
natalialuzuriaga Aug 25, 2025
cce3480
Added validation contraints and updated additionalProperties usage
natalialuzuriaga Aug 25, 2025
99bf0e7
Updated tests
natalialuzuriaga Aug 25, 2025
57cd0c6
Update CMS schema to reflect gov schema latest changes
natalialuzuriaga Aug 26, 2025
6507306
Removed upstream field from CMS schema
natalialuzuriaga Aug 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/json-schema-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
uses: GrantBirki/json-yaml-validate@v3.3.2 # replace with the latest version
with:
comment: "true"
json_schema_version: "draft-04"
json_schema_version: "draft-2020-12"

schema-tests:
runs-on: ubuntu-latest
Expand Down
2 changes: 1 addition & 1 deletion code.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
],
"maintenance": "community",
"contractNumber": [],
"SBOM": "https://github.com/DSACMS/gov-codejson/network/dependencies",
"date": {
"created": "2025-02-04T21:59:53Z",
"lastModified": "2025-08-13T22:27:54Z",
Expand Down Expand Up @@ -69,7 +70,6 @@
"SHARE IT Act"
],
"systems": [],
"upstream": "https://github.com/DSACMS/gov-codejson/network/dependencies",
"subsetInHealthcare": [
"operational"
],
Expand Down
63 changes: 40 additions & 23 deletions schemas/cms/schema-0.2.0.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "CMS Code.json Metadata",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://dsacms.github.io/code-json-schema.json",
"title": "CMS code.json metadata",
"description": "A metadata standard for software repositories of CMS",
"type": "object",
"properties": {
Expand Down Expand Up @@ -70,7 +71,8 @@
"required": [
"name",
"URL"
]
],
"additionalProperties": false
}
},
"usageType": {
Expand All @@ -95,8 +97,7 @@
"exemptByPolicyDate"
]
},
"description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)",
"additionalProperties": false
"description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency's systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)"
},
"exemptionText": {
"type": [
Expand Down Expand Up @@ -157,22 +158,26 @@
"hg",
"svn",
"rcs",
"bzr"
"bzr",
"none"
]
},
"laborHours": {
"type": "number",
"minimum": 0,
"description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo"
},
"reuseFrequency": {
"type": "object",
"description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)",
"properties": {
"forks": {
"type": "integer"
"type": "integer",
"minimum": 0
},
"clones": {
"type": "integer"
"type": "integer",
"minimum": 0
}
},
"additionalProperties": true
Expand All @@ -191,14 +196,16 @@
"android",
"other"
]
}
},
"uniqueItems": true
},
"categories": {
"type": "array",
"description": "Categories the project belongs to. Select from: https://yml.publiccode.tools/categories-list.html",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"softwareType": {
"type": "string",
Expand All @@ -220,7 +227,8 @@
"description": "Programming languages that make up the codebase",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"maintenance": {
"type": "string",
Expand All @@ -237,7 +245,12 @@
"description": "Contract number(s) under which the project was developed",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"SBOM": {
"type": "string",
"description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)"
},
"date": {
"type": "object",
Expand All @@ -258,14 +271,16 @@
"format": "date-time",
"description": "Date when metadata was last updated"
}
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"description": "Topics and keywords associated with the project to improve search and discoverability",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"contact": {
"type": "object",
Expand All @@ -280,7 +295,8 @@
"type": "string",
"description": "Name of the point of contact"
}
}
},
"additionalProperties": false
},
"feedbackMechanism": {
"type": "string",
Expand Down Expand Up @@ -331,18 +347,16 @@
"description": "Project(s) that is associated or related to the repository, if any (e.g. Bluebutton, MPSM)",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"systems": {
"type": "array",
"description": "CMS systems that the repository interfaces with or depends on, if any (e.g. IDR, PECOS)",
"items": {
"type": "string"
}
},
"upstream": {
"type": "string",
"description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM (https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)"
},
"uniqueItems": true
},
"subsetInHealthcare": {
"type": "array",
Expand All @@ -355,7 +369,8 @@
"medicaid"
]
},
"description": "Healthcare-related subset"
"description": "Healthcare-related subset",
"uniqueItems": true
},
"userType": {
"type": "array",
Expand All @@ -367,7 +382,8 @@
"government"
]
},
"description": "Types of users who interact with the software"
"description": "Types of users who interact with the software",
"uniqueItems": true
},
"maturityModelTier": {
"type": "integer",
Expand Down Expand Up @@ -400,6 +416,7 @@
"languages",
"maintenance",
"contractNumber",
"SBOM",
"date",
"tags",
"contact",
Expand Down
39 changes: 27 additions & 12 deletions schemas/schema-2.0.0.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://dsacms.github.io/code-json-schema.json",
"title": "code.json metadata",
"description": "A metadata standard for software repositories",
"type": "object",
Expand Down Expand Up @@ -64,7 +65,8 @@
"required": [
"name",
"URL"
]
],
"additionalProperties": false
}
},
"usageType": {
Expand All @@ -89,8 +91,7 @@
"exemptByPolicyDate"
]
},
"description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)",
"additionalProperties": false
"description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency's systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)"
},
"exemptionText": {
"type": [
Expand Down Expand Up @@ -131,22 +132,26 @@
"hg",
"svn",
"rcs",
"bzr"
"bzr",
"none"
]
},
"laborHours": {
"type": "number",
"minimum": 0,
"description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo"
},
"reuseFrequency": {
"type": "object",
"description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)",
"properties": {
"forks": {
"type": "integer"
"type": "integer",
"minimum": 0
},
"clones": {
"type": "integer"
"type": "integer",
"minimum": 0
}
},
"additionalProperties": true
Expand All @@ -156,7 +161,8 @@
"description": "Programming languages that make up the codebase",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"maintenance": {
"type": "string",
Expand All @@ -173,7 +179,12 @@
"description": "Contract number(s) under which the project was developed",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"SBOM": {
"type": "string",
"description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)"
},
"date": {
"type": "object",
Expand All @@ -194,14 +205,16 @@
"format": "date-time",
"description": "Date when metadata was last updated"
}
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"description": "Topics and keywords associated with the project to improve search and discoverability",
"items": {
"type": "string"
}
},
"uniqueItems": true
},
"contact": {
"type": "object",
Expand All @@ -216,7 +229,8 @@
"type": "string",
"description": "Name of the point of contact"
}
}
},
"additionalProperties": false
},
"feedbackMechanism": {
"type": "string",
Expand All @@ -242,6 +256,7 @@
"languages",
"maintenance",
"contractNumber",
"SBOM",
"date",
"tags",
"contact",
Expand Down
2 changes: 1 addition & 1 deletion tests/examples/codejson-example-dedupliFHIR.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
],
"maintenance": "internal",
"contractNumber": [],
"SBOM": "https://github.com/DSACMS/dedupliFHIR/network/dependencies",
"date": {
"created": "2023-06-22T17:08:19Z",
"lastModified": "2025-02-13T18:44:26Z",
Expand All @@ -72,7 +73,6 @@
"group": "CMS/OA/DSAC",
"projects": [],
"systems": [],
"upstream": "https://github.com/DSACMS/dedupliFHIR/network/dependencies",
"subsetInHealthcare": [
"operational"
],
Expand Down
2 changes: 1 addition & 1 deletion tests/examples/codejson-example-metrics.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
],
"maintenance": "internal",
"contractNumber": [],
"SBOM": "https://github.com/DSACMS/metrics/network/dependencies",
"date": {
"created": "2023-07-18T14:10:58Z",
"lastModified": "2025-06-01T11:36:12Z",
Expand All @@ -67,7 +68,6 @@
"group": "CMS/OA/DSAC",
"projects": [],
"systems": [],
"upstream": "https://github.com/DSACMS/metrics/network/dependencies",
"subsetInHealthcare": [
"operational"
],
Expand Down
Loading