From d1f141feeb31d73016073c154fe58720b35fd3a3 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Tue, 16 Sep 2025 11:11:05 -0700 Subject: [PATCH 1/6] Update code.json schema tables Signed-off-by: Natalia Luzuriaga --- docs/metadata.md | 184 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 166 insertions(+), 18 deletions(-) diff --git a/docs/metadata.md b/docs/metadata.md index 7cc52d6..155511a 100644 --- a/docs/metadata.md +++ b/docs/metadata.md @@ -74,6 +74,14 @@ We encourage agencies to contribute by [submitting an agency schema addition iss Name of the project or software + + version + optional + πŸ‡ΊπŸ‡Έ + str + The version for this release + + description required @@ -169,6 +177,38 @@ We encourage agencies to contribute by [submitting an agency schema addition iss - private + + homepageURL + optional + πŸ‡ΊπŸ‡Έ + str + The URL of the public release homepage + + + + downloadURL + optional + πŸ‡ΊπŸ‡Έ + str + The URL where a distribution of the release can be found + + + + disclaimerURL + optional + πŸ‡ΊπŸ‡Έ + str + The URL where disclaimer language regarding the release can be found + + + + disclaimerText + optional + πŸ‡ΊπŸ‡Έ + str + Short paragraph that includes disclaimer language to accompany the release + + vcs required @@ -199,6 +239,14 @@ We encourage agencies to contribute by [submitting an agency schema addition iss Measures frequency of code reuse in various forms + + languages + required + πŸ‡ΊπŸ‡Έ + arr + Programming languages that make up the codebase + + maintenance required @@ -220,6 +268,44 @@ We encourage agencies to contribute by [submitting an agency schema addition iss Contract number + + SBOM + required + πŸ‡ΊπŸ‡Έ + str + Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies) + + + + relatedCode/name
relatedCode/URL
relatedCode/isGovernmentRepo + optional + πŸ‡ΊπŸ‡Έ + obj + An array of affiliated government repositories that may be a part of the same project + relatedCode for 'code-gov-front-end' would include 'code-gov-api' and 'code-gov-api-client' + + + reusedCode/name
reusedCode/URL + optional + πŸ‡ΊπŸ‡Έ + obj + An array of government source code, libraries, frameworks, APIs, platforms or other software used in this release + + - US Web Design Standards
+ - cloud.gov
+ - Federalist
+ - Digital Services Playbook
+ - Analytics Reporter
+ + + + partners/name
partners/email + optional + πŸ‡ΊπŸ‡Έ + obj + An array of objects including an acronym for each agency partnering on the release and the contact email at such agency + + date/created
date/lastModified date/metadataLastUpdated required @@ -324,6 +410,14 @@ Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). Name of the project or software + + version + optional + πŸ‡ΊπŸ‡Έ + str + The version for this release + + description required @@ -415,14 +509,6 @@ Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed. - - projectURL - optional - CMS Logo - str - URL to landing page, demo, or production instance of project - - repositoryHost required @@ -448,6 +534,38 @@ Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). - public
- private + + + homepageURL + optional + πŸ‡ΊπŸ‡Έ + str + The URL of the public release homepage + + + + downloadURL + optional + πŸ‡ΊπŸ‡Έ + str + The URL where a distribution of the release can be found + + + + disclaimerURL + optional + πŸ‡ΊπŸ‡Έ + str + The URL where disclaimer language regarding the release can be found + + + + disclaimerText + optional + πŸ‡ΊπŸ‡Έ + str + Short paragraph that includes disclaimer language to accompany the release + vcs @@ -542,7 +660,7 @@ Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). - none - + contractNumber required πŸ“œ @@ -550,6 +668,44 @@ Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). Contract number + + SBOM + required + πŸ‡ΊπŸ‡Έ + str + Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies) + + + + relatedCode/name
relatedCode/URL
relatedCode/isGovernmentRepo + optional + πŸ‡ΊπŸ‡Έ + obj + An array of affiliated government repositories that may be a part of the same project + relatedCode for 'code-gov-front-end' would include 'code-gov-api' and 'code-gov-api-client' + + + reusedCode/name
reusedCode/URL + optional + πŸ‡ΊπŸ‡Έ + obj + An array of government source code, libraries, frameworks, APIs, platforms or other software used in this release + + - US Web Design Standards
+ - cloud.gov
+ - Federalist
+ - Digital Services Playbook
+ - Analytics Reporter
+ + + + partners/name
partners/email + optional + πŸ‡ΊπŸ‡Έ + obj + An array of objects including an acronym for each agency partnering on the release and the contact email at such agency + + date/created
date/lastModified date/metadataLastUpdated required @@ -653,7 +809,7 @@ Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). - project + projects required CMS Logo arr @@ -669,14 +825,6 @@ Full schema can be found in [schema-2.0.0.json](../schemas/schema-2.0.0.json). IDR, PECOS - upstream - optional - CMS Logo - arr - Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM (https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies) - augur, uswds - - subsetInHealthcare required CMS Logo From d8ce12f36f42a33da908a8091e89b975a62dc845 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Tue, 16 Sep 2025 12:06:23 -0700 Subject: [PATCH 2/6] Add new section on tools developed by other teams and agencies Signed-off-by: Natalia Luzuriaga --- docs/procedures.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/procedures.md b/docs/procedures.md index 1ec57b9..5360245 100644 --- a/docs/procedures.md +++ b/docs/procedures.md @@ -13,6 +13,9 @@ The CMS Open Source Program Office developed various tools that can automate det ***Procedures for Agencies**: [Generate an agency-index.json file for submission](#generate-an-agency-indexjson-file-for-agencies) - [codejson-index-generator](#using-codejson-index-generator) +[Tools created by other teams and agencies](#tools-created-by-other-teams-and-agencies) +- [CMS CMCS](#cms-cmcs-codejson-aggregator) +- [CDC](#cdc-share-it-act-repository) ## Creating a code.json file in your repository @@ -23,7 +26,6 @@ The CMS Open Source Program Office developed various tools that can automate det Users can fill out a web form that creates a code.json file to be uploaded to a project's source code repository: https://dsacms.github.io/codejson-generator. - ### Using automated-codejson-generator *This method works best for repositories hosted on GitHub with GitHub Actions enabled.* @@ -143,3 +145,17 @@ python main.py --agency AGENCY_NAME --orgs "org1,org2" --output code.json --vers ```bash python3 main.py --agency CMS --orgs "DSACMS,CMSgov,CMS-Enterprise" --output code.json --version 1.0.0 ``` + +## Tools created by other teams and agencies + +Below are tools other teams and agencies developed to create a consolidated software inventory for the SHARE IT Act. They include methods to retrieve necessary metadata from private and internal repositories. + +### CMS CMCS code.json aggregator + +mac-fc-aggregate-codejson aggregates code.json files from all private and internal repositories in a GitHub organization +https://github.com/Enterprise-CMCS/mac-fc-aggregate-code-json + +## CDC SHARE IT Act Repository + +The CDC SHARE IT Act Repository gathers and consolidates repository metadata from various code environments by generating code.json files in all repositories, having project teams review and correct information for accuracy, then creating an index file containing all aggregated code.json metadata. +https://github.com/CDCgov/ShareIT-Act \ No newline at end of file From 9f1b37b6799aacbb8eae659e04d55a0a02cdc998 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 17 Sep 2025 11:56:59 -0700 Subject: [PATCH 3/6] Update procedures.md --- docs/procedures.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/procedures.md b/docs/procedures.md index 5360245..30796b0 100644 --- a/docs/procedures.md +++ b/docs/procedures.md @@ -15,7 +15,7 @@ The CMS Open Source Program Office developed various tools that can automate det - [codejson-index-generator](#using-codejson-index-generator) [Tools created by other teams and agencies](#tools-created-by-other-teams-and-agencies) - [CMS CMCS](#cms-cmcs-codejson-aggregator) -- [CDC](#cdc-share-it-act-repository) +- [CDC](#cdc-share-it-act-repository-scanner-tool) ## Creating a code.json file in your repository @@ -155,7 +155,8 @@ Below are tools other teams and agencies developed to create a consolidated soft mac-fc-aggregate-codejson aggregates code.json files from all private and internal repositories in a GitHub organization https://github.com/Enterprise-CMCS/mac-fc-aggregate-code-json -## CDC SHARE IT Act Repository +## CDC SHARE IT Act Repository Scanner Tool The CDC SHARE IT Act Repository gathers and consolidates repository metadata from various code environments by generating code.json files in all repositories, having project teams review and correct information for accuracy, then creating an index file containing all aggregated code.json metadata. -https://github.com/CDCgov/ShareIT-Act \ No newline at end of file +https://github.com/CDCgov/ShareIT-Act +https://github.com/OCIO-ricky/ShareITAct_RepoScanning From 17fae60b284246433b4f7c5534c81636592891c3 Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 17 Sep 2025 11:57:48 -0700 Subject: [PATCH 4/6] Update procedures.md --- docs/procedures.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/procedures.md b/docs/procedures.md index 30796b0..5b65f8d 100644 --- a/docs/procedures.md +++ b/docs/procedures.md @@ -13,6 +13,7 @@ The CMS Open Source Program Office developed various tools that can automate det ***Procedures for Agencies**: [Generate an agency-index.json file for submission](#generate-an-agency-indexjson-file-for-agencies) - [codejson-index-generator](#using-codejson-index-generator) + [Tools created by other teams and agencies](#tools-created-by-other-teams-and-agencies) - [CMS CMCS](#cms-cmcs-codejson-aggregator) - [CDC](#cdc-share-it-act-repository-scanner-tool) From 25bfb50dbef287a41d9eec0599556d1155351e1a Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 17 Sep 2025 11:58:36 -0700 Subject: [PATCH 5/6] Update procedures.md --- docs/procedures.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/procedures.md b/docs/procedures.md index 5b65f8d..d0940e2 100644 --- a/docs/procedures.md +++ b/docs/procedures.md @@ -5,12 +5,14 @@ The CMS Open Source Program Office developed various tools that can automate det > **Learn more about our SHARE IT Act tools**: https://dsacms.github.io/share-it-act-lp/ **Procedures for Project Teams**: + [Creating a code.json file in your repository](#creating-a-codejson-file-in-your-repository) - [code.json generator form site](#using-form-site) - [automated-codejson-generator GitHub Action](#using-automated-codejson-generator) - [repo-scaffolder](#using-repo-scaffolder) -***Procedures for Agencies**: +**Procedures for Agencies**: + [Generate an agency-index.json file for submission](#generate-an-agency-indexjson-file-for-agencies) - [codejson-index-generator](#using-codejson-index-generator) From d769a890bdc6b1dbaca4dc5e734c57a5b33136cf Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Wed, 17 Sep 2025 11:59:45 -0700 Subject: [PATCH 6/6] Update procedures.md --- docs/procedures.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/procedures.md b/docs/procedures.md index d0940e2..617dae2 100644 --- a/docs/procedures.md +++ b/docs/procedures.md @@ -155,11 +155,11 @@ Below are tools other teams and agencies developed to create a consolidated soft ### CMS CMCS code.json aggregator -mac-fc-aggregate-codejson aggregates code.json files from all private and internal repositories in a GitHub organization +mac-fc-aggregate-codejson aggregates code.json files from all private and internal repositories in a GitHub organization. https://github.com/Enterprise-CMCS/mac-fc-aggregate-code-json ## CDC SHARE IT Act Repository Scanner Tool -The CDC SHARE IT Act Repository gathers and consolidates repository metadata from various code environments by generating code.json files in all repositories, having project teams review and correct information for accuracy, then creating an index file containing all aggregated code.json metadata. -https://github.com/CDCgov/ShareIT-Act -https://github.com/OCIO-ricky/ShareITAct_RepoScanning +The CDC SHARE IT Act Repository Scanner Tool gathers and consolidates repository metadata from various code environments by generating code.json files in all repositories, having project teams review and correct information for accuracy, then creating an index file containing all aggregated code.json metadata. +- https://github.com/CDCgov/ShareIT-Act +- https://github.com/OCIO-ricky/ShareITAct_RepoScanning