diff --git a/.github/workflows/json-schema-tests.yml b/.github/workflows/json-schema-tests.yml index 6d65910..be93a49 100644 --- a/.github/workflows/json-schema-tests.yml +++ b/.github/workflows/json-schema-tests.yml @@ -21,7 +21,7 @@ jobs: uses: GrantBirki/json-yaml-validate@v3.3.2 # replace with the latest version with: comment: "true" - json_schema_version: "draft-04" + json_schema_version: "draft-2020-12" schema-tests: runs-on: ubuntu-latest diff --git a/code.json b/code.json index ebd855c..8b6b858 100644 --- a/code.json +++ b/code.json @@ -37,6 +37,7 @@ ], "maintenance": "community", "contractNumber": [], + "SBOM": "https://github.com/DSACMS/gov-codejson/network/dependencies", "date": { "created": "2025-02-04T21:59:53Z", "lastModified": "2025-08-13T22:27:54Z", @@ -69,7 +70,6 @@ "SHARE IT Act" ], "systems": [], - "upstream": "https://github.com/DSACMS/gov-codejson/network/dependencies", "subsetInHealthcare": [ "operational" ], diff --git a/schemas/cms/schema-0.2.0.json b/schemas/cms/schema-0.2.0.json index 9b9e036..ba9cf2d 100644 --- a/schemas/cms/schema-0.2.0.json +++ b/schemas/cms/schema-0.2.0.json @@ -1,6 +1,7 @@ { - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "CMS Code.json Metadata", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://dsacms.github.io/code-json-schema.json", + "title": "CMS code.json metadata", "description": "A metadata standard for software repositories of CMS", "type": "object", "properties": { @@ -70,7 +71,8 @@ "required": [ "name", "URL" - ] + ], + "additionalProperties": false } }, "usageType": { @@ -95,8 +97,7 @@ "exemptByPolicyDate" ] }, - "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", - "additionalProperties": false + "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency's systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)" }, "exemptionText": { "type": [ @@ -157,11 +158,13 @@ "hg", "svn", "rcs", - "bzr" + "bzr", + "none" ] }, "laborHours": { "type": "number", + "minimum": 0, "description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo" }, "reuseFrequency": { @@ -169,10 +172,12 @@ "description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)", "properties": { "forks": { - "type": "integer" + "type": "integer", + "minimum": 0 }, "clones": { - "type": "integer" + "type": "integer", + "minimum": 0 } }, "additionalProperties": true @@ -191,14 +196,16 @@ "android", "other" ] - } + }, + "uniqueItems": true }, "categories": { "type": "array", "description": "Categories the project belongs to. Select from: https://yml.publiccode.tools/categories-list.html", "items": { "type": "string" - } + }, + "uniqueItems": true }, "softwareType": { "type": "string", @@ -220,7 +227,8 @@ "description": "Programming languages that make up the codebase", "items": { "type": "string" - } + }, + "uniqueItems": true }, "maintenance": { "type": "string", @@ -237,7 +245,12 @@ "description": "Contract number(s) under which the project was developed", "items": { "type": "string" - } + }, + "uniqueItems": true + }, + "SBOM": { + "type": "string", + "description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)" }, "date": { "type": "object", @@ -258,14 +271,16 @@ "format": "date-time", "description": "Date when metadata was last updated" } - } + }, + "additionalProperties": false }, "tags": { "type": "array", "description": "Topics and keywords associated with the project to improve search and discoverability", "items": { "type": "string" - } + }, + "uniqueItems": true }, "contact": { "type": "object", @@ -280,7 +295,8 @@ "type": "string", "description": "Name of the point of contact" } - } + }, + "additionalProperties": false }, "feedbackMechanism": { "type": "string", @@ -331,18 +347,16 @@ "description": "Project(s) that is associated or related to the repository, if any (e.g. Bluebutton, MPSM)", "items": { "type": "string" - } + }, + "uniqueItems": true }, "systems": { "type": "array", "description": "CMS systems that the repository interfaces with or depends on, if any (e.g. IDR, PECOS)", "items": { "type": "string" - } - }, - "upstream": { - "type": "string", - "description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM (https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)" + }, + "uniqueItems": true }, "subsetInHealthcare": { "type": "array", @@ -355,7 +369,8 @@ "medicaid" ] }, - "description": "Healthcare-related subset" + "description": "Healthcare-related subset", + "uniqueItems": true }, "userType": { "type": "array", @@ -367,7 +382,8 @@ "government" ] }, - "description": "Types of users who interact with the software" + "description": "Types of users who interact with the software", + "uniqueItems": true }, "maturityModelTier": { "type": "integer", @@ -400,6 +416,7 @@ "languages", "maintenance", "contractNumber", + "SBOM", "date", "tags", "contact", diff --git a/schemas/schema-2.0.0.json b/schemas/schema-2.0.0.json index a01e16b..3521d50 100644 --- a/schemas/schema-2.0.0.json +++ b/schemas/schema-2.0.0.json @@ -1,5 +1,6 @@ { - "$schema": "http://json-schema.org/draft-04/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://dsacms.github.io/code-json-schema.json", "title": "code.json metadata", "description": "A metadata standard for software repositories", "type": "object", @@ -64,7 +65,8 @@ "required": [ "name", "URL" - ] + ], + "additionalProperties": false } }, "usageType": { @@ -89,8 +91,7 @@ "exemptByPolicyDate" ] }, - "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)", - "additionalProperties": false + "description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency's systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)" }, "exemptionText": { "type": [ @@ -131,11 +132,13 @@ "hg", "svn", "rcs", - "bzr" + "bzr", + "none" ] }, "laborHours": { "type": "number", + "minimum": 0, "description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo" }, "reuseFrequency": { @@ -143,10 +146,12 @@ "description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)", "properties": { "forks": { - "type": "integer" + "type": "integer", + "minimum": 0 }, "clones": { - "type": "integer" + "type": "integer", + "minimum": 0 } }, "additionalProperties": true @@ -156,7 +161,8 @@ "description": "Programming languages that make up the codebase", "items": { "type": "string" - } + }, + "uniqueItems": true }, "maintenance": { "type": "string", @@ -173,7 +179,12 @@ "description": "Contract number(s) under which the project was developed", "items": { "type": "string" - } + }, + "uniqueItems": true + }, + "SBOM": { + "type": "string", + "description": "Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies)" }, "date": { "type": "object", @@ -194,14 +205,16 @@ "format": "date-time", "description": "Date when metadata was last updated" } - } + }, + "additionalProperties": false }, "tags": { "type": "array", "description": "Topics and keywords associated with the project to improve search and discoverability", "items": { "type": "string" - } + }, + "uniqueItems": true }, "contact": { "type": "object", @@ -216,7 +229,8 @@ "type": "string", "description": "Name of the point of contact" } - } + }, + "additionalProperties": false }, "feedbackMechanism": { "type": "string", @@ -242,6 +256,7 @@ "languages", "maintenance", "contractNumber", + "SBOM", "date", "tags", "contact", diff --git a/tests/examples/codejson-example-dedupliFHIR.json b/tests/examples/codejson-example-dedupliFHIR.json index f7af54b..1d7afac 100644 --- a/tests/examples/codejson-example-dedupliFHIR.json +++ b/tests/examples/codejson-example-dedupliFHIR.json @@ -46,6 +46,7 @@ ], "maintenance": "internal", "contractNumber": [], + "SBOM": "https://github.com/DSACMS/dedupliFHIR/network/dependencies", "date": { "created": "2023-06-22T17:08:19Z", "lastModified": "2025-02-13T18:44:26Z", @@ -72,7 +73,6 @@ "group": "CMS/OA/DSAC", "projects": [], "systems": [], - "upstream": "https://github.com/DSACMS/dedupliFHIR/network/dependencies", "subsetInHealthcare": [ "operational" ], diff --git a/tests/examples/codejson-example-metrics.json b/tests/examples/codejson-example-metrics.json index 5a448e7..ea08875 100644 --- a/tests/examples/codejson-example-metrics.json +++ b/tests/examples/codejson-example-metrics.json @@ -43,6 +43,7 @@ ], "maintenance": "internal", "contractNumber": [], + "SBOM": "https://github.com/DSACMS/metrics/network/dependencies", "date": { "created": "2023-07-18T14:10:58Z", "lastModified": "2025-06-01T11:36:12Z", @@ -67,7 +68,6 @@ "group": "CMS/OA/DSAC", "projects": [], "systems": [], - "upstream": "https://github.com/DSACMS/metrics/network/dependencies", "subsetInHealthcare": [ "operational" ],