Skip to content

Schema: Create generic code.json metadata schema #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
natalialuzuriaga wants to merge 7 commits into from
Closed

Schema: Create generic code.json metadata schema #16

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2a7c528
Added more FAQs based on questions received
natalialuzuriaga Apr 16, 2025
0e011ab
Move schemas to CMS directory
natalialuzuriaga Apr 22, 2025
87b2db2
Added generic code.json schema
natalialuzuriaga Apr 22, 2025
ffceb8f
Update faq.md
natalialuzuriaga Apr 22, 2025
8efc8fd
Updated docs to include generic and agency schemas
natalialuzuriaga May 2, 2025
c606b87
Updated broken link in README
natalialuzuriaga May 2, 2025
37a1ced
Remove mentions of CMS code.json and added actionables for agencies
natalialuzuriaga May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 43 additions & 4 deletions docs/faq.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,59 @@
# Frequently Asked Questions (FAQ)
# Frequently Asked Questions (FAQs)

## Policies

### What is the Federal Source Code Policy / M-16-21?

### 1. What is the Federal Source Code Policy / M-16-21?
The Federal Source Code Policy (M-16-21) is a policy issued by the U.S. government that aims to improve software reuse and collaboration across federal agencies. It requires agencies to:

- Create an inventory of their custom developed code.
- Share code within and across agencies to reduce duplication and costs.
- Maintain metadata records of their software assets for transparency and tracking.

### 2. What is the SHARE IT Act of 2024?
### What is the SHARE IT Act of 2024?

The SHARE IT Act of 2024 is legislation designed to enhance transparency, collaboration, and efficiency in government software development. It mandates:

- Greater adoption of open source software in federal agencies.
- Improved sharing of government software projects with the public.
- Standardized reporting on software development and licensing practices.
- Establishment of metadata guidelines to ensure clear documentation and discoverability of software assets.

### 3. What is code.json?
### Does the SHARE IT Act also apply retroactively to previous custom-developed code?

No. The SHARE IT Act applies only to custom-developed code created on or after July 21, 2025. Code developed prior to this date is not subject to its requirements, however, code created after August 8, 2016 is subject to the Federal Source Code Policy.

### Are there any source code exemptions under the SHARE IT Act?

There are [4 exemptions](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih#HB45699B7E8734166BE2F6DA2A80F7909):

1. Source code developed primarily for use in a national security system
2. Source code developed by an agency, or part of an agency, that is an element of the intelligence community
3. Source code that falls under the Freedom of Information Act
4. Source code identified by the agency’s CIO

### Does SHARE IT Act apply to data analysis code?

Yes. All custom-developed code—whether it involves software applications, data analysis, infrastructure/devops, interoperability, or internal tools/scripts—must reside in a repository, unless it qualifies for one of the [four exemptions](https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih#HB45699B7E8734166BE2F6DA2A80F7909).

## code.json Metadata Standard

### What is code.json?

`code.json` is a metadata file used by U.S. federal agencies to document and share their software projects. It provides:

- A standardized format for describing open source and custom developed software.
- Key details such as the project's name, description, license, repository URL, and labor hours.
- Integration with government wide platforms to facilitate code sharing and reuse.

### Why is code.json important?

By collecting metadata on every software project, this allows the agency to build a comprehensive inventory of agency software, enabling strategic decisions about cost reduction and efficiencies through reuse of code.

### Is code.json mandatory for all repositories?

Yes. As per M-16-21 and the SHARE IT Act, agencies are required to publish metadata on all custom-developed code after August 8th 2016, which is not subject to exemptions (see: Sec 6 of [M-16-21](https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2016/m_16_21.pdf) and <a target="_blank" href="https://www.congress.gov/bill/118th-congress/house-bill/9566/text/ih#HB45699B7E8734166BE2F6DA2A80F7909">SHARE IT ACT exemptions</a>)

@natalialuzuriaga natalialuzuriaga May 7, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. As per M-16-21, agencies are required to publish metadata on all custom-developed code after August 8th 2016, which is not subject to exemptions (see: Sec 6 of M-16-21 and

As per the SHARE IT Act, agencies are required to publish metadata on all custom-developed code after July 22, 2025, , which is not subject to exemptions SHARE IT ACT exemptions)

(point to landing page, right to legislation https://www.congress.gov/118/plaws/publ187/PLAW-118publ187.pdf)


### I have feedback on additions and improvements to the code.json metadata standard. Where can I share this?

We are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue [here](https://github.com/DSACMS/gov-codejson/issues/new?template=metadata-field-addition.md).
0 schemas/schema-0.0.0.json → schemas/cms/schema-0.0.0.json
View file
Open in desktop
File renamed without changes.
0 schemas/schema-0.1.0.json → schemas/cms/schema-0.1.0.json
View file
Open in desktop
File renamed without changes.
292 changes: 292 additions & 0 deletions schemas/schema.1.0.0.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,292 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "code.json metadata",
"description": "A metadata standard for software repositories",
"type": "object",
"properties": {
"items": {
"name": {
"type": "string",
"description": "Name of the project or software"
},
"description": {
"type": "string",
"description": "A short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed.",
"maxLength": 150
},
"longDescription": {
"type": "string",
"description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.",
"minLength": 150,
"maxLength": 10000
},
"status": {
"type": "string",
"enum": [
"Ideation",
"Development",
"Alpha",
"Beta",
"Release Candidate",
"Production",
"Archival"
],
"description": "Development status of the project"
},
"permissions": {
"type": "object",
"description": "An object containing description of the usage/restrictions regarding the release",
"properties": {
"licenses": {
"type": "array",
"description": "License(s) for the release",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"enum": [
"CC0-1.0",
"Apache-2.0",
"MIT",
"MPL-2.0",
"GPL-2.0-only",
"GPL-3.0-only",
"GPL-3.0-or-later",
"LGPL-2.1-only",
"LGPL-3.0-only",
"BSD-2-Clause",
"BSD-3-Clause",
"EPL-2.0",
"Other",
"None"
],
"description": "An abbreviation for the name of the license"
},
"URL": {
"type": "string",
"format": "uri",
"description": "The URL of the release license in the repository"
}
},
"required": [
"name",
"URL"
]
}
},
"usageType": {
"type": "string",
"description": "A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByLaw: The sharing of the source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; (4) exemptByNationalSecurity: The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; (5) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel, (6) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (7) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (8) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)",
"enum": [
"openSource",
"governmentWideReuse",
"exemptByLaw",
"exemptByNationalSecurity",
"exemptByAgencySystem",
"exemptByAgencyMission",
"exemptByCIO",
"exemptByPolicyDate"
],
"additionalProperties": false
},
"exemptionText": {
"type": [
"string",
"null"
],
"description": "If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used."
}
},
"additionalProperties": false,
"required": [
"licenses",
"usageType"
]
},
"organization": {
"type": "string",
"description": "Organization responsible for the project",
"enum": [
"Centers for Medicare & Medicaid Services"
]
},
"repositoryURL": {
"type": "string",
"format": "uri",
"description": "The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions)."
},
"repositoryVisibility": {
"type": "string",
"enum": ["public", "private"],
"description": "Visibility of repository"
},
"vcs": {
"type": "string",
"description": "Version control system used",
"enum": [
"git",
"hg",
"svn",
"rcs",
"bzr"
]
},
"laborHours": {
"type": "number",
"description": "Labor hours invested in the project. Calculated using COCOMO measured by the SCC tool: https://github.com/boyter/scc?tab=readme-ov-file#cocomo"
},
"reuseFrequency": {
"type": "object",
"description": "Measures frequency of code reuse in various forms. (e.g. forks, downloads, clones)",
"properties": {
"forks": {
"type": "integer"
},
"clones": {
"type": "integer"
}
},
"additionalProperties": true
},
"platforms": {
"type": "array",
"description": "Platforms supported by the project",
"items": {
"type": "string",
"enum": [
"web",
"windows",
"mac",
"linux",
"ios",
"android",
"other"
]
}
},
"categories": {
"type": "array",
"description": "Categories the project belongs to. Select from: https://yml.publiccode.tools/categories-list.html",
"items": {
"type": "string"
}
},
"softwareType": {
"type": "string",
"description": "Type of software",
"enum": [
"standalone/mobile",
"standalone/iot",
"standalone/desktop",
"standalone/web",
"standalone/backend",
"standalone/other",
"addon",
"library",
"configurationFiles"
]
},
"languages": {
"type": "array",
"description": "Programming languages that make up the codebase",
"items": {
"type": "string"
}
},
"maintenance": {
"type": "string",
"description": "The dedicated staff that keeps the software up-to-date, if any",
"enum": [
"internal",
"contract",
"community",
"none"
]
},
"contractNumber": {
"type": "string",
"description": "Contract number"
},
"date": {
"type": "object",
"description": "A date object describing the release",
"properties": {
"created": {
"type": "string",
"format": "date-time",
"description": "Creation date of project."
},
"lastModified": {
"type": "string",
"format": "date-time",
"description": "Date when the project was last modified"
},
"metaDataLastUpdated": {
"type": "string",
"format": "date-time",
"description": "Date when metadata was last updated"
}
}
},
"tags": {
"type": "array",
"description": "Topics and keywords associated with the project to improve search and discoverability",
"items": {
"type": "string"
}
},
"contact": {
"type": "object",
"description": "Point of contact for the release",
"properties": {
"email": {
"type": "string",
"format": "email",
"description": "Email address of the point of contact"
},
"name": {
"type": "string",
"description": "Name of the point of contact"
}
}
},
"feedbackMechanisms": {
"type": "array",
"description": "Methods a repository receives feedback from the community. Default value is the URL to GitHub repository issues page.",
"items": {
"type": "string"
}
},
"localisation": {
"type": "boolean",
"description": "Indicates if the project supports multiple languages"
}
}
},
"required": [
"name",
"description",
"longDescription",
"status",
"permissions",
"organization",
"repositoryURL",
"repositoryVisibility",
"vcs",
"laborHours",
"reuseFrequency",
"platforms",
"categories",
"softwareType",
"languages",
"maintenance",
"contractNumber",
"date",
"tags",
"contact",
"feedbackMechanisms",
"localisation"
],
"additionalProperties": false
}