SHARE IT Actcode.json
code.json is a metadata standard created to collect information on the agency's software projects. This is composed of:
- federal code.json standard, created as part of M-16-21
- required metadata outlined in the SHARE IT ACT (e.g. repository visibility, contract number)
- publiccode.yml metadata, an international metadata standard
By harmonizing various standards, this opens up the opportunity to share our work not just on an agency level but also on a national and international level.
The generic code.json schema can be found in the gov-codejson repository.
Extending the schema for agency use
The generic schema is designed to be extensible, allowing agencies to add metadata fields that are relevant to their specific needs.
For example, CMS has their own schema that includes new fields such as FISMA level, subset in healthcare, and systems.
We encourage agencies to contribute by submitting an agency schema addition issue to include their extended schema in the repository. This helps foster collaboration and ensures shared improvements benefit the wider community.
code.json Fields
Legend
| Source Policy | Origin | Icon |
|---|---|---|
| code.json | Federal | πΊπΈ |
| publiccode.yml | International | π |
| SHARE IT Act | Federal | π |
| M-25-21 | Federal | π |
| Field | Presence | Source | Type | Description | Options/Examples |
|---|---|---|---|---|---|
| name | required | πΊπΈπ | str | Name of the project or software | |
| version | optional | πΊπΈ | str | The version for this release | |
| description | required | πΊπΈ | str | A one or two sentence description of the software. | |
| status | required | πΊπΈπ | str | Development status of the project |
- Ideation - Development - Alpha - Beta - Release Candidate - Production - Archival |
| permissions/license/url permissions/license/name |
required | πΊπΈπ | obj |
An object containing description of the usage/restrictions regarding the release. An abbreviation for the name of the license. The URL of the release license. |
|
| permissions/usageType | required | πΊπΈπ | str | A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agencyβs systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)" |
- openSource - governmentWideReuse - exemptByNationalSecurity - exemptByNationalIntelligence - exemptByFOIA - exemptByEAR - exemptByITAR - exemptByTSA - exemptByClassifiedInformation - exemptByPrivacyRisk - exemptByIPRestriction - exemptByAgencySystem - exemptByAgencyMission - exemptByCIO - exemptByPolicyDate |
| permissions/exemptionText | optional | πΊπΈπ | str | If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used. | |
| organization | required | πΊπΈ | str | The organization or component within the agency to which the releases listed belong. | Centers for Medicare & Medicaid Services, 18F, Navy |
| repositoryURL | required | πΊπΈπ | str | The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed. | |
| repositoryVisibility | required | π | str | Visibility of repository |
- public - private |
| homepageURL | optional | πΊπΈ | str | The URL of the public release homepage | |
| downloadURL | optional | πΊπΈ | str | The URL where a distribution of the release can be found | |
| disclaimerURL | optional | πΊπΈ | str | The URL where disclaimer language regarding the release can be found | |
| disclaimerText | optional | πΊπΈ | str | Short paragraph that includes disclaimer language to accompany the release | |
| vcs | required | πΊπΈ | str | Version control system used |
- git - hg - svn - rcs - bzr |
| laborHours | required | πΊπΈ | int | Labor hours invested in the project. Calculated through COCOMO & SCC tool | |
| reuseFrequency/forks reuseFrequency/clones |
required | π | obj | Measures frequency of code reuse in various forms | |
| languages | required | πΊπΈ | arr | Programming languages that make up the codebase | |
| maintenance | required | ππ | str | The dedicated staff that keeps the software up-to-date, if any |
- internal - contract - community - none |
| contractNumber | required | π | array | Contract number | |
| SBOM | required | πΊπΈ | str | Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies) | |
| relatedCode/name relatedCode/URL relatedCode/isGovernmentRepo |
optional | πΊπΈ | obj | An array of affiliated government repositories that may be a part of the same project | relatedCode for 'code-gov-front-end' would include 'code-gov-api' and 'code-gov-api-client' |
| reusedCode/name reusedCode/URL |
optional | πΊπΈ | obj | An array of government source code, libraries, frameworks, APIs, platforms or other software used in this release |
- US Web Design Standards - cloud.gov - Federalist - Digital Services Playbook - Analytics Reporter |
| partners/name partners/email |
optional | πΊπΈ | obj | An array of objects including an acronym for each agency partnering on the release and the contact email at such agency | |
| date/created date/lastModified date/metadataLastUpdated |
required | πΊπΈ | obj | A date object describing the release | |
| tags | required | πΊπΈ | arr | Topics and keywords associated with the project to improve search and discoverability | |
| contact/email contact/name |
required | πΊπΈπ | obj | Point of contact for the release Email of point of contact Name of point of contact |
|
| feedbackMechanism | required | π | str | Method a repository receives feedback from the community (i.e. URL to GitHub repository issues page) |
- Submitting issues to repo |
| AIUseCaseID | required | π | str | The software's ID in the AI Use Case Inventory. If the software is not currently listed in the inventory, enter '0' |
Full schema can be found in schema-2.0.0.json.
CMS code.json Fields
Legend
| Metadata Standard | Origin | Icon |
|---|---|---|
| code.json | Federal | πΊπΈ |
| publiccode.yml | International | π |
| CMS fields | Agency |  |
| SHARE IT Act | Federal | π |
| Field | Presence | Source | Type | Description | Options/Examples |
|---|---|---|---|---|---|
| name | required | πΊπΈπ | str | Name of the project or software | |
| version | optional | πΊπΈ | str | The version for this release | |
| description | required | πΊπΈ | str | A short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed. | |
| longDescription | required | π | str | Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user. | |
| status | required | πΊπΈπ | str | Development status of the project |
- Ideation - Development - Alpha - Beta - Release Candidate - Production - Archival |
| permissions/license/url permissions/license/name |
required | πΊπΈπ | obj |
An object containing description of the usage/restrictions regarding the release. An abbreviation for the name of the license. The URL of the release license. |
|
| permissions/usageType | required | πΊπΈπ | str | A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByNationalSecurity: The source code is primarily for use in national security system as defined in section 11103 of title 40, USC; (4) exemptByNationalIntelligence: The source code is developed by an agency or part of an agency that is an element of the intelligence community, as defined in section 3(4) of the National Security Act of 1947; (5) exemptByFOIA: The source code is exempt under the Freedom of Information Act; (6) exemptByEAR: The source code is exempt under the Export Administration Regulations; (7) exemptByITAR: The source code is exempt under the the International Traffic in Arms Regulations; (8) exemptByTSA: The source code is exempt under the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; (9) exemptByClassifiedInformation: The source code is exempt under the Federal laws and regulations governing the sharing of classified information not covered by exemptByNationalSecurity, exemptByNationalIntelligence, exemptbyFOIA, exemptByEAR, exemptByITAR, and exemptByTSA; (10) exemptByPrivacyRisk: The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual; (11) exemptByIPRestriction: The sharing of the source code is limited by patent or intellectual property restrictions; (12) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agencyβs systems or personnel; (13) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (14) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (15) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016)" |
- openSource - governmentWideReuse - exemptByNationalSecurity - exemptByNationalIntelligence - exemptByFOIA - exemptByEAR - exemptByITAR - exemptByTSA - exemptByClassifiedInformation - exemptByPrivacyRisk - exemptByIPRestriction - exemptByAgencySystem - exemptByAgencyMission - exemptByCIO - exemptByPolicyDate |
| permissions/exemptionText | optional | πΊπΈπ | str | If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used. | |
| organization | required | πΊπΈ | str | The organization or component within the agency to which the releases listed belong. | Centers for Medicare & Medicaid Services |
| repositoryURL | required | πΊπΈπ | str | The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). It can be listed as 'private' for repositories that are closed. | |
| repositoryHost | required | |
str | Location where source code is hosted |
- github.com/CMSgov - github.com/CMS-Enterprise - github.com/Enterprise-CMCS - github.com/DSACMS - github.cms.gov - CCSQ GitHub |
| repositoryVisibility | required | π | str | Visibility of repository |
- public - private |
| homepageURL | optional | πΊπΈ | str | The URL of the public release homepage | |
| downloadURL | optional | πΊπΈ | str | The URL where a distribution of the release can be found | |
| disclaimerURL | optional | πΊπΈ | str | The URL where disclaimer language regarding the release can be found | |
| disclaimerText | optional | πΊπΈ | str | Short paragraph that includes disclaimer language to accompany the release | |
| vcs | required | πΊπΈ | str | Version control system used |
- git - hg - svn - rcs - bzr |
| laborHours | required | πΊπΈ | int | Labor hours invested in the project. Calculated through COCOMO & SCC tool | |
| reuseFrequency/forks reuseFrequency/clones |
required | π | obj | Measures frequency of code reuse in various forms | |
| platforms | required | π | arr | Platforms supported by the project |
- web - windows - mac - linux - ios - android - other |
| categories | required | π | arr | Categories the project belongs to. | Select from: categories list |
| softwareType | required | π | str | Type of software |
- standalone/mobile - standalone/iot - standalone/desktop - standalone/web - standalone/backend - standalone/other - addon - library - configurationFiles |
| languages | required | πΊπΈ | str | Programming languages that make up the codebase | |
| maintenance | required | ππ | str | The dedicated staff that keeps the software up-to-date, if any |
- internal - contract - community - none |
| contractNumber | required | π | array | Contract number | |
| SBOM | required | πΊπΈ | str | Link of the upstream repositories and dependencies used, in the form of a Software Bill of Materials/SBOM. If the software does not have a SBOM, enter 'None'. (i.e. Github provides an SBOM: https://github.com/$ORG_NAME/$REPO_NAME/network/dependencies) | |
| relatedCode/name relatedCode/URL relatedCode/isGovernmentRepo |
optional | πΊπΈ | obj | An array of affiliated government repositories that may be a part of the same project | relatedCode for 'code-gov-front-end' would include 'code-gov-api' and 'code-gov-api-client' |
| reusedCode/name reusedCode/URL |
optional | πΊπΈ | obj | An array of government source code, libraries, frameworks, APIs, platforms or other software used in this release |
- US Web Design Standards - cloud.gov - Federalist - Digital Services Playbook - Analytics Reporter |
| partners/name partners/email |
optional | πΊπΈ | obj | An array of objects including an acronym for each agency partnering on the release and the contact email at such agency | |
| date/created date/lastModified date/metadataLastUpdated |
required | πΊπΈ | obj | A date object describing the release | |
| tags | required | πΊπΈ | arr | Topics and keywords associated with the project to improve search and discoverability | |
| contact/email contact/name |
required | πΊπΈπ | obj | Point of contact for the release Email of point of contact Name of point of contact |
|
| feedbackMechanism | required | π | str | Method a repository receives feedback from the community (i.e. URL to GitHub repository issues) |
- Submitting issues to repo |
| AIUseCaseID | required | π | str | The software's ID in the AI Use Case Inventory. If the software is not currently listed in the inventory, enter '0' | |
| localisation | required | π | bool | Indicates if the project supports multiple languages |
- true - false |
| repositoryType | required | |
str | Purpose and functionality of the repository |
- package - website - standards - libraries - data - application - tools - APIs |
| userInput | required | |
bool | Does the software accept user input? |
- true - false |
| fismaLevel | required | |
str | Level of security categorization assigned to an information system under the Federal Information Security Modernization Act (FISMA): link |
- low - moderate - high |
| group | required | |
str | Home Department / Org / Group associated with the project | |
| projects | required | |
arr | Project(s) that is associated or related to the repository, if any. | Bluebutton, MPSM, codejson |
| systems | optional | |
arr | CMS systems that the repository interfaces with or depends on, if any. | IDR, PECOS |
| subsetInHealthcare | required | |
arr | Healthcare-related subset |
- policy - operational - medicare - medicaid |
| userType | required | |
arr | Types of users who interact with the software |
- providers - patients - government |
| maturityModelTier | required | |
int | Maturity model tier | 0, 1, 2, 3, 4 |
Full schema can be found in the gov-codejson repository.
Examples of code.json files can be found here: https://github.com/DSACMS/gov-codejson/blob/main/docs/examples.md
Adding new metadata fields
For CMS, we are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue here.
