CMS code.json is a metadata standard created to collect information on the agency's software projects. This is composed of:
- federal code.json standard, created as part of M-16-21
- metadata CMS would like to collect (e.g. FISMA level, repository host, group)
- required metadata outlined in the SHARE IT ACT (e.g. repository visibility, contract number)
- publiccode.yml metadata, an international metadata standard
By harmonizing various standards, this opens up the opportunity to share our work not just on an agency level but also on a national and international level.
Legend
| Metadata Standard | Origin | Icon |
|---|---|---|
| code.json | Federal | 🇺🇸 |
| publiccode.yml | International | 🌎 |
| CMS fields | Agency |  |
| SHARE IT Act | Federal | 📜 |
| Field | Presence | Source | Type | Description | Options/Examples |
|---|---|---|---|---|---|
| name | required | 🇺🇸🌎 | str | Name of the project or software | |
| description | required | 🇺🇸 | str | A short description of the project. It should be a single line containing a single sentence. Maximum 150 characters are allowed. | |
| longDescription | required | 🌎 | str | Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user. | |
| status | required | 🇺🇸📜 | str | Development status of the project |
- Ideation - Development - Alpha - Beta - Release Candidate - Production - Archival |
| permissions/license/url permissions/license/name |
required | 🇺🇸🌎 | obj |
An object containing description of the usage/restrictions regarding the release. An abbreviation for the name of the license. The URL of the release license. |
|
| permissions/usageType | required | 🇺🇸📜 | str | A list of enumerated values which describes the usage permissions for the release: (1) openSource: Open source; (2) governmentWideReuse: Government-wide reuse; (3) exemptByLaw: The sharing of the source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; (4) exemptByNationalSecurity: The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; (5) exemptByAgencySystem: The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel, (6) exemptByAgencyMission: The sharing of the source code would create an identifiable risk to agency mission, programs, or operations; (7) exemptByCIO: The CIO believes it is in the national interest to exempt sharing the source code; (8) exemptByPolicyDate: The release was created prior to the M-16-21 policy (August 8, 2016) |
- openSource - governmentWideReuse - exemptByLaw - exemptByNationalSecurity - exemptByAgencySystem - exemptByAgencyMission - exemptByCIO - exemptByPolicyDate |
| permissions/exemptionText | optional | 🇺🇸📜 | str | If an exemption is listed in the 'usageType' field, this field should include a one- or two- sentence justification for the exemption used. | |
| organization | required | 🇺🇸 | str | Organization responsible for the project | Centers for Medicare & Medicaid Services |
| repositoryURL | required | 🇺🇸📜 | str | The URL of the public release repository for open source repositories. This field is not required for repositories that are only available as government-wide reuse or are closed (pursuant to one of the exemptions). | |
| vcs (version control system) | required | 🇺🇸 | str | Version control system used |
- git - hg - svn - rcs - bzr |
| laborHours | required | 🇺🇸 | int | Labor hours invested in the project. Calculated through COCOMO & SCC tool | |
| platform | required | 🌎 | arr | Platforms supported by the project |
- web - windows - mac - linux - ios - android - other |
| categories | required | 🌎 | arr | Categories the project belongs to. | Select from: categories list |
| softwareType | required | 🌎 | str | Type of software |
- standalone/mobile - standalone/iot - standalone/desktop - standalone/web - standalone/backend - standalone/other - addon - library - configurationFiles |
| languages | required | 🇺🇸 | str | Programming languages that make up the codebase | |
| maintenance | required | 🌎📜 | str | Maintenance status |
- internal - contract - community - none |
| date/created date/lastModified date/metadataLastUpdated |
required | 🇺🇸 | obj | A date object describing the release | |
| tags | required | 🇺🇸 | arr | Tags associated with the project | |
| contact/email contact/name |
required | 🇺🇸🌎 | obj | Point of contact for the release Email of point of contact Name of point of contact |
|
| localisation | required | 🌎 | bool | Indicates if the project supports multiple languages |
- true - false |
| repositoryType | required | |
str | Purpose and functionality of the repository |
- package - website - standards - libraries - data - application - tools - APIs |
| userInput | required | |
bool | Does the software accept user input? |
- true - false |
| fismaLevel | required | |
str | FISMA security level link |
- low - moderate - high |
| group | required | |
str | Home Department / Org / Group associated with the project | |
| subsetInHealthcare | required | |
arr | Healthcare-related subset |
- policy - operational - medicare - medicaid |
| userType | required | |
arr | Types of users who interact with the software |
- providers - patients - government |
| repositoryHost | required | |
str | Location where source code is hosted |
- github.com/CMSgov - github.com/CMS-Enterprise - github.com/DSACMS - github.cms.gov - CCSQ GitHub |
| maturityModelTier | required | |
int | Maturity model tier | 1, 2, 3, 4 |
| contractNumber | required | 📜 | int | Contract number | |
| repositoryVisibility | required | 📜 | str | Visibility of repository |
- public - private |
| reuseFrequency/forks reuseFrequency/downloads |
required | 📜 | obj | Measures frequency of code reuse in various forms | |
| feedbackMechanisms | required | 📜 | arr | Array of methods repositories receive feedback. Default value is the URL to GitHub repository issues |
- Submitting issues to repo - Submitting PRs to repo - Project website |
| project | required | |
arr | Maps repositories to projects | bluebutton, codejson |
| systems | optional | |
arr | Maps repositories to CMS systems | idr |
| upstream | optional | |
arr | List of upstream repos used, link to SBOM. | augur, uswds |
We are open to adding more fields to CMS code.json for any metadata the agency sees value in collecting. Request new metadata fields by filing a metadata field addition issue here.