Develop 2.0 schema for AI/ML BOM

mrutkows · mrutkows · commit 05b85eee5c4e · 2026-06-03T08:53:31.000-05:00
Signed-off-by: Matt Rutkowski &lt;mrutkows@us.ibm.com&gt;
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,7 @@
+# Filesystem
+.DS_Store
+
+# Tooling
 .idea/
 .vscode/
 tools/target/
diff --git a/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json b/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json
@@ -0,0 +1,74 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://cyclonedx.org/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json",
+  "type": "null",
+  "title": "CycloneDX Threat Model",
+  "$comment": "OWASP CycloneDX is an Ecma International standard (ECMA-424) developed in collaboration between the OWASP Foundation and Ecma Technical Committee 54 (TC54). The standard is published under a royalty-free patent policy. This JSON schema is the reference implementation and is licensed under the Apache License 2.0.",
+  "$defs": {
+    "designConsiderations": {
+      "type": "object",
+      "properties": {
+        "users": {
+          "$comment": "Attempting to reuse actor defn.",
+          "$todos": [
+            "Move actor from blueprints to common",
+            "Add externalReferences to actor as these may be defined by external orgs. and their docs."
+          ],
+          "type": "array",
+          "title": "Users",
+          "description": "List users the model is designed for.",
+          "uniqueItems": true,
+          "items": {
+            "$ref": "cyclonedx-blueprint-2.0.schema.json$defs/actor"
+          }
+        },
+        "useCases": {
+          "$comment": "",
+          "$todos": [
+            "TODO"
+          ],
+          "$ref": "cyclonedx-usecase-2.0.schema.json#/$defs/useCases",
+          "title": "User cases",
+          "description": "Lists use cases the model was designed for."
+        },
+        "technicalLimitations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "performanceTradeoffs": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "ethicalConsiderations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "environmentalConsiderations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "fairnessAssessments": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        }
+      }
+    },
+    "trainingProfile": {
+      "type": "object",
+      "description": "Reference to data and datasets used for training.",
+      "$comment": "",
+      "allOf": [
+        {
+          "$ref": "#/$defs/cyclonedx-data-2.0/$defs/dataProfile"
+        },
+        {
+        }
+      ]
+    }
+  }
+}
