Preserve .gitignore and cyclonedx-ai-ml-2.0.schema.json from 2.0-dev-ai-ml branch

mrutkows · mrutkows · commit 4f57bbb2bedb · 2026-06-15T15:13:36.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,7 @@
+# Filesystem
 .DS_Store
+
+# Tooling
 .idea/
 .vscode/
 tools/target/
diff --git a/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json b/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json
@@ -0,0 +1,163 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://cyclonedx.org/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json",
+  "type": "null",
+  "title": "CycloneDX Threat Model",
+  "$comment": "OWASP CycloneDX is an Ecma International standard (ECMA-424) developed in collaboration between the OWASP Foundation and Ecma Technical Committee 54 (TC54). The standard is published under a royalty-free patent policy. This JSON schema is the reference implementation and is licensed under the Apache License 2.0.",
+  "$defs": {
+    "designConsiderations": {
+      "type": "object",
+      "properties": {
+        "users": {
+          "$comment": "Attempting to reuse actor defn.",
+          "$todos": [
+            "Discuss moving actor from blueprints to common",
+            "Add externalReferences to actor as these may be defined by external orgs. and their docs."
+          ],
+          "type": "array",
+          "title": "Users",
+          "description": "List users the model is designed for.",
+          "uniqueItems": true,
+          "items": {
+            "$ref": "cyclonedx-blueprint-2.0.schema.json$defs/actor"
+          }
+        },
+        "useCases": {
+          "$comment": "",
+          "$todos": [
+            "TODO"
+          ],
+          "$ref": "cyclonedx-usecase-2.0.schema.json#/$defs/useCases",
+          "title": "User cases",
+          "description": "Lists use cases the model was designed for."
+        },
+        "technicalLimitations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "performanceTradeoffs": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "ethicalConsiderations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "environmentalConsiderations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "fairnessAssessments": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        }
+      }
+    },
+    "riskGroup": {
+      "type": "object",
+      "$comment": "Leverages risk schema's riskDomain (incl. type, description and priority).",
+      "$todos": [
+        "Verify riskDomain type enum. has all the values we need for EU AI Act."
+      ],
+      "description": "Provides a means of expressing a design, runtime or other consideration for a specific aspect of the model.",
+      "additionalProperties": false,
+      "required": [
+        "groupName"
+      ],
+      "allOf": [
+        {
+          "$ref": "cyclonedx-risk-2.0.schema.json/$defs/riskDomain"
+        }
+      ],
+      "properties": {
+        "groupName": {
+          "type": "string",
+          "title": "Group Name",
+          "description": "The name of the group at risk."
+        },
+        "externalReferences": {
+          "type": "array",
+          "description": "references to external resources that describe the risk group.",
+          "items": {
+            "$ref": "cyclonedx-common-2.0.schema.json#/$defs/externalReference"
+          }
+        },
+        "properties": {
+         "description": "Properties of the risk group.",
+          "$ref": "cyclonedx-common-2.0.schema.json#/$defs/properties"
+        }
+      }
+    },
+    "considerations": {
+      "type": "array",
+      "bom-ref": {
+        "$ref": "#/$defs/consideration"
+      }
+    },
+    "consideration": {
+      "type": "object",
+      "$comment": "Leverages risk schema",
+      "description": "Provides a means of expressing a design, runtime or other consideration for a specific aspect of the model.",
+      "required": [
+        "name"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "name": {
+          "type": "string",
+          "title": "Name",
+          "description": "TODO"
+        },
+        "description": {
+          "type": "string",
+          "title": "Description",
+          "description": "TODO"
+        },
+        "groupsAtRisk": {
+          "type": "array",
+          "title": "Groups At Risk",
+          "description": "The groups at risk of being systematically disadvantaged by the model.",
+          "items": {
+            "$ref": "#/$defs/riskGroup"
+          }
+        },
+        "externalReferences": {
+          "type": "array",
+          "items": {
+            "$ref": "cyclonedx-common-2.0.schema.json#/$defs/externalReference"
+          }
+        },
+        "properties": {
+          "$ref": "cyclonedx-common-2.0.schema.json#/$defs/properties"
+        }
+      }
+    },
+    "foo": {
+      "type": "object",
+      "$comment": "",
+      "description": "",
+      "required": [
+        "name"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "name": "string"
+      }
+    },
+    "trainingProfile": {
+      "type": "object",
+      "description": "Reference to data and datasets used for training.",
+      "$comment": "",
+      "allOf": [
+        {
+          "$ref": "#/$defs/cyclonedx-data-2.0/$defs/dataProfile"
+        }
+      ]
+    }
+  }
+}
