Skip to main content

Code

Introduction

The Code Schema is a JSON schema designed to define and standardise the representation of code or packages used within an AI system in the Trusted AI BOM (TAIBOM) ecosystem. This schema ensures traceability, integrity verification, and association with SBOMs for AI system components.

Description

This schema captures essential metadata for code or packages, including:

  • Name: The name of the code or package.
  • Version: The version of the code or package.
  • Location: Specifies where the code is stored, either locally or remotely, with a defined path or URL.
  • Hash: An object containing:
    • `value`: The cryptographic hash (e.g., SHA-256) of the code for data integrity verification.
    • `location`: (Optional) Where the hash is stored, either locally or remotely.
  • SBOM: An object containing:
    • `id`: The unique identifier of the SBOM (e.g., a VC ID or DID).
    • `hash`: The cryptographic hash of the SBOM for verification.

Use Case

The Code Schema is primarily used within the TAIBOM framework to:

  1. Document Code or Packages: Provide a standardised representation of code used in AI systems.
  2. Ensure Code Integrity: Enable integrity verification through cryptographic hashes and their associated locations.
  3. Link Code to SBOMs: Establish a connection between the code and its SBOM for enhanced traceability and security.

By adopting this schema, organisations can maintain reliable and secure records of code used in AI systems, supporting transparency and robust lifecycle management.

Schemas

$id: https://github.com/nqminds/Trusted-AI-BOM/blob/main/packages/schemas/src/taibom-schemas/40-code.v1.0.0.schema.yaml
$schema: https://json-schema.org/draft/2019-09/schema
title: Code
description: |
  This schema defines code or packages used in an AI system, with enhanced security through hash and SBOM integrity verification.
type: object
properties:
  name:
    type: string
    description: The name of the code or package.
  version:
    type: string
    description: The version of the produced code.
  location:
    type: object
    description: Details about where the code is stored, whether on a local filesystem or a remote URL.
    properties:
      type:
        type: string
        enum:
          - local
          - remote
        description: Indicates whether the code is stored locally or remotely.
      path:
        type: string
        description: The path or URL to the code location.
    required:
      - type
      - path
  hash:
    type: object
    description: Cryptographic hash details for verifying the integrity of the code.
    properties:
      value:
        type: string
        description: The cryptographic hash (e.g., SHA-256) of the code.
      location:
        type: string
        description: The location where the hash is stored, either locally or remotely.
    anyOf:
      - required:
          - value
      - required:
          - location
  sbom:
    type: object
    description: Details of the SBOM (Software Bill of Materials) generated from the code.
    properties:
      id:
        type: string
        description: The unique identifier of the SBOM (e.g., a Verifiable Credential ID or DID).
      hash:
        type: string
        description: The cryptographic hash of the SBOM for integrity verification.
    required:
      - id
      - hash
required:
  - name
  - version
  - location
  - hash

Examples

nameversionlocationhashsbom
MyLocalAIModel1.0.0-Alpha.1[object Object][object Object][object Object]
RemoteDataAnalyser1.0.1[object Object][object Object][object Object]
Edit this schema here