From 05b85eee5c4e9617f924ccffd0aa7bc05756f5f0 Mon Sep 17 00:00:00 2001
From: Matt Rutkowski <mrutkows@us.ibm.com>
Date: Wed, 3 Jun 2026 08:53:31 -0500
Subject: [PATCH] Develop 2.0 schema for AI/ML BOM

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>
---
 .gitignore                                    |  4 +
 .../2.0/model/cyclonedx-ai-ml-2.0.schema.json | 74 +++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json

diff --git a/.gitignore b/.gitignore
index 2628a539..eb416721 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,7 @@
+# Filesystem
+.DS_Store
+
+# Tooling
 .idea/
 .vscode/
 tools/target/
diff --git a/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json b/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json
new file mode 100644
index 00000000..031f3cb6
--- /dev/null
+++ b/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json
@@ -0,0 +1,74 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://cyclonedx.org/schema/2.0/model/cyclonedx-ai-ml-2.0.schema.json",
+  "type": "null",
+  "title": "CycloneDX Threat Model",
+  "$comment": "OWASP CycloneDX is an Ecma International standard (ECMA-424) developed in collaboration between the OWASP Foundation and Ecma Technical Committee 54 (TC54). The standard is published under a royalty-free patent policy. This JSON schema is the reference implementation and is licensed under the Apache License 2.0.",
+  "$defs": {
+    "designConsiderations": {
+      "type": "object",
+      "properties": {
+        "users": {
+          "$comment": "Attempting to reuse actor defn.",
+          "$todos": [
+            "Move actor from blueprints to common",
+            "Add externalReferences to actor as these may be defined by external orgs. and their docs."
+          ],
+          "type": "array",
+          "title": "Users",
+          "description": "List users the model is designed for.",
+          "uniqueItems": true,
+          "items": {
+            "$ref": "cyclonedx-blueprint-2.0.schema.json$defs/actor"
+          }
+        },
+        "useCases": {
+          "$comment": "",
+          "$todos": [
+            "TODO"
+          ],
+          "$ref": "cyclonedx-usecase-2.0.schema.json#/$defs/useCases",
+          "title": "User cases",
+          "description": "Lists use cases the model was designed for."
+        },
+        "technicalLimitations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "performanceTradeoffs": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "ethicalConsiderations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "environmentalConsiderations": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        },
+        "fairnessAssessments": {
+          "$comment": "",
+          "$ref": "",
+          "description": ""
+        }
+      }
+    },
+    "trainingProfile": {
+      "type": "object",
+      "description": "Reference to data and datasets used for training.",
+      "$comment": "",
+      "allOf": [
+        {
+          "$ref": "#/$defs/cyclonedx-data-2.0/$defs/dataProfile"
+        },
+        {
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file