![]() | |
Abbreviation | SPDX |
---|---|
Status | Published |
First published | August 2011 |
Latest version | 3.0 April 2024 |
Organization | Linux Foundation |
Committee | SPDX Project |
Domain | Software bill of materials |
License | CC-BY-3.0 |
Website | spdx |
System Package Data Exchange (SPDX) is an open standard capable of representing systems with software components in as software bills of materials (SBOMs)[1] and other AI, data, and security references supporting a range of risk management use cases. SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software.[2] Its original purpose was to improve license compliance,[3] and it has since been expanded to facilitate additional use cases such as supply-chain transparency and security.[4] SPDX is authored by the community-driven SPDX Project involving key industry experts, organizations, and open-source enthusiasts under the auspices of the Linux Foundation.
The SPDX specification is recognized as the international open standard for security, license compliance, and other software supply chain artifacts as ISO/IEC 5962:2021. The current version of the standard is 3.0.[5]
© MMXXIII Rich X Search. We shall prevail. All rights reserved. Rich X Search