Back Software Package Data Exchange German SPDX French Software Package Data Exchange Italian Software Package Data Exchange Japanese 軟體包資料交換規範 Chinese

Software Package Data Exchange

This article is about the standard for describing software bills of materials. For the communications protocol, see SPDY.
AbbreviationSPDX
StatusPublished
First publishedAugust 2011 (2011-08)
Latest version3.0
April 2024 (2024-04)
OrganizationLinux Foundation
CommitteeSPDX Project
DomainSoftware bill of materials
LicenseCC-BY-3.0
Websitespdx.dev

System Package Data Exchange (SPDX) is an open standard capable of representing systems with software components in as software bills of materials (SBOMs)[1] and other AI, data, and security references supporting a range of risk management use cases. SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software.[2] Its original purpose was to improve license compliance,[3] and it has since been expanded to facilitate additional use cases such as supply-chain transparency and security.[4] SPDX is authored by the community-driven SPDX Project involving key industry experts, organizations, and open-source enthusiasts under the auspices of the Linux Foundation.

The SPDX specification is recognized as the international open standard for security, license compliance, and other software supply chain artifacts as ISO/IEC 5962:2021. The current version of the standard is 3.0.[5]

  1. ^ Stewart, Kate (May 25, 2021). "SPDX: It's Already in Use for Global Software Bill of Materials (SBOM) and Supply Chain Security". Linux Foundation. Retrieved 2021-08-13.
  2. ^ "Survey of Existing SBOM Formats and Standards" (PDF). National Telecommunications and Information Administration. October 25, 2019. p. 9. Retrieved 2021-08-13.
  3. ^ Bridgwater, Adrian (August 19, 2011). "Linux Foundation eases open source licensing woes". Computer Weekly. Retrieved 2021-08-13.
  4. ^ Rushgrove, Gareth (June 16, 2021). "Advancing SBOM standards: Snyk and SPDX". Retrieved 2021-08-14.
  5. ^ "SPDX Current version". spdx.dev. Retrieved 2022-11-22.

Rich TVX News Network Site

Rich TVX News Network Info

© MMXXIII Rich X Search. We shall prevail. All rights reserved. Rich X Search