Back Software Package Data Exchange German SPDX French Software Package Data Exchange Italian Software Package Data Exchange Japanese 軟體包資料交換規範 Chinese
 | |
| Abbreviation | SPDX |
|---|---|
| Status | Published |
| First published | August 2011 |
| Latest version | 3.0 April 2024 |
| Organization | Linux Foundation |
| Committee | SPDX Project |
| Domain | Software bill of materials |
| License | CC-BY-3.0 |
| Website | spdx |
Software Package Data Exchange (SPDX) is an open standard for software bill of materials (SBOM).[1] SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software.[2] Its original purpose was to improve license compliance,[3] and has since been expanded to facilitate additional use-cases, such as supply-chain transparency and security.[4] SPDX is authored by the community-driven SPDX Project under the auspices of the Linux Foundation.
The current version of the standard is 3.0.[5]
- ^ Stewart, Kate (May 25, 2021). "SPDX: It's Already in Use for Global Software Bill of Materials (SBOM) and Supply Chain Security". Linux Foundation. Retrieved 2021-08-13.
- ^ "Survey of Existing SBOM Formats and Standards" (PDF). National Telecommunications and Information Administration. October 25, 2019. p. 9. Retrieved 2021-08-13.
- ^ Bridgwater, Adrian (August 19, 2011). "Linux Foundation eases open source licensing woes". Computer Weekly. Retrieved 2021-08-13.
- ^ Rushgrove, Gareth (June 16, 2021). "Advancing SBOM standards: Snyk and SPDX". Retrieved 2021-08-14.
- ^ "SPDX Current version". spdx.dev. Retrieved 2022-11-22.
© MMXXIII Rich X Search. We shall prevail. All rights reserved. Rich X Search