SPDX SBOM Project

The Software Package Data Exchange (SPDX ) is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance.

An open source project under the Linux Foundation, the SPDX specification is an international open standard (ISO/IEC 5962:2021).

SPDX.dev and github.com/spdx for more.

SPDX 3 0 Overview
SPDX 3 0 Overview
Licensing profile | SPDX 3.0 RC: How to utilize profiles for license compliance use cases.
Licensing profile | SPDX 3.0 RC: How to utilize profiles for license compliance use cases.
Build profile | SPDX 3.0 RC: How to utilize the build profile
Build profile | SPDX 3.0 RC: How to utilize the build profile
Vex + SPDX by Adolfo García Veytia
Vex + SPDX by Adolfo García Veytia
How to utilize profiles for AI use cases
How to utilize profiles for AI use cases
How to utilize profile for security use cases
How to utilize profile for security use cases
Differences between the 2 x and 3 0 specification migration
Differences between the 2 x and 3 0 specification migration