The Linux Foundation Projects
Skip to main content

System Package Data Exchange (SPDX®)

An open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases.

The SPDX specification is a freely available international open standard (ISO/IEC 5692:2021).

Learn More

Learn

Learn more about the structure of SPDX and how to participate.

ABOUT SPDX

Use

Explore the ways that you can engage with SPDX.

USE SPDX

Tools

SPDX workgroup tools and others you can use.

SPDX TOOLS

Areas of Interest

SPDX is organized in areas of interest or profiles focused on specific user needs.

Supported by These Foundations

Latest SPDX News

Implementing an AI BOM

As global regulations on AI software tighten, developers face a complex set of new, ambiguous rules. The AI Software Bill of Materials (AI BOM), especially the new SPDX 3.0 with AI and dataset profiles, offers a promising solution for compliance, providing detailed, machine-readable documentation of AI systems. Despite its benefits,…

Sep 4, 2024

SBOM Adoption Paper

Check out this great new Linux Foundation paper on implementing SBOMs and how it helps with license compliance and application security. Author Ibrahim Haddid provides great insights into this important topic. SPDX is prominently featured.

SPDX Supporters