The Linux Foundation Projects
Skip to main content
search

The System Package Data Exchange™ (SPDX®)

An open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases.

The SPDX specification is a freely available international open standard (ISO/IEC 5962:2021).

Learn More

Learn

Learn more about the structure of SPDX and how to participate.

ABOUT SPDX

Use

Explore the ways that you can engage with SPDX.

USE SPDX

Tools

SPDX workgroup tools and others you can use.

SPDX TOOLS

Areas of Interest

SPDX is organized in areas of interest or profiles focused on specific user needs.

Supported by These Foundations

Latest SPDX News

Announcements

Sep 19, 2025

CISA Considering New Set of Minimum Elements

CISA has requested comment on a new set of minimum elements for SBOMs (on top of the original NTiA set). This short announcement describes the…

READ MORE
Announcements

Sep 17, 2025

SBOM Vision

In collaboration with NSA and a number of foreign cybersecurity agencies, CISA just just published this easily consumable SBOM vision document. https://www.cisa.gov/sites/default/files/2025-09/joint-guidance-a-shared-vision-of-software-bill-of-materials-for-cybersecurity_508c.pdf

READ MORE

SPDX Supporters