An open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases.
The SPDX specification is a freely available international open standard (ISO/IEC 5692:2021).
SPDX is organized in areas of interest or profiles focused on specific user needs.
Jan 27, 2025
New podcast episode of Nerding Out with Viktor is now live! In Viktor's words: I spoke with Kate Stewart from the The Linux Foundation and Gary ONeall about the evolution of SPDX and its role in software transparency. We covered how SPDX grew from a license compliance tool into a…
Nov 13, 2024
As global regulations on AI software tighten, developers face a complex set of new, ambiguous rules. The AI Software Bill of Materials (AI BOM), especially the new SPDX 3.0 with AI and dataset profiles, offers a promising solution for compliance, providing detailed, machine-readable documentation of AI systems. Despite its benefits,…
