International Open Standard (ISO/IEC 5962:2021) - Software Package Data Exchange (SPDX)

The Software Package Data Exchange® (SPDX®)

An open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance.

The SPDX specification is an international open standard (ISO/IEC 5962:2021).

Learn More

Learn

Learn more about the structure of SPDX and how to participate.

Use

Explore the ways that you can engage with SPDX.

Tools

SPDX workgroup tools and others you can use.

Latest SPDX News

May 16, 2023 in Announcements, In the News

SPDX Announces 3.0 Release Candidate with New Use Cases

VANCOUVER, May 8, 2023 – We are delighted to announce the release of the SPDX 3.0 Release Candidate, the first in a series of releases that will lead to the general…

March 29, 2023 in In the News

GitHub Creating SBOMs using SPDX

Looks like GitHub has a self service option to create SBOMs for a GitHub Project based on SPDX! See this blog from them.