International Open Standard (ISO/IEC 5962:2021) - Software Package Data Exchange (SPDX)

The Software Package Data Exchange® (SPDX®)

An open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance.

The SPDX specification is an international open standard (ISO/IEC 5962:2021).

Learn More

Learn

Learn more about the structure of SPDX and how to participate.

Use

Explore the ways that you can engage with SPDX.

Tools

SPDX workgroup tools and others you can use.

Latest SPDX News

June 27, 2023 in Blog

Unraveling the World of Software Bill of Materials: A Brief Guide

by Jeff Shapiro & Gary O'Neall SPDX 3.0 Mini Summit OSSNA 2023 🇨🇦 blog post series This post is a bit of an oddball because, technically, this talk did not…

June 19, 2023 in Blog

SPDX Projects in Google Summer of Code 2023

Google Summer of Code Google Summer of Code (GSoC) is an international annual program, first held in 2005, that encourages and incentivizes newcomers to open source to spend their summer…