An open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases.
The SPDX specification is a freely available international open standard (ISO/IEC 5692:2021).
SPDX is organized in areas of interest or profiles focused on specific user needs.
Mar 5, 2025
Check out this posting and the accompanying article that give a shout out to the Yocto SBOM work that Joshua Watt briefed us on at the last General Meeting. https://www.linkedin.com/posts/vpetersson_im-excited-by-yoctos-sbom-capabilities-activity-7298791001526063106-qqsc/#?lipi=urn%3Ali%3Apage%3Ad_flagship3_detail_base%3Brv%2FCdMTgS36PFZd4RZTQPg%3D%3D https://sbomify.com/2025/02/21/mastering-sbom-generation-with-yocto/
Jan 27, 2025
New podcast episode of Nerding Out with Viktor is now live! In Viktor's words: I spoke with Kate Stewart from the The Linux Foundation and Gary ONeall about the evolution of SPDX and its role in software transparency. We covered how SPDX grew from a license compliance tool into a…
