International Open Standard (ISO/IEC 5962:2021) - Software Package Data Exchange (SPDX)

The Software Package Data Exchange® (SPDX®)

An open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance.

The SPDX specification is an international open standard (ISO/IEC 5962:2021).

Learn More

Learn

Learn more about the structure of SPDX and how to participate.

Use

Explore the ways that you can engage with SPDX.

Tools

SPDX workgroup tools and others you can use.

Latest SPDX News

January 30, 2023 in In the News

Why you should use SPDX for security

Phil Odence, the Chair for SPDX, has written a very informative article on why you should use SPDX for Security and even goes onto to address some of the common…

December 12, 2022 in Uncategorized

An update on the SPDX python-tools

Authors: Armin Tänzer armin.taenzer@tngtech.com, Meret Behrens meret.behrens@tngtech.com, Nicolaus Weidner nicolaus.weidner@tngtech.com, and Maximilian Huber maximilian.huber@tngtech.com Progress With The SPDX Python Tools Discussions regarding the development and direction of the SPDX Python tools often happen in the weekly meetings or smaller rounds and are…