International Open Standard (ISO/IEC 5962:2021) - Software Package Data Exchange (SPDX)

The Software Package Data Exchange® (SPDX®)

An open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance.

The SPDX specification is an international open standard (ISO/IEC 5962:2021).

Learn More

Learn

Learn more about the structure of SPDX and how to participate.

Using SPDX

Explore the ways that you can engage with SPDX.

Learn

Learn more about the structure of SPDX and how to participate.

Latest SPDX News

September 10, 2021 in Announcements

SPDX examples repo

We are pleased to announce a new repository in the SPDX GitHub organization to provide illustrative examples of SPDX software bills of materials (SBOMs).

September 9, 2021 in In the News

SPDX Specification is now an ISO Standard

After much hard work and anticipation, we are proud to announce that the SPDX Specification is now an ISO Standard! We want to thank everyone who helped make this happen.…

The Software Package Data Exchange® (SPDX®)

Learn

Using SPDX

Learn

Latest SPDX News

SPDX examples repo

SPDX Specification is now an ISO Standard

SPDX Supporters