Skip to main content

The Software Package Data Exchange® (SPDX®)

An open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance.

The SPDX specification is an international open standard (ISO/IEC 5962:2021).


Learn more about the structure of SPDX and how to participate.


Explore the ways that you can engage with SPDX.


SPDX workgroup tools and others you can use.

Latest SPDX News

March 29, 2023 in In the News

GitHub Creating SBOMs using SPDX

Looks like GitHub has a self service option to create SBOMs for a GitHub Project based on SPDX! See this blog from them.
Read More
January 30, 2023 in In the News

Why you should use SPDX for security

Phil Odence, the Chair for SPDX, has written a very informative article on why you should use SPDX for Security and even goes onto to address some of the common…
Read More

SPDX Supporters