The Software Package Data Exchange® (SPDX®)
An open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance.
The SPDX specification is an international open standard (ISO/IEC 5962:2021).
Latest SPDX News
GitHub Creating SBOMs using SPDX
Looks like GitHub has a self service option to create SBOMs for a GitHub Project based on SPDX! See this blog from them.Read More