News & Announcements
Jan 26, 2026
SPDX 3.1 Ontology and Schema Available for Review
The first release candidate for SPDX specification version 3.1 is now available. The SPDX 3.1 model expands beyond software to include safety, service, hardware, supply chain, and operations. Please note that this release candidate is intended for testing and validation. Some features may be modified or reverted before the final…
Oct 30, 2025
Python Foundation Adopts SPDX for Software Bill of Materials
The Python Software Foundation has taken a significant step forward in software supply chain transparency by including SPDX-format Software Bills of Materials (SBOMs) with their official Python releases. Starting with 3.14 released earlier this week, all distribution packages available on the official download page now include accompanying SPDX SBOMs. These…
Oct 3, 2025
SPDX Responds to CISA Minimum Elements RFC
About a month ago, CISA requested industry/community comment on a proposed new minimum set of SBOM elements to replace the original NTIA list. Few people on the planet have thought as much about what belongs in an SBOM than the SPDX tech team which took up the discussion. With input…
Sep 19, 2025
CISA Considering New Set of Minimum Elements
CISA has requested comment on a new set of minimum elements for SBOMs (on top of the original NTiA set). This short announcement describes the process: https://www.cisa.gov/news-events/alerts/2025/08/22/cisa-requests-public-comment-updated-guidance-software-bill-materials The SPDX Tech Team will be responding to the request for comments and will report back to the SPDX community.
Sep 17, 2025
SBOM Vision
In collaboration with NSA and a number of foreign cybersecurity agencies, CISA just just published this easily consumable SBOM vision document. https://www.cisa.gov/sites/default/files/2025-09/joint-guidance-a-shared-vision-of-software-bill-of-materials-for-cybersecurity_508c.pdf
