The Software Package Data Exchange (SPDX)

The Software Package Data Exchange® (SPDX®)

An open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance. The SPDX specification is an international open standard (ISO/IEC 5962:2021).

LEARN MORE

Learn

Use

Resources

Announcements

September 10, 2021

SPDX examples repo

We are pleased to announce a new repository in the SPDX GitHub organization to provide illustrative examples of SPDX software bills of materials (SBOMs).

swinslow

Love1

In the News

March 29, 2023

GitHub Creating SBOMs using SPDX

Looks like GitHub has a self service option to create SBOMs for a GitHub Project based on SPDX! See this blog from them.

jmanbeck

Love0