Software Package Data Exchange
Open standard for software bill of materials / From Wikipedia, the free encyclopedia
This article is about the standard for describing software bills of materials. For the communications protocol, see SPDY.
Software Package Data Exchange (SPDX) is an open standard for software bills of materials (SBOMs).[1] SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software.[2] Its original purpose was to improve license compliance,[3] and it has since been expanded to facilitate additional use cases such as supply-chain transparency and security.[4] SPDX is authored by the community-driven SPDX Project under the auspices of the Linux Foundation.
Quick Facts Abbreviation, Status ...
![]() | |
Abbreviation | SPDX |
---|---|
Status | Published |
First published | August 2011 (2011-08) |
Latest version | 3.0 April 2024 (2024-04) |
Organization | Linux Foundation |
Committee | SPDX Project |
Domain | Software bill of materials |
License | CC-BY-3.0 |
Website | spdx |
Close
The current version of the standard is 3.0.[5]