Awesome
The System Package Data Exchange (SPDX®) Specification
The System Package Data Exchange (SPDX®) specification is an open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases.
The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance.
This repository holds under active development version of the specification as:
- MarkDown (
master
branch) - HTML (gh-pages branch, built on every commit to
master
anddevelopment/
branches)
See for the official releases of the specification or additional information also the SPDX website.
Specification Structure
The specification consists of a model which is generated from the spdx-3-model repository and additional information in the docs
directory.
The examples
directory contains examples of various SPDX serializations for the current version of the spec.
Building the specification
Prerequisites
You have to MkDocs installed on your machine. If you don't have it yet installed please follow these installation instructions.
Building HTML
# Execute built-in dev-server that lets you preview the specification
$ mkdocs serve
# Building static HTML site
$ mkdocs build