Home

Awesome

The System Package Data Exchange (SPDX®) Specification

The System Package Data Exchange (SPDX®) specification is an open standard designed to represent systems containing software components as Software Bill of Materials (SBOMs). Additionally, SPDX supports AI, data, and security references, making it suitable for a wide range of risk management use cases.

The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance.

Specification development

The specification is comprised of documents located in the docs/ directory of this spdx/spdx-spec repository, as well as a model documentation generated from Markdown files within the spdx/spdx-3-model repository.

This spdx/spdx-spec repository holds under active development version of the specification as:

<!-- - Development (v3.1): <https://spdx.github.io/spdx-spec/v3.1-draft/> -->

Contributions are welcome. Contributions to this repository are made pursuant to the SPDX Community Specification Contributor License Agreement 1.0. Please see the contributing guidelines, governance practices, and build instructions in the related documents section.

Repository structure

This repository consists of these files and directories (partial):

Branch structure

The SPDX spec repo follows the Gitflow workflow with the addition of support branches.

The branches in use are:

Related documents and repositories

DocumentationLink
Changes between versionsCHANGELOG.md
Contributing guidelinesCONTRIBUTING.md
Building the specification website (for testing purpose)build.md
Governance practicesspdx/governance
SPDX 3 model developmentspdx/spdx-3-model
Model specification parserspdx/spec-parser
How to use the specificationspdx/using
Use cases and scenariosspdx/spdx-examples
SPDX website, with more information about the specificationhttps://spdx.org
Official releases of the specification, including PDFshttps://spdx.org/specifications