Software Package Data Exchange
Software Package Data Exchange (SPDX) is an open standard for software bill of materials (SBOM). SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software. Its original purpose was to improve license compliance, and has since been expanded to facilitate additional use-cases, such as supply-chain transparency and security. SPDX is authored by the community-driven SPDX Project under the auspices of the Linux Foundation.
| Abbreviation | SPDX |
|---|---|
| Status | Published |
| First published | August 2011 |
| Latest version | 2.3 November 2022 |
| Preview version | 3.0 RC 16 May 2023 |
| Organization | Linux Foundation |
| Committee | SPDX Project |
| Domain | Software bill of materials |
| License | CC-BY-3.0 |
| Website | spdx |
The current version of the standard is 2.3.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.