SPDX
System Package Data Exchange
The System Package Data Exchange (SPDX®) specification defines an open standard for communicating bill of materials (BOM) information for different topic areas. SPDX defines an underlying data model as well as multiple serialization formats to encode that data model. SPDX metadata includes details about creation and distribution, including the following: + software composition, for collections of software (Packages), individual Files, and portions of files (Snippets) + software build information + artificial intelligence (AI) models + datasets + creator, supplier and distributor identity information + provenance and integrity + licenses and copyrights, including a curated list of licenses and exceptions + security vulnerabilities, defects, and other quality data + relationships between system elements + software usage and lifecycle + mechanisms to enable annotating SPDX elements and linking between multiple SPDX Documents
- Title:
- System Package Data Exchange
- Acronym:
- SPDX
- Version:
-
3.0
- Document Status:
-
formal ⓘ
- Publication Date:
- March 2025
- Categories:
- IPR Mode ⓘ
- Non-Assert ⓘ
Table Of Contents
- About the Specification
- Companies that have contributed to the development of this Specification
- Issues associated with this specification
- Specification Documents
- History
- Links
Companies that have contributed to the development of this Specification
- Copyright © 2024 CAST Software
- Copyright © 2024 MITRE
Issues associated with this specification
Issues Reported in this Specification
‐
Version 3.0 only
Specification Documents
Normative Documents
| Description | Format | URL | OMG File ID |
|---|---|---|---|
| Specification |
SPDX/3.0/PDF
|
formal/24-11-01 |
Normative Machine Readable Documents
| Description | Format | URL | OMG File ID |
|---|---|---|---|
| updated JSON-LD file of the SPDX 3.0.1 model | JSONLD |
SPDX/20240909/spdx-model.jsonld
|
ptc/24-09-01 |
| spdx-model | TTL |
SPDX/20240909/spdx-model.ttl
|
ptc/24-09-02 |
History
Formal Versions
| Version | Adoption Date | URL |
|---|---|---|
| 3.0 | March 2025 | https://www.omg.org/spec/SPDX/3.0 |
Links
- This Document:
- https://www.omg.org/spec/SPDX/3.0/About-SPDX
- RDF
- https://www.omg.org/spec/SPDX/3.0/About-SPDX.rdf
- JSON-LD
- https://www.omg.org/spec/SPDX/3.0/About-SPDX.jsonld
- Latest Document:
- https://www.omg.org/spec/SPDX
- RDF
- https://www.omg.org/spec/SPDX/About-SPDX.rdf
- JSON-LD
- https://www.omg.org/spec/SPDX/About-SPDX.jsonld
- All Machine Readable:
- https://www.omg.org/spec/SPDX/machine-readable
- Members Only
- https://www.omg.org/members/spec/SPDX/3.0
- Supersedes:
- https://www.omg.org/spec/SPDX/3.0/Beta2
- Contact:
- Send a question ⓘ