SPDX
System Package Data Exchange
The System Package Data Exchange (SPDX®) specification defines an open standard for communicating bill of materials (BOM) information for different topic areas. SPDX defines an underlying data model as well as multiple serialization formats to encode that data model. SPDX metadata includes details about creation and distribution, including the following: + software composition, for collections of software (Packages), individual Files, and portions of files (Snippets) + software build information + artificial intelligence (AI) models + datasets + creator, supplier and distributor identity information + provenance and integrity + licenses and copyrights, including a curated list of licenses and exceptions + security vulnerabilities, defects, and other quality data + relationships between system elements + software usage and lifecycle + mechanisms to enable annotating SPDX elements and linking between multiple SPDX Documents
- Title:
- System Package Data Exchange
- Acronym:
- SPDX
- Version:
-
3.0 beta 2
- Document Status:
-
beta ⓘ
This version is made available for informational purposes. The formal version is the final approved specification and is the version that should be followed for compliance with this specification. Access to change bars between versions are available only to OMG members. - Publication Date:
- October 2024
- Categories:
- IPR Mode ⓘ
- Non-Assert ⓘ
Table Of Contents
- About the Specification
- Companies that have contributed to the development of this Specification
- Issues associated with this specification
- Specification Documents
- History
- Links
Companies that have contributed to the development of this Specification
- Copyright © 2024 CAST Software
- Copyright © 2024 MITRE
Issues associated with this specification
Issues Reported in this Specification
‐
Version 3.0 beta 2 only
Issues Fixed in this Specification
‐
Version 3.0 beta 2 only
Specification Documents
Normative Documents
Description | Format | URL | OMG File ID |
---|---|---|---|
Specification |
SPDX/3.0/Beta2/PDF
|
ptc/24-09-04 |
Normative Machine Readable Documents
Description | Format | URL | OMG File ID |
---|---|---|---|
spdx-model | TTL |
SPDX/20240909/spdx-model.ttl
|
ptc/24-09-02 |
Informative Documents
Description | Format | URL | OMG File ID |
---|---|---|---|
Specification changebar |
SPDX/3.0/Beta2/PDF/changebar
|
ptc/24-09-05 |
History
In Process Versions
Version | Adoption Date | URL |
---|---|---|
3.0 beta 2 | October 2024 | https://www.omg.org/spec/SPDX/3.0/Beta2 |
Links
- This Document:
- https://www.omg.org/spec/SPDX/3.0/Beta2/About-SPDX
- RDF
- https://www.omg.org/spec/SPDX/3.0/Beta2/About-SPDX.rdf
- JSON-LD
- https://www.omg.org/spec/SPDX/3.0/Beta2/About-SPDX.jsonld
- Latest Document:
- https://www.omg.org/spec/SPDX
- RDF
- https://www.omg.org/spec/SPDX/About-SPDX.rdf
- JSON-LD
- https://www.omg.org/spec/SPDX/About-SPDX.jsonld
- Members Only
- https://www.omg.org/members/spec/SPDX/3.0/Beta2
- Supersedes:
- https://www.omg.org/spec/SPDX/3.0/Beta1
- Contact:
- Send a question ⓘ