SPDX - The Software Package Data Exchange

An machine-readable open standard format for transmiting SBOM. SBOM (Software Bill of Materials) in general is a document that represents a comprehensive inventory of software components and dependencies (manifest), with license and provenance information. SBOM is employed by organizations assessing theirs vulnerability and risk posture or during the response to a named vulnerability (i.e. list all the packages that include log4j library).

The SPDX specification is a freely available international open standard (ISO/IEC 5692:2021).

Key Online Resources

SPDX - The Software Package Data Exchange, Project Homepage [Online, 2024-04-03]
The Software Package Data Exchange® (SPDX®) Specification Version 2.3, Specification [Online, 2024-04-03]
Software Package_Data_Exchange, Wikipedia [Online, 2024-04-03]

info alert: This article is a stub.

Last modification was made over 1 year ago.