Skip to content
A Python library to parse, validate and create SPDX documents.
Branch: master
Clone or download

Latest commit

pombredanne Merge pull request #121 from altendky/altendky-120-mention_signed-off…

Add --signoff to `git commit` references

Signed-off-by: Philippe Ombredanne <>
Latest commit deee0bf Aug 29, 2019


Type Name Latest commit message Commit time
Failed to load latest commit information.
examples Add XML capabilities usage examples. Aug 23, 2019
spdx Do no crash when writing without a validation Aug 28, 2019
.gitignore Explore hashing bytes not text Aug 28, 2019
.travis.yml Fix the Travis CI matrix build for different Python versions Feb 10, 2017
CONTRIBUTING.MD documented how to use the git cli to sign off on commits Apr 7, 2019
appveyor.yml Do not test older Python on Windows Aug 20, 2019
stdeb.cfg Apply changes suggested from the review of #13 Feb 20, 2017

Python SPDX Library to parse, validate and create SPDX documents

Linux macOS Windows
Linux build status macOS build status Windows build status

This library implements an SPDX tag/value and RDF parser, validator and handler in Python. This is the result of an initial GSoC contribution by @ah450 (or and is maintained by a community of SPDX adopters and enthusiasts.







  • API to create and manipulate SPDX documents.
  • Parse and create Tag/Value, RDF, JSON, YAML, XML format SPDX files


  • Update to full SPDX v2.1
  • Add to full license expression support

How to use

Example tag/value parsing usage:

    from spdx.parsers.tagvalue import Parser
    from spdx.parsers.tagvaluebuilders import Builder
    from spdx.parsers.loggers import StandardLogger
    p = Parser(Builder(), StandardLogger())
    # data is a string containing the SPDX file.
    document, error = p.parse(data)

The examples directory contains several code samples. Here some of them:

  • is an example tag/value parsing usage. Try running python ../data/SPDXSimpleTag.tag

  • provides an example of writing tag/value files. Run python sample.tag to test it.

  • demonstrates how to pretty-print a tag/value file. To test it run python ../data/SPDXTagExample.tag pretty.tag.

  • demonstrates how to parse an RDF file and print out document information. To test it run python ../data/SPDXRdfExample.rdf

  • demonstrates how to convert an RDF file to a tag/value one. To test it run python ../data/SPDXRdfExample.rdf converted.tag

  • demonstrates how to pretty-print an RDF file, to test it run python ../data/SPDXRdfExample.rdf pretty.rdf


As always you should work in a virtualenv or venv. You can install a local clone of this repo with yourenv/bin/pip install . or install from PyPI with yourenv/bin/pip install spdx-tools. Note that on Windows it would be Scripts instead of bin.

How to run tests

From the project root directory run: python test. You can use another test runner such as pytest or nose at your preference.

Development process

We use the GitHub flow that is described here:

So, whenever we have to make some changes to the code, we should follow these steps:

  1. Create a new branch: git checkout -b fix-or-improve-something
  2. Make some changes and the first commit(s) to the branch: git commit --signoff -m 'What changes we did'
  3. Push the branch to GitHub: git push origin fix-or-improve-something
  4. Make a pull request on GitHub.
  5. Continue making more changes and commits on the branch, with git commit --signoff and git push.
  6. When done, write a comment on the PR asking for a code review.
  7. Some other developer will review your changes and accept your PR. The merge should be done with rebase, if possible, or with squash.
  8. The temporary branch on GitHub should be deleted (there is a button for deleting it).
  9. Delete the local branch as well:
    git checkout master
    git pull -p
    git branch -a
    git branch -d fix-or-improve-something

Besides this, another requirement is that every change should be made to fix or close an issue: If there is no issue for the changes that you want to make, create first an issue about it that describes what needs to be done, assign it to yourself, and then start working for closing it.



You can’t perform that action at this time.