Skip to content
@spdx

SPDX

SPDX is an open standard for communicating SBOM information, including provenance, license, security, and other related information. ISO/IEC 5962:2021

System Package Data Exchange (SPDX)

Main Website: https://spdx.dev/

This organization houses the primary development activity for SPDX. Use the categories below to find the repositories you are interested in.

Learning about SPDX SBoM and Examples

These repositories are useful if you are looking for more information about how to use SPDX and example SPDX files.

  • using - This repository contains long-form text that explains how to use SPDX, or walks readers through various SPDX use cases.
  • spdx-examples - This repository contains example SPDX files covering various versions and use cases

SPDX SBoM Tooling

These repository contain SPDX related tools and code bindings, which are useful if you want to produce or consumer SPDX documents.

Python

Go

  • tools-golang - Go library for dealing with SPDX documents
  • spdx-go-model - Low level Go library for reading and writing SPDX documents

Java

  • tools-java - Java command line utility for managing and converting SPDX documents
  • spdx-java-library - Java library supporting reading, writing, converting, and validating SPDX documents
  • spdx-java-* - Support libraries used by the spdx-java-library. Descriptions of these repos can be found in the spdx-java-library API documentation

JavaScript

  • tools-ts - TypeScript / JavaScript library for writing SPDX documents

SPDX Licenses

These repositories are related to the SPDX License List

SPDX 3 SBoM Model

These repositories define the SPDX 3 SBoM Standard

  • spdx-3-model - This is the main SPDX 3 model files. If you would like to modify or extend the SPDX 3 specification, start here.
  • spdx-spec - The canonical SPDX specification, such as website files, RDF file, etc. This has both static content as well as content generated from the SPDX 3 model Markdown files.
  • spec-parser - This is the tool that translates the SPDX 3 model files from Markdown to various outputs

Community

These repositories are related to the SPDX Community activities

  • meetings - Information about SPDX meetings including schedule, links to join, minutes, etc.
  • outreach - Outreach resources for SPDX (e.g. Conference talks, presentations, etc.)
  • governance - Governance practices for the SPDX Working Group.

Pinned Loading

  1. spdx-3-model Public

    The model for the information captured in SPDX version 3 standard.

    91 51

  2. spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    Python 335 146

  3. tools-python Public

    A Python library to parse, validate and create SPDX documents.

    Python 225 146

  4. license-list-XML Public

    Source XML and test text files for the SPDX License List

    Makefile 410 322

  5. tools-java Public

    SPDX Command Line Tools using the Spdx-Java-Library

    Java 80 41

  6. tools-golang Public

    Collection of Go packages to work with SPDX files

    Go 148 62

Repositories

Showing 10 of 81 repositories

Top languages

Loading…

Most used topics

Loading…