The Software Package Data Exchange® (SPDX®) specification is a standard format for communicating the components, licenses and copyrights associated with a software package.

Announcing the SPDX Report Program

The objective of the SPDX Report program is to create a repository of articles to capture and share community knowledge about anything and everything SPDX.  Submit something today!

SPDX Specification version 2.0

The SPDX 2.0 Specification has been released. It is now the current version of the Specification.



Have a tool that supports SPDX?

We are looking for community and/or commercial tools that support SPDX. If you would like to have a link to your tool click here to see how to submit it.



From the SPDX Workgroup

Our own Jilayne Lovejoy will be speaking at LinuxCon Europe

Jilayne will be giving a talk at LinuxCon Europe entitled "Developers Care About the License: Using SPDX to Describe License Information". Adoption of open source software is dependent on being able to communicate license information.

Supply Chain Mini Summit at LinuxCon Europe on 8 October

The Supply Chain Mini-Summit aims to bring together researchers, implementers and assurance professionals from supply chain, license compliance and security domains to explore ways we can improve the automation of information to create a more efficient and accountable software supply chain.   We will be looking at ways to make compliance information more transparent, accurate and accessible; as well as how we can link it in to the security vulnerabilities and weaknesses in a more effective manner.

The SPDX Specification

Download the current version

SPDX Version 2.0

This is the current version of the specification


Learn about and participate in SPDX