The Software Package Data Exchange® (SPDX®) specification is a standard format for communicating the components, licenses and copyrights associated with a software package.

Announcing the SPDX Report Program

The objective of the SPDX Report program is to create a repository of articles to capture and share community knowledge about anything and everything SPDX.  Submit something today!

SPDX Specification version 2.0

The SPDX 2.0 Specification has been released. It is now the current version of the Specification.



Have a tool that supports SPDX?

We are looking for community and/or commercial tools that support SPDX. If you would like to have a link to your tool click here to see how to submit it.



From the SPDX Workgroup

SPDX Tool bake off and Talks at LinuxCon 2015 North Americs

There will be an SPDX tools bake-off for the 2.0 specification on Monday the 17th. Here are the details and feel free to drop by:

Virginia Room (located on the 4th floor, Union St side of hotel)

9:00am - 1:00pm

Our own Gary O'Neall, tools maintaner for SPDX, is giving a talk on SPDX entitled "Describing License Information in SPDX - It's Easier Than You Think".  Donit miss it!


Learn about and participate in SPDX

The SPDX Specification

Download the current version

SPDX Version 2.0

This is the current version of the specification

SPDX Tools

Implement SPDX in your organization


OSIT allows developers to scan, self-verify their source code and report during development.


AIRS helps supply chain partners share data regarding identification of open source components in software packages.

Consolidated SPDX Tools and Library

SPDX workgroup tools to support SPDX 2.0 (consolidates all tool functionality into a single download).


The Yocto+SPDX project is built to integrated SPDX generation into the Yocto build process.