The Software Package Data Exchange® (SPDX®) is a standard format for communicating information about components associated with software packages. It has wide industry adoption as a standardized Software Bill of Materials. It is also an ISO standard, ISO/IEC 5962:2021.
This repository holds the model for the information captured on the (upcoming) SPDX version 3 standard.
The editable files are written in a constrained subset of Markdown
and are stored in the main
branch.
These files are automatically processed into regular Markdown
and placed in the generated
branch.
People who wish to read the current version of the information should be viewing the latter, while anyone wanting to edit should be working on the former.
For information about how to contribute to a specific profile, please see Contributing.md.
Feel free to join us and contribute! The discussions are happening on the spdx-tech mailing list and during our weekly meetings. All the details are in: https://spdx.dev/participate/tech/