The Software Package Data Exchange® (SPDX®) is a standard format for communicating information about components associated with software packages. It has wide industry adoption as a standardized Software Bill of Materials. It is also an ISO standard, ISO/IEC 5962:2021.
This repository holds the model for the information captured on the (upcoming) SPDX version 3 standard.
The editable files are written in a constrained subset of Markdown
and are stored in the main branch.
These files are automatically processed into the following formats available at https://spdx.github.io/spdx-3-model/:
- HTML files generated by Ontospy: https://spdx.github.io/spdx-3-model/auto-generated/
- JSON-LD context file: context.json
- Model SHACL and OWL files:
Note that these files are also available in the gh-pages branch.
People who wish to read the current version of the information should be viewing the generated files, while anyone wanting to edit should be working on the former.
For information about how to contribute to a specific profile, please see Contributing.md.
Feel free to join us and contribute! The discussions are happening on the spdx-tech mailing list and during our weekly meetings. All the details are in: https://spdx.dev/participate/tech/