Skip to content
@spdx

SPDX

SPDX is an open standard for communicating SBOM information, including provenance, license, security, and other related information. ISO/IEC 5962:2021
README.md

System Package Data Exchange (SPDX)

Main Website: https://spdx.dev/

This organization houses the primary development activity for SPDX. Use the categories below to find the repositories you are interested in.

Learning about SPDX SBoM and Examples

These repositories are useful if you are looking for more information about how to use SPDX and example SPDX files.

  • using - This repository contains long-form text that explains how to use SPDX, or walks readers through various SPDX use cases.
  • spdx-examples - This repository contains example SPDX files covering various versions and use cases

SPDX SBoM Tooling

These repository contain SPDX related tools and code bindings, which are useful if you want to produce or consumer SPDX documents.

Python

Go

  • tools-golang - Go library for dealing with SPDX documents
  • spdx-go-model - Low level Go library for reading and writing SPDX documents

Java

  • tools-java - Java command line utility for managing and converting SPDX documents
  • spdx-java-library - Java library supporting reading, writing, converting, and validating SPDX documents
  • spdx-java-* - Support libraries used by the spdx-java-library. Descriptions of these repos can be found in the spdx-java-library API documentation

JavaScript

  • tools-ts - TypeScript / JavaScript library for writing SPDX documents

SPDX Licenses

These repositories are related to the SPDX License List

SPDX 3 SBoM Model

These repositories define the SPDX 3 SBoM Standard

  • spdx-3-model - This is the main SPDX 3 model files. If you would like to modify or extend the SPDX 3 specification, start here.
  • spdx-spec - Source for the canonical SPDX specification at spdx.github.io/spdx-spec/. This contains static content like chapters and annexes. For the model files, see spdx-3-model.
  • spec-parser - This is the tool that translates the SPDX 3 model files from Markdown to various outputs

Community

These repositories are related to the SPDX Community activities

  • meetings - Information about SPDX meetings including schedule, links to join, minutes, etc.
  • outreach - Outreach resources for SPDX (e.g. Conference talks, presentations, etc.)
  • governance - Governance practices for the SPDX Working Group.

Pinned Loading

  1. spdx-3-model spdx-3-model Public

    The model for the information captured in SPDX version 3 standard.

    94 60

  2. spdx-spec spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    Python 345 148

  3. tools-python tools-python Public

    A Python library to parse, validate and create SPDX documents.

    Python 227 147

  4. license-list-XML license-list-XML Public

    Source XML and test text files for the SPDX License List

    Makefile 424 346

  5. tools-java tools-java Public

    SPDX Command Line Tools using the Spdx-Java-Library

    Java 81 42

  6. tools-golang tools-golang Public

    Collection of Go packages to work with SPDX files

    Go 152 65

Repositories

Showing 10 of 81 repositories
  • spec-parser Public

    automagically process the specification

    spdx/spec-parser’s past year of commit activity
    Python 9 Apache-2.0 13 13 8 Updated Oct 31, 2025
  • spdx-3-model Public

    The model for the information captured in SPDX version 3 standard.

    spdx/spdx-3-model’s past year of commit activity
    94 60 101 (1 issue needs help) 21 Updated Oct 31, 2025
  • spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    spdx/spdx-spec’s past year of commit activity
    Python 345 148 87 (1 issue needs help) 7 Updated Oct 30, 2025
  • tools-java Public

    SPDX Command Line Tools using the Spdx-Java-Library

    spdx/tools-java’s past year of commit activity
    Java 81 Apache-2.0 42 12 4 Updated Oct 30, 2025
  • spdx-online-tools Public

    Source for the website providing online SPDX tools

    spdx/spdx-online-tools’s past year of commit activity
    JavaScript 69 Apache-2.0 60 34 (2 issues need help) 15 Updated Oct 30, 2025
  • licenseRequestImages Public

    License Request Image Repository

    spdx/licenseRequestImages’s past year of commit activity
    2 0 0 0 Updated Oct 30, 2025
  • spdx-license-matcher Public

    A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.

    spdx/spdx-license-matcher’s past year of commit activity
    Python 33 15 3 0 Updated Oct 30, 2025
  • using Public

    Information on how to use the SPDX specification

    spdx/using’s past year of commit activity
    Shell 4 4 8 1 Updated Oct 29, 2025
  • meetings Public

    This repository stores meetings minutes for the SPDX project

    spdx/meetings’s past year of commit activity
    33 29 8 57 Updated Oct 28, 2025
  • license-list-data Public

    Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

    spdx/license-list-data’s past year of commit activity
    HTML 607 174 1 0 Updated Oct 28, 2025
View all repositories

Most used topics

Loading…