Skip to content
@spdx

SPDX

SPDX is an open standard for communicating SBOM information, including provenance, license, security, and other related information. ISO/IEC 5962:2021
README.md

System Package Data Exchange (SPDX)

Main Website: https://spdx.dev/

This organization houses the primary development activity for SPDX. Use the categories below to find the repositories you are interested in.

Learning about SPDX SBoM and Examples

These repositories are useful if you are looking for more information about how to use SPDX and example SPDX files.

  • using - This repository contains long-form text that explains how to use SPDX, or walks readers through various SPDX use cases.
  • spdx-examples - This repository contains example SPDX files covering various versions and use cases

SPDX SBoM Tooling

These repository contain SPDX related tools and code bindings, which are useful if you want to produce or consumer SPDX documents.

Python

Go

  • tools-golang - Go library for dealing with SPDX documents
  • spdx-go-model - Low level Go library for reading and writing SPDX documents

Java

  • tools-java - Java command line utility for managing and converting SPDX documents
  • spdx-java-library - Java library supporting reading, writing, converting, and validating SPDX documents
  • spdx-java-* - Support libraries used by the spdx-java-library. Descriptions of these repos can be found in the spdx-java-library API documentation

JavaScript

  • tools-ts - TypeScript / JavaScript library for writing SPDX documents

SPDX Licenses

These repositories are related to the SPDX License List

SPDX 3 SBoM Model

These repositories define the SPDX 3 SBoM Standard

  • spdx-3-model - This is the main SPDX 3 model files. If you would like to modify or extend the SPDX 3 specification, start here.
  • spdx-spec - The canonical SPDX specification, such as website files, RDF file, etc. This has both static content as well as content generated from the SPDX 3 model Markdown files.
  • spec-parser - This is the tool that translates the SPDX 3 model files from Markdown to various outputs

Community

These repositories are related to the SPDX Community activities

  • meetings - Information about SPDX meetings including schedule, links to join, minutes, etc.
  • outreach - Outreach resources for SPDX (e.g. Conference talks, presentations, etc.)
  • governance - Governance practices for the SPDX Working Group.

Pinned Loading

  1. spdx-3-model spdx-3-model Public

    The model for the information captured in SPDX version 3 standard.

    91 51

  2. spdx-spec spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    Python 335 146

  3. tools-python tools-python Public

    A Python library to parse, validate and create SPDX documents.

    Python 225 146

  4. license-list-XML license-list-XML Public

    Source XML and test text files for the SPDX License List

    Makefile 410 322

  5. tools-java tools-java Public

    SPDX Command Line Tools using the Spdx-Java-Library

    Java 80 41

  6. tools-golang tools-golang Public

    Collection of Go packages to work with SPDX files

    Go 148 62

Repositories

Showing 10 of 81 repositories
  • spdx-maven-plugin Public

    Plugin for supporting SPDX in a Maven build.

    spdx/spdx-maven-plugin’s past year of commit activity
    Java 57 Apache-2.0 29 14 1 Updated Jul 25, 2025
  • spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    spdx/spdx-spec’s past year of commit activity
    Python 335 146 84 (1 issue needs help) 16 Updated Jul 25, 2025
  • spdx-3-model Public

    The model for the information captured in SPDX version 3 standard.

    spdx/spdx-3-model’s past year of commit activity
    91 51 97 (1 issue needs help) 20 Updated Jul 25, 2025
  • ntia-conformance-checker Public

    Check SPDX SBOM for NTIA minimum elements

    spdx/ntia-conformance-checker’s past year of commit activity
    Python 66 Apache-2.0 18 4 (1 issue needs help) 1 Updated Jul 25, 2025
  • meetings Public

    This repository stores meetings minutes for the SPDX project

    spdx/meetings’s past year of commit activity
    33 24 7 18 Updated Jul 25, 2025
  • license-list-XML Public

    Source XML and test text files for the SPDX License List

    spdx/license-list-XML’s past year of commit activity
    Makefile 410 322 83 (1 issue needs help) 10 Updated Jul 25, 2025
  • license-list-data Public

    Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

    spdx/license-list-data’s past year of commit activity
    HTML 589 166 1 0 Updated Jul 24, 2025
  • .github Public

    SPDX Overview

    spdx/.github’s past year of commit activity
    0 CC0-1.0 2 1 0 Updated Jul 24, 2025
  • spdx-java-core Public

    Core libraries for the SPDX Java Library

    spdx/spdx-java-core’s past year of commit activity
    Java 2 Apache-2.0 4 0 0 Updated Jul 24, 2025
  • Spdx-Java-Library Public

    Java library which implements the Java object model for SPDX and provides useful helper functions

    spdx/Spdx-Java-Library’s past year of commit activity
    Java 61 Apache-2.0 41 22 (1 issue needs help) 4 Updated Jul 24, 2025
View all repositories