SPDX (Software Packet Data Exchange) is a widely used software bill of materials (SBOM) specification. It’s one of two full-stack SBOM standards approved under the U.S. government’s 2021 cybersecurity executive order, and it supports a number of important software supply chain management use cases. Although SPDX has been around for over a decade (the original v1.0 was released in 2011), the specification has evolved significantly over the years, up to the current v2.3. Today, organization...
