Skip to content
@spdx

SPDX

SPDX is an open standard for communicating SBOM information, including provenance, license, security, and other related information. ISO/IEC 5962:2021
README.md

System Package Data Exchange (SPDX)

Main Website: https://spdx.dev/

This organization houses the primary development activity for SPDX. Use the categories below to find the repositories you are interested in.

Learning about SPDX SBoM and Examples

These repositories are useful if you are looking for more information about how to use SPDX and example SPDX files.

  • using - This repository contains long-form text that explains how to use SPDX, or walks readers through various SPDX use cases.
  • spdx-examples - This repository contains example SPDX files covering various versions and use cases

SPDX SBoM Tooling

These repository contain SPDX related tools and code bindings, which are useful if you want to produce or consumer SPDX documents.

Python

Go

  • tools-golang - Go library for dealing with SPDX documents
  • spdx-go-model - Low level Go library for reading and writing SPDX documents

Java

  • tools-java - Java command line utility for managing and converting SPDX documents
  • spdx-java-library - Java library supporting reading, writing, converting, and validating SPDX documents
  • spdx-java-* - Support libraries used by the spdx-java-library. Descriptions of these repos can be found in the spdx-java-library API documentation

JavaScript

  • tools-ts - TypeScript / JavaScript library for writing SPDX documents

SPDX Licenses

These repositories are related to the SPDX License List

SPDX 3 SBoM Model

These repositories define the SPDX 3 SBoM Standard

  • spdx-3-model - This is the main SPDX 3 model files. If you would like to modify or extend the SPDX 3 specification, start here.
  • spdx-spec - Source for the canonical SPDX specification at spdx.github.io/spdx-spec/. This contains static content like chapters and annexes. For the model files, see spdx-3-model.
  • spec-parser - This is the tool that translates the SPDX 3 model files from Markdown to various outputs

Community

These repositories are related to the SPDX Community activities

  • meetings - Information about SPDX meetings including schedule, links to join, minutes, etc.
  • outreach - Outreach resources for SPDX (e.g. Conference talks, presentations, etc.)
  • governance - Governance practices for the SPDX Working Group.

Pinned Loading

  1. spdx-3-model spdx-3-model Public

    The model for the information captured in SPDX version 3 standard.

    97 61

  2. spdx-spec spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    Python 350 148

  3. tools-python tools-python Public

    A Python library to parse, validate and create SPDX documents.

    Python 231 148

  4. license-list-XML license-list-XML Public

    Source XML and test text files for the SPDX License List

    Makefile 440 360

  5. tools-java tools-java Public

    SPDX Command Line Tools using the Spdx-Java-Library

    Java 83 42

  6. tools-golang tools-golang Public

    Collection of Go packages to work with SPDX files

    Go 154 68

Repositories

Showing 10 of 81 repositories
  • spdx-online-tools Public

    Source for the website providing online SPDX tools

    spdx/spdx-online-tools’s past year of commit activity
    JavaScript 70 Apache-2.0 60 31 (2 issues need help) 9 Updated Dec 28, 2025
  • Spdx-Java-Library Public

    Java library which implements the Java object model for SPDX and provides useful helper functions

    spdx/Spdx-Java-Library’s past year of commit activity
    Java 63 Apache-2.0 42 21 (1 issue needs help) 3 Updated Dec 28, 2025
  • licenseRequestImages Public

    License Request Image Repository

    spdx/licenseRequestImages’s past year of commit activity
    2 0 0 0 Updated Dec 27, 2025
  • spdx-license-matcher Public

    A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.

    spdx/spdx-license-matcher’s past year of commit activity
    Python 33 15 4 0 Updated Dec 24, 2025
  • tools-golang Public

    Collection of Go packages to work with SPDX files

    spdx/tools-golang’s past year of commit activity
    Go 154 68 36 2 Updated Dec 23, 2025
  • spdx-java-model-2_X Public

    Java model files for version 2.X

    spdx/spdx-java-model-2_X’s past year of commit activity
    Java 1 Apache-2.0 3 1 2 Updated Dec 22, 2025
  • spdx-java-model-3_0 Public

    Generates Java source files from the SPDX 3.0+ specification OWL and SHACL files

    spdx/spdx-java-model-3_0’s past year of commit activity
    Java 2 Apache-2.0 2 0 3 Updated Dec 22, 2025
  • spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    spdx/spdx-spec’s past year of commit activity
    Python 350 148 85 (1 issue needs help) 9 Updated Dec 22, 2025
  • ntia-conformance-checker Public

    Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.

    spdx/ntia-conformance-checker’s past year of commit activity
    Python 75 Apache-2.0 20 7 (1 issue needs help) 4 Updated Dec 22, 2025
  • spdx-java-core Public

    Core libraries for the SPDX Java Library

    spdx/spdx-java-core’s past year of commit activity
    Java 2 Apache-2.0 4 0 2 Updated Dec 22, 2025
View all repositories

Top languages

Loading…

Most used topics

Loading…