SPDX

SPDX is the Software Package Data Exchange project. It is a community-developed specification for software bill-of-material information, in a human-readable and machine-readable format.

Among other things, it aims to:

• make it easier to communicate what software you're distributing or running
• make it easier to understand what dependencies are required / installed
• respect open source developers by making it easier to comply with their licenses for the code they wrote

SPDX website

The SPDX community maintains a list of common (and uncommon) open source and source-available licenses, with a unique identifier for each, to decrease ambiguity about what license(s) apply to software.

License List

The SPDX specification defines the format and contents of SPDX documents. Each SPDX document contains details about one or more packages of software.

Specification

And some examples / demonstrations I've been working on, to show how SPDX can be used to describe various combinations of software:

spdx-examples

There are tools and libraries to work with SPDX files in a variety of languages. Here are some of the official tools:

Java

Golang

Python

If you're interested in participating in the project, come join us!

Participate