Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://spdx.github.io/spdx-spec/

The SPDX specification in MarkDown and HTML formats.
https://spdx.github.io/spdx-spec/

licenses linux-foundation software-package-data-exchange spdx specification

Last synced: 28 days ago
JSON representation

The SPDX specification in MarkDown and HTML formats.

Host: GitHub
URL: https://spdx.github.io/spdx-spec/
Owner: spdx
License: other
Created: 2017-05-10T17:47:17.000Z (over 7 years ago)
Default Branch: development/v3.0.1
Last Pushed: 2024-05-06T01:06:31.000Z (7 months ago)
Last Synced: 2024-05-07T18:16:11.565Z (7 months ago)
Topics: licenses, linux-foundation, software-package-data-exchange, spdx, specification
Language: Python
Homepage: https://spdx.github.io/spdx-spec/
Size: 35.6 MB
Stars: 269
Watchers: 32
Forks: 131
Open Issues: 90
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome-sbom - SPDX Spec

README

        # The System Package Data Exchange (SPDX®) Specification

The System Package Data Exchange (SPDX®) specification is an open standard

designed to represent systems containing software components as

Software Bill of Materials (SBOMs).

Additionally, SPDX supports AI, data, and security references,

making it suitable for a wide range of risk management use cases.

The SPDX standard helps facilitate compliance with free and open source

software licenses by standardizing the way license information is shared across

the software supply chain. SPDX reduces redundant work by providing a common

format for companies and communities to share important data about software

licenses and copyrights, thereby streamlining and improving compliance.

## Specification development

The specification is comprised of documents located in the `docs/` directory

of this `spdx/spdx-spec` repository, as well as a model documentation

generated from Markdown files within the

[spdx/spdx-3-model](https://github.com/spdx/spdx-3-model/) repository.

This `spdx/spdx-spec` repository holds under active development version

of the specification as:

- Markdown:

  [`development/v3.0.1`](https://github.com/spdx/spdx-spec/tree/development/v3.0.1/docs)

  branch

- HTML: `gh-pages` branch, built on every commit to the development branch

  - Current stable (v3.0.1): 

Contributions are welcome. Contributions to this repository are made pursuant to the

[SPDX Community Specification Contributor License Agreement 1.0](https://github.com/spdx/governance/blob/main/0._SPDX_Contributor_License_Agreement.md).

Please see the contributing guidelines, governance practices,

and build instructions in the

[related documents](#related-documents-and-repositories) section.

## Repository structure

This repository consists of these files and directories (partial):

- `.github/workflow` - Workflow definitions.

  - [`publish_v3.yml`](.github/workflows/publish_v3.yml)

    The website (HTML) generation workflow.

- `bin/` - Scripts for spec generation.

- `docs/` - Specification content:

  - `annexes/` - Annexes for the specification.

  - `css/` - Style sheets for HTML.

  - `front/` - Front matter.

  - `images/` - Model diagrams. These image files are to be generated from a

    diagram description file

    [model.drawio](https://github.com/spdx/spdx-3-model/blob/main/model.drawio)

    in `spdx/spdx-3-model` repo and manually copied here.

  - `licenses/` - Licenses that used by the SPDX specifications.

  - `model/` - Model files. This subdirectory _is to be created_ by a script

    from `spdx/spec-parser` repo, using model information from

    `spdx/spdx-3-model` repo (see the build instructions below).

- `examples/` - Examples of various SPDX serializations for the current version

  of the spec.

- `mkdocs.yml` - MkDocs recipe for the spec documentation generation. The

  inclusion of model files and the order of chapters are defined here.

## Related documents and repositories

| Documentation | Link |

|---------|------|

| Changes between versions | [CHANGELOG.md](./CHANGELOG.md) |

| Contributing guidelines | [CONTRIBUTING.md](./CONTRIBUTING.md) |

| Building the specification website (for testing purpose) | [build.md](build.md) |

| Governance practices | [spdx/governance](https://github.com/spdx/governance/) |

| SPDX 3 model development | [spdx/spdx-3-model](https://github.com/spdx/spdx-3-model/) |

| Model specification parser | [spdx/spec-parser](https://github.com/spdx/spec-parser/) |

| How to use the specification | [spdx/using](https://github.com/spdx/using/) |

| Use cases and scenarios | [spdx/spdx-examples](https://github.com/spdx/spdx-examples/) |

| SPDX website, with more information about the specification |  |

| Official releases of the specification, including PDFs |  |