SPDXStandard
The SPDX (Software Package Data Exchange) standard is an open standard for communicating software bill of materials (SBOM) information. An SBOM is a nested inventory of software components that are required to build and run a piece of software. The SPDX standard provides a common format for exchanging this information, enabling organizations to automate and streamline the process of tracking software components.
The primary goal of the SPDX standard is to facilitate transparency and trust in the software supply
SPDX can be represented in various file formats, including SPDX Tag-Value, SPDX RDF/XML, SPDX JSON, and SPDX