SPDXcompatible

SPDXcompatible refers to software, documents, or workflows that conform to the SPDX specification for Software Package Data Exchange. SPDX is a standard maintained by the SPDX Workgroup under the Linux Foundation. A document or data item is SPDXcompatible if it uses SPDX concepts such as SPDX license identifiers, license expressions, and a defined SPDX data model to express information about software components, their licenses, copyrights, file provenance, and relationships between components.

SPDX defines a formal data model and serializations (SPDX JSON, RDF/XML, and tag-value) to encode an SBOM

Key features include the use of SPDX license identifiers (e.g., MIT, Apache-2.0, GPL-3.0-or-later), license expressions combining

To be SPDXcompatible, a document or tool should: adhere to the SPDX specification version; use valid SPDX

Applications of SPDXcompatible data include generating SBOMs, feeding license scanners, supporting due diligence in open source