SBOM-SPDX
SPDX SBOM standard — ISO/IEC 5962:2021.
Definition
SPDX v3.0 (2024) introduces Build, Security, AI, Dataset, Lite profiles. Formats: JSON-LD, XML, YAML, RDF/Turtle, tag-value. Canonical SPDX License List identifier. Used by CISA (Cybersecurity & Infrastructure Security Agency) recommendation post-Executive Order 14028.
Origin
Launched 2010 by Linux Foundation ; ISO/IEC 5962:2021.
Example in context
syft scan --output spdx-json mypackage:latest produces an SPDX JSON SBOM.
Related terms
- SBOM CycloneDX — alternative standard.