SPDX Version 3 Released
Version 3 of the newly renamed System Package Data Exchange (SPDX) was announced at Open Source Summit North America, reports Steven J. Vaughan-Nichols.
SPDX (previously known as Software Package Data Exchange) provides “a standard way for companies to standardize their license and component information (metadata) in software bills of materials (SBOMs) to ease the discovery and labeling of open source components in their products,” Vaughan-Nichols says.
The latest version of SPDX extends beyond software through the addition of profiles, he explains. “It starts with a core SPDX profile that includes all programs, hardware projects, AI, Software as a Service, you name it. Above it are profiles for additional metadata for security, licensing and build information.”
Learn more at The New Stack.
Related content
-
Identifying and using software licenses
Software licenses tell you how you can use software packages and legally deploy the software in your projects. Fortunately, tools help you automate the process of verifying licenses. -
Security and automation with SBOMs
Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities. - An Overview of OpenStack
-
Trivy security scanner
The Trivy open source tool provides information on container and software security. - Canonical Celebrates 20 Years
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Focus On Self-Hosting
• Self-Hosted PaaS with Coolify
• Build and Host Docker Images
• Self-Hosted Pritunl VPN Server with MFA
• Self-Hosted Chat Servers
• Self-Hosted Remote Support with RustDesk
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
