shway
/
Notepad
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated: 2023-07-18 10:26:42 + 4

main
shwetha729 2023-07-18 10:26:43 -04:00
parent add17a9e77
commit fa0c98b2f5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
enter/SPDX.md
View File

@ -3,4 +3,4 @@
Software Package Data Exchange (SPDX) is **an open standard for communicating software Bill of Materials (SBOM) information, including components, licenses, copyrights, and security references**. It is used to create Software Bill of Material lists (SBOMs), encapsulate licensing and copyright details, and provide package metadata such as version identifiers and known vulnerabilities.0 SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance, security, and dependability.Its original purpose was to improve license compliance, but it has since been expanded to facilitate additional use-cases, such as supply-chain transparency and security. SPDX has a rich ecosystem of existing tools that provides a common format for companies and communities to share important data to streamline and improve the identification and monitoring of software. Software Package Data Exchange (SPDX) is **an open standard for communicating software Bill of Materials (SBOM) information, including components, licenses, copyrights, and security references**. It is used to create Software Bill of Material lists (SBOMs), encapsulate licensing and copyright details, and provide package metadata such as version identifiers and known vulnerabilities.0 SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance, security, and dependability.Its original purpose was to improve license compliance, but it has since been expanded to facilitate additional use-cases, such as supply-chain transparency and security. SPDX has a rich ecosystem of existing tools that provides a common format for companies and communities to share important data to streamline and improve the identification and monitoring of software.
Organized by the Linux Foundation Organized by the Linux Foundation
visit the full list on their site [here](https://spdx.dev/). For a quick [overview](https://spdx.dev/wp-content/uploads/sites/41/2020/04/easier_than_you_think.pdf) or visit the full list on their site [here](https://spdx.dev/).