About SPDX and Black Duck

Document and Share BOMs

The Software Package Data Exchange^® (SPDX^®) is an evolving standard for communicating the open source content, licenses and copyrights associated with a software package. The purpose of the standard is to help companies in a software supply chain more easily comply with software licensing obligations.

SPDX provides a uniform approach to documenting and sharing a software bill of materials (BOM), making it more efficient for supply chain partners to communicate. The standard is developed and maintained by the SPDX workgroup of the Linux Foundation and is a critical element of the foundation’s Open Compliance Program.

Black Duck’s Support of SPDX

Black Duck has been instrumental in developing SPDX through participation in the SPDX workgroup. Our involvement includes:

Chairing the SPDX workgroup
Actively participating in the three SPDX teams: Technical, Business and Legal
Authoring the first SPDX whitepaper
Developing and evolving the structure of the spdx.org website and supporting the SPDX beta process
Implementing SPDX software BOM in the Black Duck® Suite at no additional cost to customers

For More Information:

Learn about the details of the Software Package Data Exchange Specification at www.spdx.org
View a short presentation: Introduction to SPDX
Read Black Duck’s press release: Black Duck Announces Support for SPDX Version 1.0

Solutions

Industry

Business

Products

Black Duck Suite

Black Duck KnowledgeBase

Code Sight

SPDX

Consulting

Strategy & Governance Services

Olliance Consulting Team

Services

Audit

Fast Start Services

Product Implementation

Training and Certification

Partners

Directory

Become A Partner

Partner Portal Login

About SPDX and Black Duck

Document and Share BOMs