SPDX Version 3 Released
Version 3 of the newly renamed System Package Data Exchange (SPDX) was announced at Open Source Summit North America, reports Steven J. Vaughan-Nichols.
SPDX (previously known as Software Package Data Exchange) provides “a standard way for companies to standardize their license and component information (metadata) in software bills of materials (SBOMs) to ease the discovery and labeling of open source components in their products,” Vaughan-Nichols says.
The latest version of SPDX extends beyond software through the addition of profiles, he explains. “It starts with a core SPDX profile that includes all programs, hardware projects, AI, Software as a Service, you name it. Above it are profiles for additional metadata for security, licensing and build information.”
Learn more at The New Stack.
Related content
-
Security and automation with SBOMs
Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities. -
Trivy security scanner
The Trivy open source tool provides information on container and software security. - An Overview of OpenStack
- Canonical Celebrates 20 Years
- Why You Need DDoS Protection