Lite
Summary
The SPDX Lite profile defines a simple view of SPDX data, from the point of view of use cases in some industries.
Description
The SPDX Lite profile consists of mandatory and recommended information.
The mandatory data in SPDX Lite is basic but useful for complying with licenses. It is easy to understand licensing information by reading an SPDX Lite file.
SPDX Lite aims at a balance between the full SPDX data model and actual workflows in some industries.
An SPDX Lite document can also be used in parallel with other SPDX documents in software supply chains.
Metadata
https://spdx.org/rdf/3.0.1/terms/Lite
| Name | Lite |
Profile conformance
In addition to the following mandatory requirements, please refer to the corresponding Annex for elements that should be included as part of a document conforming to the Lite profile.
For a /Software/Package to be conformant with this profile, the following has to hold:
- The minCount for
copyrightTextis 1 - The minCount for
packageVersionis 1 - The minCount for
suppliedByis 1 - At least one of
downloadLocationorpackageUrlmust be present
Additionally:
- for every
/Software/Packagethere MUST exist exactly one/Core/Relationshipof typehasConcludedLicensehaving that element as itsfromproperty and a/SimpleLicensing/AnyLicenseInfoas itstoproperty. - for every
/Software/Packagethere MUST exist exactly one/Core/Relationshipof typehasDeclaredLicensehaving that element as itsfromproperty and a/SimpleLicensing/AnyLicenseInfoas itstoproperty.
For a /Core/SpdxDocument to be conformant with this profile, the following has to hold:
- The minCount for
elementis 1 - The minCount for
rootElementis 1
For a /Software/Sbom to be conformant with this profile, the following has to hold:
- The minCount for
elementis 1 - The minCount for
rootElementis 1
Finally, for a /Core/Agent to be conformant with this profile, the following has to hold:
- The minCount for
nameis 1