Lite
Summary
The SPDX Lite profile defines a simple view of SPDX data, from the point of view of use cases in some industries.
Description
The SPDX Lite profile consists of mandatory and recommended information.
The mandatory data in SPDX Lite is basic but useful for complying with licenses. It is easy to understand licensing information by reading an SPDX Lite file.
SPDX Lite aims at a balance between the full SPDX data model and actual workflows in some industries.
An SPDX Lite document can also be used in parallel with other SPDX documents in software supply chains.
Metadata
https://spdx.org/rdf/3.0.1/terms/Lite
Name | Lite |
Profile conformance
In addition to the following mandatory requirements, please refer to the corresponding Annex for elements that should be included as part of a document conforming to the Lite profile.
For a /Software/Package
to be conformant with this profile, the following has to hold:
- The minCount for
copyrightText
is 1 - The minCount for
packageVersion
is 1 - The minCount for
suppliedBy
is 1 - At least one of
downloadLocation
orpackageUrl
must be present
Additionally:
- for every
/Software/Package
there MUST exist exactly one/Core/Relationship
of typehasConcludedLicense
having that element as itsfrom
property and a/SimpleLicensing/AnyLicenseInfo
as itsto
property. - for every
/Software/Package
there MUST exist exactly one/Core/Relationship
of typehasDeclaredLicense
having that element as itsfrom
property and a/SimpleLicensing/AnyLicenseInfo
as itsto
property.
For a /Core/SpdxDocument
to be conformant with this profile, the following has to hold:
- The minCount for
element
is 1 - The minCount for
rootElement
is 1
For a /Software/Sbom
to be conformant with this profile, the following has to hold:
- The minCount for
element
is 1 - The minCount for
rootElement
is 1
Finally, for a /Core/Agent
to be conformant with this profile, the following has to hold:
- The minCount for
name
is 1