1 Scope

This System Package Data Exchange (SPDX®) specification defines a standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases. An SPDX document can be associated with a set of software packages, files or snippets and contains information about the software in the SPDX format described in this specification.