Glossary
SPDX
What Is SPDX?
SPDX (Software Package Data Exchange) is an open standard, maintained by the Linux Foundation, for communicating software bill of materials information — including component identifiers, versions, licenses, and supplier details — in a machine-readable format.
SPDX is one of the two dominant SBOM formats (the other being CycloneDX). It is referenced in U.S. federal guidance and widely adopted in enterprise software supply chain workflows. NetRise Turbine produces SPDX-formatted SBOMs from binary analysis and normalizes detected licenses to SPDX identifiers for consistency across tools and policies.
Related Terms
Software Bill of Materials · CycloneDX · NetRise License Intelligence · Open Source Software


