All about SPDX 3.0

<p>SPDX is one of the three SBOM specifications recommended by&nbsp;<a href="https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf" rel="noopener ugc nofollow" target="_blank">NTIA</a>/CISA.</p> <p>The&nbsp;<a href="https://spdx.dev/" rel="noopener ugc nofollow" target="_blank">SPDX team</a>&nbsp;is working on a significant update &mdash; SPDX version 3.0, targeted for general availability this fall. SPDX 3.0 packs features that cover new SBOM use cases and simplify existing capabilities.</p> <p>Let&#39;s&#39; dig in.</p> <h1>SPDX Profiles</h1> <p><img alt="" src="https://miro.medium.com/v2/resize:fit:630/1*UsRJW_E28trCATUk1LoGdw.png" style="height:82px; width:700px" /></p> <p>Snipped from&nbsp;<a href="https://raw.githubusercontent.com/spdx/spdx-3-model/main/model.png" rel="noopener ugc nofollow" target="_blank">https://raw.githubusercontent.com/spdx/spdx-3-model/main/model.png</a></p> <p>SPDX&#39;s&#39; flexibility is contained in a new abstraction called &#39;&#39;Profile&#39;&#39;. SPDX Profiles describes a specific use case for the SPDX document. Therefore, a document applicable to a specific use case can leave the details for another Profile.</p> <p>To achieve this, SPDX fields from version 2.3 (with some changes) are segmented into three groups</p> <p><a href="https://medium.com/@interlynkblog/all-about-spdx-3-0-7763c9e93c78">Click Here</a></p> <ul> </ul>
Tags: Software SPDX