All about SPDX 3.0
<p>SPDX is one of the three SBOM specifications recommended by <a href="https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf" rel="noopener ugc nofollow" target="_blank">NTIA</a>/CISA.</p>
<p>The <a href="https://spdx.dev/" rel="noopener ugc nofollow" target="_blank">SPDX team</a> is working on a significant update — SPDX version 3.0, targeted for general availability this fall. SPDX 3.0 packs features that cover new SBOM use cases and simplify existing capabilities.</p>
<p>Let's' dig in.</p>
<h1>SPDX Profiles</h1>
<p><img alt="" src="https://miro.medium.com/v2/resize:fit:630/1*UsRJW_E28trCATUk1LoGdw.png" style="height:82px; width:700px" /></p>
<p>Snipped from <a href="https://raw.githubusercontent.com/spdx/spdx-3-model/main/model.png" rel="noopener ugc nofollow" target="_blank">https://raw.githubusercontent.com/spdx/spdx-3-model/main/model.png</a></p>
<p>SPDX's' flexibility is contained in a new abstraction called ''Profile''. SPDX Profiles describes a specific use case for the SPDX document. Therefore, a document applicable to a specific use case can leave the details for another Profile.</p>
<p>To achieve this, SPDX fields from version 2.3 (with some changes) are segmented into three groups</p>
<p><a href="https://medium.com/@interlynkblog/all-about-spdx-3-0-7763c9e93c78">Click Here</a></p>
<ul>
</ul>