,
Wondershare EdrawMind
Product Tour
Resources
Template Center
Blog
Gallery
Pricing
Log in
Sign up
Return to Mind Map Gallery
SPDX - Software Package Data Exchange
Duplicate
It provides important meta information about the package as a whole. Packages are
an abstract concept that can be used to refer to any distribution of software, typically
consisting of one or more files and capable of containing sub-packages
It provides important meta information about a given file including licenses and
copyright
Snippets can optionally be used when a file is known to have some content that has
been included from another original source. They are useful for denoting when part of
a file may have been originally created under another license or copied from a place
with a known vulnerability.
This section is used for any detected, declared or concluded licenses that are NOT on
the SPDX License List.
Packages, files, and snippets are all considered to be SPDX elements, and
relationships can be made explicit between these SPDX elements by using the fields
in this section.
Annotations permit the addition of information to validate and clarify ambiguous SPDX
elements (packages, files or snippets).
The review information section is included for compatibility with SPDX 1.2, and is
deprecated since SPDX 2.0. Any review information shall use an annotation (as
described in Clause 12) with an annotation type of REVIEW.
SPDX
1.
Package Information
3. SPDX identifier field
1. SPDX version field
2. Data license field
4. Document name field
5. SPDX document namespace field
6. External document references field
7. License list version field
8. Creator field
9. Created field
10. Creator comment field
11. Document comment field
2.
File information
1. File name field
2. File SPDX identifier field
3. File type field
4. File checksum field
5. Concluded license field
6. License information in file field
7. Comments on license field
8. Copyright text field
9. Artifact of project name field (deprecated)
10. Artifact of project homepage field (deprecated)
11. Artifact of project uniform resource identifier field (deprecated)
12. File comment field
13. File notice field
14. File contributor field
15. File attribution text field
16. Description
3.
Snippet information
1. Snippet SPDX identifier field
2. Snippet from file SPDX identifier field
3. Snippet byte range field
4. Snippet line range field
5. Snippet concluded license field
6. License information in snippet field
7. Snippet comments on license field
8. Snippet copyright text field
9. Snippet comment field
10. Snippet name field
11. Snippet attribution text field
5.
Relationships between SPDX elements information section
1. Relationship field
2. Relationship comment field
4.
Other licensing information detected section
1. License identifier field
2. Extracted text field
3. License name field
4. License cross reference field