Return to Mind Map Gallery

SPDX - Software Package Data Exchange

It provides important meta information about the package as a whole. Packages are an abstract concept that can be used to refer to any distribution of software, typically consisting of one or more files and capable of containing sub-packagesIt provides important meta information about a given file including licenses and copyrightSnippets can optionally be used when a file is known to have some content that has been included from another original source. They are useful for denoting when part of a file may have been originally created under another license or copied from a place with a known vulnerability.This section is used for any detected, declared or concluded licenses that are NOT on the SPDX License List.Packages, files, and snippets are all considered to be SPDX elements, and relationships can be made explicit between these SPDX elements by using the fields in this section.Annotations permit the addition of information to validate and clarify ambiguous SPDX elements (packages, files or snippets).The review information section is included for compatibility with SPDX 1.2, and is deprecated since SPDX 2.0. Any review information shall use an annotation (as described in Clause 12) with an annotation type of REVIEW.SPDX1.Package Information3. SPDX identifier field1. SPDX version field2. Data license field4. Document name field5. SPDX document namespace field6. External document references field7. License list version field8. Creator field9. Created field10. Creator comment field11. Document comment field2.File information1. File name field2. File SPDX identifier field3. File type field4. File checksum field5. Concluded license field6. License information in file field7. Comments on license field8. Copyright text field9. Artifact of project name field (deprecated)10. Artifact of project homepage field (deprecated)11. Artifact of project uniform resource identifier field (deprecated)12. File comment field13. File notice field14. File contributor field15. File attribution text field16. Description3.Snippet information1. Snippet SPDX identifier field2. Snippet from file SPDX identifier field3. Snippet byte range field4. Snippet line range field5. Snippet concluded license field6. License information in snippet field7. Snippet comments on license field8. Snippet copyright text field9. Snippet comment field10. Snippet name field11. Snippet attribution text field5.Relationships between SPDX elements information section1. Relationship field2. Relationship comment field4.Other licensing information detected section1. License identifier field2. Extracted text field3. License name field4. License cross reference field