Information technology — SPDX® Specification V2.2.1

This Software Package Data Exchange® (SPDX®) specification defines a standard data format for communicating the component and metadata information associated with software packages. An SPDX document can be associated with a set of software packages, files or snippets and contains information about the software in the SPDX format described in this specification.

Technologies de l'information — Spécification SPDX® V2.2.1

General Information

Status
Published
Publication Date
23-Aug-2021
Current Stage
6060 - International Standard published
Start Date
24-Aug-2021
Due Date
03-Oct-2022
Completion Date
24-Aug-2021
Ref Project

Buy Standard

Standard
ISO/IEC 5962:2021 - Information technology -- SPDX® Specification V2.2.1
English language
145 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC PRF 5962:Version 03-jul-2021 - Information technology -- SPDX® Specification V2.2.1
English language
145 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 5962
First edition
2021-08
Information technology — SPDX®
Specification V2.2.1
Technologies de l'information — Spécification SPDX® V2.2.1
Reference number
ISO/IEC 5962:2021(E)
©
ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC 5962:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 5962:2021(E)
Contents
Foreword . xiii
Introduction . xiii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Conformance . 3
4.1 SPDX Current and Previous Versions . 3
4.2 Obsolete features . 3
4.3 Alternate notation for some conformance requirements . 3
4.4 Standard data format requirements . 4
4.5 Trademark Compliance . 5
4.6 The SPDX Lite profile . 5
5 Composition of an SPDX document . 6
5.1 What this specification covers . 6
5.2 Sections . 7
5.2.1 SPDX document creation information section . 7
5.2.2 Package information section . 7
5.2.3 File information section . 8
5.2.4 Snippet information section . 8
5.2.5 Other licensing information detected section . 9
5.2.6 Relationships between SPDX elements information section . 9
5.2.7 Annotations information section . 9
5.2.8 Review information section . 9
5.3 What this specification does not cover . 10
6 SPDX document creation information section . 10
6.1 SPDX version field . 10
6.1.1 Description . 10
6.1.2 Intent . 10
6.1.3 Examples . 10
6.2 Data license field . 11
6.2.1 Description . 11
6.2.2 Intent . 11
6.2.3 Examples . 11
6.3 SPDX identifier field . 12
6.3.1 Description . 12
6.3.2 Intent . 12
6.3.3 Examples . 12
6.4 Document name field . 12
6.4.1 Description . 12
6.4.2 Intent . 13
6.4.3 Examples . 13
6.5 SPDX document namespace field . 13
6.5.1 Description . 13
6.5.2 Intent . 14
6.5.3 Examples . 15
6.6 External document references field . 15
6.6.1 Description . 15
6.6.2 Intent . 15
© ISO/IEC 2021 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 5962:2021(E)
6.6.3 Examples .16
6.7 License list version field .16
6.7.1 Description .16
6.7.2 Intent .17
6.7.3 Examples .17
6.8 Creator field .17
6.8.1 Description .17
6.8.2 Intent .18
6.8.3 Examples .18
6.9 Created field .18
6.9.1 Description .18
6.9.2 Intent .19
6.9.3 Examples .19
6.10 Creator comment field.19
6.10.1 Description .19
6.10.2 Intent .20
6.10.3 Examples .20
6.11 Document comment field .20
6.11.1 Description .20
6.11.2 Intent .21
6.11.3 Examples .21
7 Package information section .21
7.1 Package name field .21
7.1.1 Description .21
7.1.2 Intent .21
7.1.3 Examples .21
7.2 Package SPDX identifier field .22
7.2.1 Description .22
7.2.2 Intent .22
7.2.3 Examples .22
7.3 Package version field .23
7.3.1 Description .23
7.3.2 Intent .23
7.3.3 Examples .23
7.4 Package file name field .23
7.4.1 Description .23
7.4.2 Intent .24
7.4.3 Examples .24
7.5 Package supplier field .24
7.5.1 Description .24
7.5.2 Intent .25
7.5.3 Examples .25
7.6 Package originator field .25
7.6.1 Description .25
7.6.2 Intent .26
7.6.3 Examples .26
7.7 Package download location field .27
7.7.1 Description .27
7.7.2 Intent .28
7.7.3 Examples .28
7.8 Files analyzed field .32
7.8.1 Description .32
7.8.2 Intent .32
7.8.3 Examples .33
iv © ISO/IEC 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 5962:2021(E)
7.9 Package verification code field . 33
7.9.1 Description . 33
7.9.2 Intent . 34
7.9.3 Examples . 34
7.10 Package checksum field . 35
7.10.1 Description . 35
7.10.2 Intent . 35
7.10.3 Examples . 35
7.11 Package home page field . 36
7.11.1 Description . 36
7.11.2 Intent . 37
7.11.3 Examples . 37
7.12 Source information field . 37
7.12.1 Description . 37
7.12.2 Intent . 38
7.12.3 Examples . 38
7.13 Concluded license field . 38
7.13.1 Description . 38
7.13.2 Intent . 39
7.13.3 Examples . 39
7.14 All licenses information from files field . 40
7.14.1 Description . 40
7.14.2 Intent . 40
7.14.3 Examples . 41
7.15 Declared license field . 41
7.15.1 Description . 41
7.15.2 Intent . 42
7.15.3 Examples . 42
7.16 Comments on license field . 43
7.16.1 Description . 43
7.16.2 Intent . 43
7.16.3 Examples . 43
7.17 Copyright text field. 44
7.17.1 Description . 44
7.17.2 Intent . 44
7.17.3 Examples . 44
7.18 Package summary description field . 45
7.18.1 Description . 45
7.18.2 Intent . 45
7.18.3 Examples . 45
7.19 Package detailed description field . 45
7.19.1 Description . 45
7.19.2 Intent . 46
7.19.3 Examples . 46
7.20 Package comment field . 46
7.20.1 Description . 46
7.20.2 Intent . 47
7.20.3 Examples . 47
7.21 External reference field . 47
7.21.1 Description . 47
7.21.2 Intent . 48
7.21.3 Examples . 48
7.22 External reference comment field . 49
7.22.1 Description . 49
© ISO/IEC 2021 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 5962:2021(E)
7.22.2 Intent .49
7.22.3 Examples .50
7.23 Package attribution text field .50
7.23.1 Description .50
7.23.2 Intent .51
7.23.3 Examples .51
8 File information section .51
8.1 File name field .51
8.1.1 Description .51
8.1.2 Intent .52
8.1.3 Examples .52
8.2 File SPDX identifier field .52
8.2.1 Description .52
8.2.2 Intent .52
8.2.3 Examples .52
8.3 File type field .53
8.3.1 Description .53
8.3.2 Intent .54
8.3.3 Examples .54
8.4 File checksum field .54
8.4.1 Description .54
8.4.2 Intent .55
8.4.3 Examples .
...

INTERNATIONAL ISO/IEC
STANDARD 5962
First edition
Information Technology — SPDX®
Specification V2.2.1
PROOF/ÉPREUVE
Reference number
ISO/IEC 5962:2021(E)
©
ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC 5962:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 5962:2021(E)
Contents
Foreword . xiii
Introduction . xiii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Conformance . 3
4.1 SPDX Current and Previous Versions . 3
4.2 Obsolete features . 3
4.3 Alternate notation for some conformance requirements . 3
4.4 Standard data format requirements . 4
4.5 Trademark Compliance . 5
4.6 The SPDX Lite profile . 5
5 Composition of an SPDX document . 6
5.1 What this specification covers . 6
5.2 Sections . 7
5.2.1 SPDX document creation information section . 7
5.2.2 Package information section . 7
5.2.3 File information section . 8
5.2.4 Snippet information section . 8
5.2.5 Other licensing information detected section . 9
5.2.6 Relationships between SPDX elements information section . 9
5.2.7 Annotations information section . 9
5.2.8 Review information section . 9
5.3 What this specification does not cover . 10
6 SPDX document creation information section . 10
6.1 SPDX version field . 10
6.1.1 Description . 10
6.1.2 Intent . 10
6.1.3 Examples . 10
6.2 Data license field . 11
6.2.1 Description . 11
6.2.2 Intent . 11
6.2.3 Examples . 11
6.3 SPDX identifier field . 12
6.3.1 Description . 12
6.3.2 Intent . 12
6.3.3 Examples . 12
6.4 Document name field . 12
6.4.1 Description . 12
6.4.2 Intent . 13
6.4.3 Examples . 13
6.5 SPDX document namespace field . 13
6.5.1 Description . 13
6.5.2 Intent . 14
6.5.3 Examples . 15
6.6 External document references field . 15
6.6.1 Description . 15
6.6.2 Intent . 15
© ISO/IEC 2021 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 5962:2021(E)
6.6.3 Examples .16
6.7 License list version field .16
6.7.1 Description .16
6.7.2 Intent .17
6.7.3 Examples .17
6.8 Creator field .17
6.8.1 Description .17
6.8.2 Intent .18
6.8.3 Examples .18
6.9 Created field .18
6.9.1 Description .18
6.9.2 Intent .19
6.9.3 Examples .19
6.10 Creator comment field.19
6.10.1 Description .19
6.10.2 Intent .20
6.10.3 Examples .20
6.11 Document comment field .20
6.11.1 Description .20
6.11.2 Intent .21
6.11.3 Examples .21
7 Package information section .21
7.1 Package name field .21
7.1.1 Description .21
7.1.2 Intent .21
7.1.3 Examples .21
7.2 Package SPDX identifier field .22
7.2.1 Description .22
7.2.2 Intent .22
7.2.3 Examples .22
7.3 Package version field .23
7.3.1 Description .23
7.3.2 Intent .23
7.3.3 Examples .23
7.4 Package file name field .23
7.4.1 Description .23
7.4.2 Intent .24
7.4.3 Examples .24
7.5 Package supplier field .24
7.5.1 Description .24
7.5.2 Intent .25
7.5.3 Examples .25
7.6 Package originator field .25
7.6.1 Description .25
7.6.2 Intent .26
7.6.3 Examples .26
7.7 Package download location field .27
7.7.1 Description .27
7.7.2 Intent .28
7.7.3 Examples .28
7.8 Files analyzed field .32
7.8.1 Description .32
7.8.2 Intent .32
7.8.3 Examples .33
iv © ISO/IEC 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 5962:2021(E)
7.9 Package verification code field . 33
7.9.1 Description . 33
7.9.2 Intent . 34
7.9.3 Examples . 34
7.10 Package checksum field . 35
7.10.1 Description . 35
7.10.2 Intent . 35
7.10.3 Examples . 35
7.11 Package home page field . 36
7.11.1 Description . 36
7.11.2 Intent . 37
7.11.3 Examples . 37
7.12 Source information field . 37
7.12.1 Description . 37
7.12.2 Intent . 38
7.12.3 Examples . 38
7.13 Concluded license field . 38
7.13.1 Description . 38
7.13.2 Intent . 39
7.13.3 Examples . 39
7.14 All licenses information from files field . 40
7.14.1 Description . 40
7.14.2 Intent . 40
7.14.3 Examples . 41
7.15 Declared license field . 41
7.15.1 Description . 41
7.15.2 Intent . 42
7.15.3 Examples . 42
7.16 Comments on license field . 43
7.16.1 Description . 43
7.16.2 Intent . 43
7.16.3 Examples . 43
7.17 Copyright text field. 44
7.17.1 Description . 44
7.17.2 Intent . 44
7.17.3 Examples . 44
7.18 Package summary description field . 45
7.18.1 Description . 45
7.18.2 Intent . 45
7.18.3 Examples . 45
7.19 Package detailed description field . 45
7.19.1 Description . 45
7.19.2 Intent . 46
7.19.3 Examples . 46
7.20 Package comment field . 46
7.20.1 Description . 46
7.20.2 Intent . 47
7.20.3 Examples . 47
7.21 External reference field . 47
7.21.1 Description . 47
7.21.2 Intent . 48
7.21.3 Examples . 48
7.22 External reference comment field . 49
7.22.1 Description . 49
© ISO/IEC 2021 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 5962:2021(E)
7.22.2 Intent .49
7.22.3 Examples .50
7.23 Package attribution text field .50
7.23.1 Description .50
7.23.2 Intent .51
7.23.3 Examples .51
8 File information section .51
8.1 File name field .51
8.1.1 Description .51
8.1.2 Intent .52
8.1.3 Examples .52
8.2 File SPDX identifier field .52
8.2.1 Description .52
8.2.2 Intent .52
8.2.3 Examples .52
8.3 File type field .53
8.3.1 Description .53
8.3.2 Intent .54
8.3.3 Examples .54
8.4 File checksum field .54
8.4.1 Description .54
8.4.2 Intent .55
8.4.3 Examples .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.