BS ISO/IEC 5962:2021

$215.11

Information technology. SPDX® Specification V2.2.1

Published By	Publication Date	Number of Pages
BSI	2021	162

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This Software Package Data Exchange® (SPDX®) specification defines a standard data format for communicating the component and metadata information associated with software packages. An SPDX document can be associated with a set of software packages, files or snippets and contains information about the software in the SPDX format described in this specification.

PDF Catalog

PDF Pages	PDF Title
2	undefined
15	Foreword
16	Introduction
17	1 Scope 2 Normative references
18	3 Terms and definitions
19	4 Conformance 4.1 SPDX Current and Previous Versions 4.2 Obsolete features 4.3 Alternate notation for some conformance requirements
20	4.4 Standard data format requirements
21	4.5 Trademark Compliance 4.6 The SPDX Lite profile
22	5 Composition of an SPDX document 5.1 What this specification covers
23	5.2 Sections 5.2.1 SPDX document creation information section 5.2.2 Package information section
24	5.2.3 File information section 5.2.4 Snippet information section
25	5.2.5 Other licensing information detected section 5.2.6 Relationships between SPDX elements information section 5.2.7 Annotations information section 5.2.8 Review information section
26	5.3 What this specification does not cover 6 SPDX document creation information section 6.1 SPDX version field 6.1.1 Description 6.1.2 Intent 6.1.3 Examples
27	6.2 Data license field 6.2.1 Description 6.2.2 Intent 6.2.3 Examples
28	6.3 SPDX identifier field 6.3.1 Description 6.3.2 Intent 6.3.3 Examples 6.4 Document name field 6.4.1 Description
29	6.4.2 Intent 6.4.3 Examples 6.5 SPDX document namespace field 6.5.1 Description
30	6.5.2 Intent
31	6.5.3 Examples 6.6 External document references field 6.6.1 Description 6.6.2 Intent
32	6.6.3 Examples 6.7 License list version field 6.7.1 Description
33	6.7.2 Intent 6.7.3 Examples 6.8 Creator field 6.8.1 Description
34	6.8.2 Intent 6.8.3 Examples 6.9 Created field 6.9.1 Description
35	6.9.2 Intent 6.9.3 Examples 6.10 Creator comment field 6.10.1 Description
36	6.10.2 Intent 6.10.3 Examples 6.11 Document comment field 6.11.1 Description
37	6.11.2 Intent 6.11.3 Examples 7 Package information section 7.1 Package name field 7.1.1 Description 7.1.2 Intent 7.1.3 Examples
38	7.2 Package SPDX identifier field 7.2.1 Description 7.2.2 Intent 7.2.3 Examples
39	7.3 Package version field 7.3.1 Description 7.3.2 Intent 7.3.3 Examples 7.4 Package file name field 7.4.1 Description
40	7.4.2 Intent 7.4.3 Examples 7.5 Package supplier field 7.5.1 Description
41	7.5.2 Intent 7.5.3 Examples 7.6 Package originator field 7.6.1 Description
42	7.6.2 Intent 7.6.3 Examples
43	7.7 Package download location field 7.7.1 Description
44	7.7.2 Intent 7.7.3 Examples
48	7.8 Files analyzed field 7.8.1 Description 7.8.2 Intent
49	7.8.3 Examples 7.9 Package verification code field 7.9.1 Description
50	7.9.2 Intent 7.9.3 Examples
51	7.10 Package checksum field 7.10.1 Description 7.10.2 Intent 7.10.3 Examples
52	7.11 Package home page field 7.11.1 Description
53	7.11.2 Intent 7.11.3 Examples 7.12 Source information field 7.12.1 Description
54	7.12.2 Intent 7.12.3 Examples 7.13 Concluded license field 7.13.1 Description
55	7.13.2 Intent 7.13.3 Examples
56	7.14 All licenses information from files field 7.14.1 Description 7.14.2 Intent
57	7.14.3 Examples 7.15 Declared license field 7.15.1 Description
58	7.15.2 Intent 7.15.3 Examples
59	7.16 Comments on license field 7.16.1 Description 7.16.2 Intent 7.16.3 Examples
60	7.17 Copyright text field 7.17.1 Description 7.17.2 Intent 7.17.3 Examples
61	7.18 Package summary description field 7.18.1 Description 7.18.2 Intent 7.18.3 Examples 7.19 Package detailed description field 7.19.1 Description
62	7.19.2 Intent 7.19.3 Examples 7.20 Package comment field 7.20.1 Description
63	7.20.2 Intent 7.20.3 Examples 7.21 External reference field 7.21.1 Description
64	7.21.2 Intent 7.21.3 Examples
65	7.22 External reference comment field 7.22.1 Description 7.22.2 Intent
66	7.22.3 Examples 7.23 Package attribution text field 7.23.1 Description
67	7.23.2 Intent 7.23.3 Examples 8 File information section 8.1 File name field 8.1.1 Description
68	8.1.2 Intent 8.1.3 Examples 8.2 File SPDX identifier field 8.2.1 Description 8.2.2 Intent 8.2.3 Examples
69	8.3 File type field 8.3.1 Description
70	8.3.2 Intent 8.3.3 Examples 8.4 File checksum field 8.4.1 Description
71	8.4.2 Intent 8.4.3 Examples
72	8.5 Concluded license field 8.5.1 Description 8.5.2 Intent 8.5.3 Examples
73	8.6 License information in file field 8.6.1 Description
74	8.6.2 Intent 8.6.3 Examples 8.7 Comments on license field 8.7.1 Description
75	8.7.2 Intent 8.7.3 Examples 8.8 Copyright text field 8.8.1 Description
76	8.8.2 Intent 8.8.3 Examples 8.9 Artifact of project name field (deprecated) 8.9.1 Description
77	8.9.2 Intent 8.9.3 Examples 8.10 Artifact of project homepage field (deprecated) 8.10.1 Description 8.10.2 Intent 8.10.3 Examples
78	8.11 Artifact of project uniform resource identifier field (deprecated) 8.11.1 Description 8.11.2 Intent 8.11.3 Examples
79	8.12 File comment field 8.12.1 Description 8.12.2 Intent 8.12.3 Examples 8.13 File notice field 8.13.1 Description
80	8.13.2 Intent 8.13.3 Examples 8.14 File contributor field 8.14.1 Description 8.14.2 Intent
81	8.14.3 Examples 8.15 File attribution text field 8.15.1 Description 8.15.2 Intent
82	8.15.3 Examples 8.16 File dependencies field (deprecated) 8.16.1 Description 8.16.2 Intent
83	8.16.3 Examples 9 Snippet information section 9.1 Snippet SPDX identifier field 9.1.1 Description
84	9.1.2 Intent 9.1.3 Examples 9.2 Snippet from file SPDX identifier field 9.2.1 Description
85	9.2.2 Intent 9.2.3 Examples
86	9.3 Snippet byte range field 9.3.1 Description 9.3.2 Intent 9.3.3 Examples
87	9.4 Snippet line range field 9.4.1 Description 9.4.2 Intent 9.4.3 Examples
88	9.5 Snippet concluded license field 9.5.1 Description
89	9.5.2 Intent 9.5.3 Examples
90	9.6 License information in snippet field 9.6.1 Description
91	9.6.2 Intent 9.6.3 Examples 9.7 Snippet comments on license field 9.7.1 Description 9.7.2 Intent 9.7.3 Examples
92	9.8 Snippet copyright text field 9.8.1 Description 9.8.2 Intent 9.8.3 Examples
93	9.9 Snippet comment field 9.9.1 Description 9.9.2 Intent 9.9.3 Examples
94	9.10 Snippet name field 9.10.1 Description 9.10.2 Intent 9.10.3 Examples 9.11 Snippet attribution text field 9.11.1 Description
95	9.11.2 Intent 9.11.3 Examples 10 Other licensing information detected section 10.1 License identifier field 10.1.1 Description
96	10.1.2 Intent 10.1.3 Examples 10.2 Extracted text field 10.2.1 Description
97	10.2.2 Intent 10.2.3 Examples
98	10.3 License name field 10.3.1 Description 10.3.2 Intent 10.3.3 Examples 10.4 License cross reference field 10.4.1 Description
99	10.4.2 Intent 10.4.3 Examples 10.5 License comment field 10.5.1 Description 10.5.2 Intent 10.5.3 Examples
100	11 Relationships between SPDX elements information section 11.1 Relationship field 11.1.1 Description
105	11.1.2 Intent 11.1.3 Examples
106	11.2 Relationship comment field 11.2.1 Description 11.2.2 Intent 11.2.3 Examples
107	12 Annotations information section 12.1 Annotator field 12.1.1 Description 12.1.2 Intent 12.1.3 Examples
108	12.2 Annotation date field 12.2.1 Description 12.2.2 Intent 12.2.3 Examples
109	12.3 Annotation type field 12.3.1 Description 12.3.2 Intent 12.3.3 Examples 12.4 SPDX identifier reference field 12.4.1 Description
110	12.4.2 Intent 12.4.3 Examples 12.5 Annotation comment field 12.5.1 Description
111	12.5.2 Intent 12.5.3 Examples 13 Review information section (deprecated) 13.1 Reviewer field (deprecated) 13.1.1 Description
112	13.1.2 Intent 13.1.3 Examples 13.2 Review date field (deprecated) 13.2.1 Description
113	13.2.2 Intent 13.2.3 Examples 13.3 Review comment field (deprecated) 13.3.1 Description
114	13.3.2 Intent 13.3.3 Examples
115	Annex A (Informative) SPDX license list A.1 Licenses with short identifiers
130	A.2 Exceptions list
132	A.3 Deprecated licenses
134	Annex B (Informative) License matching guidelines and templates B.1 SPDX license list matching guidelines B.2 How these guidelines are applied B.2.1 Purpose B.2.2 Guideline: official license headers B.3 Substantive text B.3.1 Purpose B.3.2 Guideline: verbatim text
135	B.3.3 Guideline: no additional text B.3.4 Guideline: replaceable text B.3.5 Guideline: omittable text B.4 Whitespace B.4.1 Purpose B.4.2 Guideline B.5 Capitalization B.5.1 Purpose
136	B.5.2 Guideline B.6 Punctuation B.6.1 Purpose B.6.2 Guideline: punctuation B.6.3 Guideline: hyphens, dashes B.6.4 Guideline: quotes B.7 Code comment indicators B.7.1 Purpose B.7.2 Guideline B.8 Bullets and numbering B.8.1 Purpose
137	B.8.2 Guideline B.9 Varietal word spelling B.9.1 Purpose B.9.2 Guideline B.10 Copyright symbol B.10.1 Purpose B.10.2 Guideline B.11 Copyright notice B.11.1 Purpose
138	B.11.2 Guideline B.12 License name or title B.12.1 Purpose B.12.2 Guideline B.13 Extraneous text at the end of a license B.13.1 Purpose B.13.2 Guideline B.14 HTTP protocol B.14.1 Purpose B.14.2 Guideline
139	B.15 SPDX license list B.15.1 Template access B.15.2 Template format
140	Annex C (Normative) RDF object model and identifier syntax C.1 Introduction
141	C.2 Agent and tool identifiers
142	Annex D (Normative) SPDX license expressions D.1 Overview
143	D.2 Case sensitivity D.3 Simple license expressions D.4 Composite license expressions D.4.1 Introduction
144	D.4.2 Disjunctive “OR” Operator D.4.3 Conjunctive “AND” Operator D.4.4 Exception “WITH” Operator
145	D.4.5 Order of precedence and parentheses D.4.6 License expressions in RDF
147	Annex E (Informative) Using SPDX license list short identifiers in source files E.1 Introduction E.2 Format for SPDX-License-Identifier
148	E.3 Representing single license E.4 Representing multiple licenses
150	Annex F (Normative) External repository identifiers F.1 Introduction F.2 Security F.2.1 cpe22Type F.2.2 cpe23Type
151	F.3 Package-Manager F.3.1 maven-central F.3.2 npm F.3.3 nuget
152	F.3.4 bower F.3.5 purl F.4 Persistent-Id F.4.1 swh
153	F.5 Other F.5.1 [idstring]
154	Annex G (Normative) SPDX Lite G.1 Explanation of SPDX Lite G.2 Format of SPDX Lite G.3 Table of SPDX Lite fields
156	Annex H (Informative) SPDX file tags H.1 Rationale H.2 Format
157	H.3 Caveats
158	Annex I (Informative) Differences from previous editions I.1 Differences between V2.2.1 and V2.2
159	I.2 Differences from V2.2 and V2.1 I.3 Differences between V2.1 and V2.0
160	I.4 Differences between V2.0 and V1.2
161	Bibliography

Additional information

Status	Definitive
Pages	162
Publication Date	2021-08-27
ISBN	978 0 539 15700 0
Standard Number	BS ISO/IEC 5962:2021
Title	Information technology. SPDX® Specification V2.2.1
Identical National Standard Of	ISO/IEC 5962
Descriptors	Information technology, Documents, Information transfer, Information exchange, Data transfer, Computer software, Software (computers), Metadata, Data
Publisher	BSI
Committee	ICT/1
ICS Codes	35.080 - Software

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS ISO/IEC 5962:2021

PDF Catalog

Related products