ISO IEC 5962-2021 Information technology — SPDX® Specification V2.2.1.
4.4 Standard data format requirements
The data format specification and recommendations are subject to the following constraints:
— Shall be in a human readable form.
— Shall be in a syntax that a software tool can read and write.
— Shall be suitable to be checked for syntactic correctness automatically, independent of how it was generated (human or tool).
— The SPDX document character set shall support UTF-8 encoding.
— Multiple serialization formats may be used to represent the information being exchanged. Current supported formats include:
— YAML 1.2 see: https://yaml.org/spec/1.2/spec.html
— JavaScript Object Notation (JSON) see: ECMA-404
— The JSON Schema for SPDX can be found in the SPDX Spec Git Repository Schema directory
— Resource Description Framework (RDF also referred to as RDF/XML) see: https://www.w3.org/TR/rdf-syntax-grammar/
— tag:value flat text file as described in this specification
— .xls spreadsheets
— In addition to the supported formats, the following format is in development with a plan to complete the specification in the next release:
— Extensible Markup Language (XML) see: https://www.w3.org/TR/2008/REC-xml- 20081126/
— Interoperability between all the supported file formats shall be preserved. SPDX defines how to validate a document in each supported format, and how to translate a valid document without loss to each other supported format.
4.5 Trademark Compliance To be designated an SPDX document, a file shall comply with the requirements of the SPDX Trademark License (See the SPDX Trademark Page). The official copyright notice that shall be used with any verbatim reproduction and/or distribution of this SPDX Specification 2.2.1 is: “Official SPDX® Specification 2.2.1 Copyright © 2010-2020 Linux Foundation and its Contributors. Licensed under the Creative Commons Attribution License 3.0 Unported. All other rights are expressly reserved.” The official copyright notice that shall be used with any non-verbatim reproduction and/or distribution of this SPDX Specification 2.2.1, including without limitation any partial use or combining this SPDX Specification with another work, is: “This is not an official SPDX Specification. Portions herein have been reproduced from SPDX® Specification 2.2.1 found at spdx.dev. These portions are Copyright © 2010-2020 Linux Foundation and its Contributors, and are licensed under the Creative Commons Attribution License 3.0 Unported by the Linux Foundation and its Contributors. All other rights are expressly reserved by Linux Foundation and its Contributors.”
4.6 The SPDX Lite profile Rather than conforming to this whole specification, an implementation may conform with SPDX Lite only, a profile that defines a subset of the SPDX specification. SPDX Lite aims at the balance between the SPDX standard and actual workflows in some industries. See Annex G for more information.ISO IEC 5962 pdf download.