The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

The model for the information captured in SPDX version 3 standard.

ReARM - Release-Level Supply Chain Evidence Platform. SBOMs, xBOMs and every other artifact - stored for 10+ years, versioned and audit-ready.

Automate vulnerability triage which prioritizes remediation over discovery

Data and schema powering the worlds largest collection of SBOM/xBOM products, projects, and services

Secure Supply Chain Consumption Framework (S2C2F) OSCAL Catalog and tool

Common Lifecycle Enumeration

Ecma TC54 Website

This repository will be renamed once an ECMA identifier is assigned to the standard.