SPDX

An ISO/IEC standard (ISO/IEC 5962:2021) for communicating software bill of materials information, including component identities, licenses, and security references. Originally developed by the Linux Foundation for license compliance, SPDX has expanded to cover security and supply chain use cases. SPDX license identifiers (like "MIT" or "Apache-2.0") are the de facto standard for expressing software license types.