Brussels / 4 & 5 February 2023


FOSSology and SPDX

How FOSSology works with SPDX

FOSSology is a open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line or from web UI. FOSSology can generate SPDX SBOM for source code in RDF and tag-value formats, including other reports, and is becoming more SPDX compliant. With the new license naming changes in FOSSology, users can provide more elaborate and correct SPDX License Identifiers for the licenses. The tool has also improved its reporting using SPDX version 2.3 with new fields.

FOSSology uses SPDX reporting formats to generate SBOM for source code. The project has recently improved the reporting by providing users and option to give SPDX License Identifier. This helps in maintaining the SPDX specified format for the reports in FOSSology. Apart from using SPDX reporting formats, FOSSology also supports following SBOM reports:

  • DEP5 format, which is predominantly used within Debian community.
  • CLIXML report, an in-house format, which reports about licensing and related information in XML.


Photo of Gaurav Mishra Gaurav Mishra
Photo of Mohammed Shaheem Azmal Madanapalli Mohammed Shaheem Azmal Madanapalli