Software Package Data Exchange
System Package Data Exchange (SPDX, formerly Software Package Data Exchange) is an open standard capable of representing systems with digital components as bills of materials (BOMs). First designed to describe software components, SPDX can describe the components of software systems, AI models, software builds, security data, and other data packages.
Source: Wikipedia — Software Package Data Exchange (CC BY-SA 4.0)