Open source management and governance company Black Duck Software has announced support for the beta release of the Software Package Data Exchange (SPDX) open source standard.
The standard, which is being developed under the watch of the SPDX Working Group of the Linux Foundation, is intended to provide a "uniform approach for documenting and sharing metadata".
It is hoped that developers will use SPDX to "communicate" information relating to the content of software packages exchanged with other organizations, a critically important step (so says Black Duck) towards enabling supply chain efficiency and collaboration.
Black Duck does in fact co-chair the SPDX Working Group and says that it supports the beta test by implementing SPDX in the Black Duck Suite, which will generate SPDX output as part of its reporting process.
"Going beyond the current (beta) SPDX definition — and based on early feedback from customers — Black Duck is testing additional capabilities as part of the beta process. Black Duck's SDK enables integration with the most popular build tools, allowing developers to generate an SPDX document and package the associated software as part of their existing build processes," said Phil Odence, vice president, business development, Black Duck Software.