What is SPDX (Software Package Data Exchange)?
Updated
Linux Foundation-led SBOM standard. SPDX 3 (2024) added AI extensions but tooling adoption lags CycloneDX 1.6.
Full explanation
SPDX is the Linux Foundation's SBOM format. SPDX 3 added AI extensions (model packages, datasets, AI use cases) but tooling support is younger than CycloneDX 1.6 in 2026.
Example
Many enterprises still use SPDX 2.3 for general SBOMs; AI extensions in SPDX 3 are emerging.
FAQ
Should I emit both?
Generally not necessary — pick one. CycloneDX 1.6 for AIBOM is the safer 2026 choice for tooling maturity.