Protecode Announces Support for SPDX 2.0 in its Suite of Open Source Software Management Products

Protecode Solutions Ease License Information Exchange Across Software Supply Chain

Protecode, an innovative provider of open source license management systems, and an active member of the Linux Foundation’s Software Package Data Exchange (SPDX) group, today announced its product support for the Software Package Data Exchange (SPDX) 2.0 standard. Sponsored by the Linux Foundation, SPDX is the result of a collaborative effort to create a standard format for communicating components, licenses, and copyrights associated with a software package.

As an early member of the SPDX standards committee and through its continued participation, Protecode contributed code that implements functionality used for reading, writing, and confirming SPDX files. Protecode introduced SPDX support in its products back in 2011 when the first version of the standard was ratified.

The ability to read and generate SPDX information by Protecode solutions eases the exchange of software component information across the software supply chain, allowing for a simpler license compliance process. With today’s launch of the latest version of the standard, Protecode is continuing its support of open source scanning and management tools with the adoption of SPDX 2.0 in its products.
“Emergence of standardized methods that communicate a software product structure and its Bill of Materials highlight the natural evolution of software as a commodity component that is created and consumed by software factories,” said Mahshad Koohgoli, CEO, Protecode. “Protecode’s participation in Linux Foundation’s SPDX initiative, and its membership in the Linux Foundation’s Open Compliance Program, shows our ongoing commitment to the software and open source communities by assisting and contributing to improving quality in reusable software, and encouraging adoption of open source in public and commercial projects.”

Both Protecode Enterprise System and Protecode Compact products can generate various formats of SPDX files for software components used in a project. These solutions can detect the presence of SPDX files in software packages, read and interpret them, and highlight the licensing and copyright information extracted from the SPDX files.

For more information, visit:

About Protecode
Protecode provides products and services for managing open source software attributes including open source software licenses and security vulnerabilities. Protecode solutions enable accurate and fast code scanning in real-time and on-demand, delivering policy-based reports on obligations and security vulnerabilities in code portfolios. Built for ease-of-use, integration and minimal intrusion into existing development processes, Protecode products have been deployed in hundreds of organizations worldwide, from just a few developers to multinational organizations with more than 100,000 employees. Protecode is headquartered in Ottawa, Canada, with reseller partners worldwide.