# SPDX SBOM export
{% hint style="info" %}
*This feature is only available for* [*SCA Enterprise*](https://debricked.com/pricing/) *users. Already have an account?* [*Click here to upgrade.*](https://debricked.com/app/en/repositories?billingModal=enterprise,free)
{% endhint %}
### **What is SPDX?**
SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information. SPDX reduces redundant work by providing common formats for organizations and communities to share important data, thereby streamlining and improving compliance, security, and dependability.
{% hint style="info" %}
*Unlike the CycloneDX SBOM, the SPDX SBOM does not contain vulnerability information.*
{% endhint %}
#### Dependency relations
The relationships between components are presented in the relationships array. OpenText Core SCA SPDX SBOMs support following two types of relationship objects:
* DESCRIBES which is used for declaring each file and dependency component in the BOM.
* DEPENDENCY\_OF which denotes a direct relationship between two components.
In the objects describing the direct dependencies of a file, the 'relatedSpdxElement' will contain the reference of that file. Relationships between dependencies will instead reference the parent dependency. By traversing the dependencies array, it is possible to build the entire dependency tree.
In the example below, you can see direct dependency *\`webpack-4.28.4\`* referenced as a dependency of a file. Component *\`terser-webpack-plugin-1.2.1\`* is in turn referenced as a dependency of *\`webpack-4.28.4\`* and lastly, *\`terser-3.14.1\`* is a dependency of *\`terser-webpack-plugin-1.2.1\`.*
```
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-bda845e38ee2becb214eaa4c995d4951d755faceb38a4ef6e7092699592d7efe",
"relationshipType": "DESCRIBES"
},
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-pkg-npm-terser-3.14.1",
"relationshipType": "DESCRIBES"
},
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-pkg-npm-terser-webpack-plugin-1.2.1",
"relationshipType": "DESCRIBES"
},
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-pkg-npm-webpack-4.28.4",
"relationshipType": "DESCRIBES"
},
{
"spdxElementId": "SPDXRef-pkg-npm-terser-3.14.1",
"relatedSpdxElement": "SPDXRef-pkg-npm-terser-webpack-plugin-1.2.1",
"relationshipType": "DEPENDENCY_OF"
},
{
"spdxElementId": "SPDXRef-pkg-npm-terser-webpack-plugin-1.2.1",
"relatedSpdxElement": "SPDXRef-pkg-npm-webpack-4.28.4",
"relationshipType": "DEPENDENCY_OF"
},
{
"spdxElementId": "SPDXRef-pkg-npm-webpack-4.28.4",
"relatedSpdxElement": "SPDXRef-bda845e38ee2becb214eaa4c995d4951d755faceb38a4ef6e7092699592d7efe",
"relationshipType": "DEPENDENCY_OF"
}
],
```
Here is how this would be visualised in the user interface:
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.debricked.com/product/exporting-sbom/sbom-export/spdx-sbom-export.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
