This page has a list of commercial tools that support SPDX. To have your tool listed contact the outreach team and follow the instructions.
The Black Duck® Suite automates open source governance and compliance, helping organizations speed development, lower costs and accelerate innovation by maximizing the benefits of open source. The Suite automates key processes including: code acquisition, approval, scanning, validation, cataloging and monitoring. It is highly scalable and can support development teams of any size, whether co-located or geographically distributed, and can be deployed on premises or as software as a service (SaaS).
The Source Auditor Scanning tool will analyze source code and produce a detailed report of open source code matches. In addition to the identification features, the Source Auditor tool can determine if any copy-left licensed source code is deployed and/or linked to commercial software through analysis of the deployed binary files. The reports can be exported as a PDF report, an Excel spreadsheet, an SPDX tag/value format file, an SPDX RDF file, and as an SPDX Excel spreadsheet. Source Auditor also offers services to customize the output for customer specific needs.