This page has a list of commercial tools that support SPDX. To have your tool listed contact the outreach team and follow the instructions.
The Black Duck® Suite automates open source governance and compliance, helping organizations speed development, lower costs and accelerate innovation by maximizing the benefits of open source. The Suite automates key processes including code acquisition, approval, scanning, validation, cataloging, and monitoring. It is highly scalable and can support development teams of any size, whether co-located or geographically distributed and can be deployed on-premises or as software as a service (SaaS).
The Source Auditor Scanning tool will analyze source code and produce a detailed report of open source code matches. In addition to the identification features, the Source Auditor tool can determine if any copy-left licensed source code is deployed and/or linked to commercial software through analysis of the deployed binary files. The reports can be exported as a PDF report, an Excel spreadsheet, an SPDX tag/value format file, an SPDX RDF file, and as an SPDX Excel spreadsheet. Source Auditor also offers services to customize the output for customer specific needs.