cargo-spdx is currently in development and not yet ready for use.

cargo-spdx provides a cargo subcommand to generate an SPDX Software Bill of Materials (SBOM) for a Rust crate.

cargo spdx creates an SBOM for the current crate.

cargo spdx build wraps cargo build, producing SBOMs for each produced binary.

See cargo spdx --help for more detail.

Anyone is welcome to contribute. You can find the list of open issues in the issue tracker, or talk with the developers on the Rust Secure Code Working Group Zulip channel. Make sure to mention cargo-spdx or to tag alilleybrinker.

cargo-spdx is dual-licensed with the MIT or Apache 2.0 licenses.