Skip to main content

Use the software catalog

The catalog is the master library of every software product approved for use in your organization. Each product holds its publisher, category, licensing model, compliance flags, legal URLs, and an optional AI security grade. Licenses you track for seats, cost, and renewals link back to a catalog product. To manage those licenses, see Manage software licenses.

:::note Before you begin

  • You need an admin, IT admin, or super admin role. The catalog lives in the admin console at /admin/catalog, under Software → Catalog.
  • Only the product name is required, so you can add a minimal entry now and fill the rest in later.
  • The AI features on this page (auto-find legal URLs, add from contract, security grade) need the AI master toggle on and an Anthropic API key set. See AI features below. :::

Find a product

The catalog opens as a grid of product cards. Each card shows the icon, name, publisher, category, license count, and any security grade, PII, or Critical flag set on the product.

  1. In the admin console, open Software, then select the Catalog tab.
  2. Type in the search box to match by name, publisher, or category.
  3. Use the category dropdown to narrow to one category. It lists only categories already in use.
  4. Select Apply. To clear the search and filter, select Clear.

Cards are sorted by name and paginated 30 per page.

Add a product

  1. On the catalog page, select Add to catalog.
  2. Enter the Name — the only required field, for example Microsoft 365.
  3. Fill in any other details. See the field reference below.
  4. Select Add to catalog. To leave without saving, select Cancel.

On save, the platform returns you to the catalog with a confirmation such as 'Microsoft 365' added to catalog.

tip

Leave Slug blank and the platform generates one from the name. Leave Icon URL blank and it falls back to the simple-icons slug, then the website favicon, then a letter avatar — so you rarely need to set an icon by hand.

Field reference

The form is split into five sections. Only Name is required; the licensing-model and security-classification dropdowns come pre-selected.

Software details

FieldRequiredDefaultNotes
NameYesMax 191 characters.
SlugNoAuto-generatedMust be unique across the catalog; max 191 characters.
PublisherNoVendor name, e.g. Microsoft. Max 191 characters.
CategoryNoFree text, e.g. Productivity, CAD, Communication. Drives the category filter. Max 128 characters.
WebsiteNoMust be a valid URL; max 255 characters.
DescriptionNoShort description of what the software does. Max 2,000 characters.

Branding

FieldRequiredDefaultNotes
Icon slug (simple-icons)NoA simple-icons slug, e.g. figma, slack. Max 128 characters.
Icon URL (override)NoA direct image URL; overrides the slug. Leave blank to use the slug, favicon, or letter fallback. Max 500 characters.
Brand colourNoHex colour, e.g. #F24E1E, used as the icon background tint. Max 32 characters.

Licensing model

FieldRequiredDefaultNotes
License typeYesSubscriptionOne of: Perpetual, Subscription, SaaS, Open source, Freeware, Trial, Volume, OEM.
Installation typeYesDesktopOne of: Desktop, Web, Mobile, Server, Cloud, Extension.
Security classificationYesInternalOne of: Public, Internal, Confidential, Restricted.

Compliance flags

Each flag is a checkbox, off unless noted. Stores or processes PII and Business critical surface as the PII and Critical badges on the product card.

FlagDefaultNotes
Requires manager approvalOffMarks the product as needing approval before use.
Approved for use in your organizationOnNew products are approved by default.
Stores or processes PIIOffShows the PII badge on the card.
Business criticalOffShows the Critical badge on the card.

Per-product policy URLs for due-diligence reviews. All are optional; empty fields are skipped on save. Each must be a valid URL, max 500 characters.

FieldNotes
Terms of Service / T&CVendor terms, e.g. https://vendor.com/terms.
Privacy PolicyVendor privacy policy.
Data Processing Agreement (DPA)GDPR Article 28 contract.
Security overview / Trust CenterWhere the vendor publishes SOC 2, ISO 27001, and pentest results.
Sub-processors listGDPR Article 28(2) sub-processor list.
tip

Filling the Legal and compliance URLs feeds the AI security grade — the evaluator reads the vendor's published policies. The more URLs you record, the better the grade.

When AI features are enabled, the Legal and compliance card shows an Auto-find with AI button that looks up the five policy URLs from the vendor's site.

  1. On the add or edit form, enter at least the Name (and ideally Publisher and Website — they sharpen the search).
  2. In the Legal and compliance card, select Auto-find with AI.
  3. Wait for the lookup. The button reads Searching… while it runs.
  4. Review the filled fields, then select Add to catalog or Save changes to persist them.

The lookup fills only fields that come back and are currently empty — it never overwrites a URL you typed. A confirmation reports how many fields were filled, or that no new URLs were found.

Add a product from a contract

Upload a contract PDF and let the platform extract the name, publisher, category, license type, and legal URLs, so you fill the form by hand far less often. Nothing is saved until you review the extracted values.

note

This feature needs AI features enabled. The upload screen shows a green banner when the extractor is ready and a red banner — with a pointer to the right setting — when it isn't.

  1. On the catalog page, select Add from contract.
  2. Check the banner to confirm the extractor is ready.
  3. Under Contract PDF, choose a PDF of an MSA, EULA, Order Form, or SaaS subscription agreement.
  4. Select Upload & extract.
  5. Wait for extraction — usually 5 to 15 seconds. You land on the Add to catalog form with fields pre-filled and a banner naming the source file.
  6. Review every field, correct anything wrong, then select Add to catalog.

To skip extraction and type the form yourself, select Skip — fill manually.

Upload form

FieldRequiredDefaultNotes
Contract PDF (file)YesPDF only. Max 15 MB.
warning

Treat extracted values as a draft, not the truth. The contract itself is not stored — only the extracted fields, held in your session and cleared once the form loads. Review every pre-filled field before you save.

Grade a product's security and compliance

On an existing product, the Security & Compliance Evaluation panel grades the vendor A–F across security posture (SOC 2 / ISO / breach history), GDPR and data protection, vendor risk, contractual risk read from attached documents, and AI-usage-policy adherence. The grade is saved on the product and shown on its catalog card.

note

The panel appears on the edit form only — a new product has nothing to evaluate until it's saved — and needs AI features enabled.

  1. Open a product and select Edit.
  2. Scroll to Security & Compliance Evaluation. The panel lists any contracts or invoices (PDFs) attached to the product's licenses that will feed the run.
  3. Select Run AI evaluation (or Re-evaluate if a grade already exists).
  4. Confirm the prompt. The run takes 10 to 30 seconds, after which the page reloads with the verdict.

The saved verdict shows the grade, a risk level, a summary, rationale, strengths, concerns, recommendations, and any policy flags. It persists, so the panel renders the last result without re-running.

warning

The grade is generated by AI and is advisory. Your Legal and IT teams remain accountable for final approval — treat the verdict as input to a review, not the decision.

The evaluator reads the product's recorded legal URLs and up to a handful of the most recent license PDFs (capped per file; photos excluded). With nothing attached, it relies on web search and the recorded URLs alone. To attach contracts and invoices to a license, see Manage software licenses.

Edit or remove a product

To edit a product, select Edit on its card. The edit form is the same as the add form, plus the security evaluation panel and a Linked licenses list that shows every license recorded against the product — each links to its license detail page.

To remove a product, select Remove on its card and confirm. Remove appears only when the product has no licenses. To delete a product that has licenses, first remove or reassign those licenses; the platform refuses the deletion otherwise.

AI features

The AI affordances on this page — Auto-find with AI, Add from contract, and Run AI evaluation — share two requirements:

RequirementWhere to set itDefault
AI master toggle onSettings → AI featuresOff — an admin must opt in.
Anthropic API key setSettings → DocumentsNone.

With the master toggle off or no key set, these buttons are hidden or disabled and the relevant banner points you to the setting to fix. The rest of the catalog — adding, editing, searching, and removing products — works without AI.

Troubleshooting

SymptomWhat to do
Add from contract banner is redAI features are off or no key is set. Turn the master toggle on under Settings → AI features, and set a key under Settings → Documents. Until then, use Add to catalog to fill the form manually.
Auto-find with AI or the evaluation button is missingSame cause — AI features aren't fully enabled. Check the master toggle and key.
Auto-find with AI filled nothingThe lookup found no new URLs, or your fields already held values. It never overwrites existing entries.
Form reloads with Name highlightedEnter a name — the only required field — then save again.
Save rejected because the slug is takenAnother product uses that slug. Enter a different one, or clear the field to auto-generate a unique slug.
No Remove button on a productThe product has licenses, so it can't be deleted. Remove or reassign its licenses first.
Upload rejectedThe contract must be a PDF no larger than 15 MB.
Software overviewHow the catalog, licenses, and assignments fit together.Read →Manage software licensesTrack seats, cost, and renewals against a catalog product.Read →Assign and revoke licensesGive a license seat to a person and take it back.Read →Audits and utilizationFind unused seats and run a license audit.Read →