Contact

Administration

Software & Licenses

Track installed software across your fleet, manage version lifecycle, maintain license entitlements, deploy software to hosts, and reconcile usage against purchased licenses.

Technical Manual
Status: Available

Prerequisites

  • Role with software.view (read-only access to software library, versions, installers, and licenses)
  • Role with software.manage (create, update, delete software entries, versions, installers, licenses, and deploy/uninstall software)
  • At least one organization configured (licenses are scoped to an organization)
  • Agents deployed on target hosts (required for software inventory collection and deployments)

Software library

The software library is a centralized catalog of all software titles tracked by your organization. Each entry represents a distinct software product identified by its vendor and name.

How software entries are created

Software entries can be created in two ways:

  • Manual creation -- navigate to Software and click Add Software. Enter the vendor, name, and optional details like product family or support URL.
  • Agent inventory -- the SPOG agent periodically collects installed software from each host. Raw inventory data is stored separately and can be reconciled against the managed library.

Browsing the library

  1. Navigate to Software to see the full catalog.
  2. Use the Search field to filter by vendor, name, or product family.
  3. Use the License Type dropdown to filter by licensing model (per-device, per-user, site, etc.).
  4. Each entry shows the number of tracked versions and associated license records at a glance.

Software detail view

Click a software entry to view its full details, including all tracked versions, associated installers, and license records. From the detail view you can edit the entry, add versions, manage installers, or configure licenses.

Vendor + Name uniqueness Each software entry must have a unique vendor/name combination. Attempting to create a duplicate will be rejected. This ensures clean catalog management and prevents confusion between different products.

Version tracking

Each software entry can have multiple versions tracked. Version records capture lifecycle information such as release dates, end-of-life dates, and support status.

Adding a version

  1. Open the software detail view.
  2. Navigate to the Versions section and click Add Version.
  3. Enter the version string (e.g. 14.2.1), optional release edition (e.g. "Enterprise", "Professional"), and lifecycle dates.
  4. Toggle Latest Version to mark this as the current recommended version. Only one version can be marked as latest at a time -- enabling it automatically unmarks the previous latest.
  5. Click Save.

Version lifecycle fields

Version The version string (e.g. 21H2, 3.2.1, 2024.1).
Release Edition Optional edition or SKU name (e.g. "Enterprise", "Professional", "Standard").
Release Date When this version was released by the vendor.
End of Life Date When the vendor stops all updates for this version. Software past EOL is a compliance risk.
End of Support Date When the vendor stops providing technical support. May differ from end of life.
Latest Version Marks this as the current recommended version. Only one version per software can be flagged as latest.
Supported Whether this version is still actively supported. Unsupported versions may trigger compliance alerts.
Changelog Free-text notes about what changed in this version.

Seeing which hosts run which versions

The agent collects installed software inventory from each host during its regular host info collection cycle. You can see software installed on a specific host from the host detail page under the Software tab. The managed software view cross-references agent-reported installs against the library to show version distribution across your fleet.

License management

License records track your software entitlements and usage per organization. Each license is tied to a specific software entry and scoped to a single organization for multi-tenant isolation.

Creating a license record

  1. Open the software detail view.
  2. Navigate to the Licenses section and click Add License.
  3. Select the Organization this license belongs to.
  4. Enter the License Key. The key is encrypted at rest using AES-256-GCM -- it is never displayed in cleartext after saving.
  5. Set the License Type (per-device, per-user, site, concurrent, volume, etc.).
  6. Enter the Entitlement Count -- the total number of licenses purchased.
  7. Optionally fill in purchase details: PO number, purchase date, cost, vendor contact, and notes.
  8. Click Save.

Tracking entitlements vs. actual installs

Each license record tracks two key numbers:

  • Entitlement Count -- the total licenses purchased (what you paid for).
  • Used Count -- the number of licenses currently consumed (based on installations).

The platform computes Available Licenses as the difference between these two values. When used count exceeds the entitlement, you are over-licensed and should purchase additional seats or remove installations.

License reconciliation

License usage can be reconciled against actual host installations. This recalculates the used count for each license based on the current state of agent-reported software inventory.

  1. Navigate to Software > License Reconciliation.
  2. Click Reconcile Now. The platform scans all managed software installations and updates used counts across all license records.
  3. Review the reconciliation summary which shows each license that was updated and its new used count.
Run reconciliation after bulk changes After a bulk software deployment, uninstall, or agent inventory sync, run license reconciliation to ensure used counts are accurate. Stale counts lead to incorrect compliance reporting.

License expiration

Licenses with an expiration date are automatically flagged as expired once past their date. Expired licenses remain visible in the list and are marked accordingly. Review and renew expired licenses to maintain compliance.

Software deployment and uninstall

Cadres can deploy software to managed hosts and uninstall it remotely. Because the backend is cloud-hosted SaaS and cannot reach into customer networks directly, all installation and uninstall operations are dispatched as agent jobs.

Installers

Before deploying software, you must configure at least one installer for the target version. Installers define how the software is installed on each OS platform.

  1. Open the version detail view.
  2. Navigate to the Installers section and click Add Installer.
  3. Select the OS Type (Windows, Linux, macOS).
  4. Optionally specify OS Version and Architecture (x64, x86, ARM64) for precise targeting.
  5. Enter the Installer URL (where the agent can download the package) and optionally the SHA-256 Hash for integrity verification.
  6. Configure Silent Install Arguments (e.g. /S /norestart) and Uninstall Arguments.
  7. Click Save.

Deploying to hosts

  1. Open the software version you want to deploy.
  2. Click Deploy.
  3. Select target hosts. The platform auto-matches each host to the correct installer based on its OS type and architecture. If no matching installer exists for a host, that host is skipped.
  4. Optionally override the auto-matched installer by selecting a specific one.
  5. Set the job priority (low, normal, high, critical).
  6. Click Deploy. Installation jobs are created for each valid host and dispatched to the agents.
  7. Monitor deployment progress in the Jobs view.

Uninstalling software

  1. Open the software entry.
  2. Click Uninstall.
  3. Select target hosts.
  4. The platform uses the installer's uninstall arguments to create removal jobs. If no uninstall arguments are configured, the operation will fail.
  5. Monitor progress in the Jobs view.
Architecture-aware matching When deploying, the platform matches installers to hosts using a two-level lookup: first by OS type + architecture (e.g. Windows x64), then falling back to OS type alone if no architecture-specific installer exists. This ensures the correct package is sent to each host without manual intervention.

Software inventory reconciliation

The agent collects raw installed software data from each host. You can trigger a reconciliation job to refresh the agent's software inventory on demand.

Single-host reconciliation

  1. Navigate to the software section or host detail page.
  2. Click Reconcile for the target host.
  3. A reconciliation job is dispatched to the agent, which re-scans installed software and reports back.
  4. Only one reconciliation job can be pending per host at a time -- duplicate requests are rejected to prevent unnecessary load.

Bulk reconciliation

  1. Select multiple hosts or specify a host group.
  2. Click Reconcile Software.
  3. Jobs are created for each host that doesn't already have a pending reconciliation. Hosts that are already being reconciled are skipped.
  4. The response shows how many jobs were created and how many hosts were skipped.

Software patching link

Software versions can have associated patch records that track security updates, hotfixes, and feature patches. This creates a direct link between the software library and patch management.

Patch records

Each version can have multiple patches linked to it. Patch records capture:

  • Patch ID -- the vendor's identifier (e.g. KB number, CVE ID).
  • Patch Type -- Security, Critical, Feature, or Hotfix classification.
  • Severity -- Critical, Important, Moderate, or Low.
  • CVE References -- linked vulnerability identifiers for correlation with the vulnerability management module.
  • Supersede Chain -- patches can be marked as superseded by newer patches, maintaining a clean chain of updates.

Patch installers

Like software installers, each patch can have its own installation packages configured per OS. This allows patch deployment through the same agent job mechanism used for software deployment.

Relationship to Patch Management Software patches in the library are distinct from the autonomous patch management pipeline (available patches, ring sets, deployments). The library tracks vendor-published patches at the catalog level, while Patch Management handles the operational deployment lifecycle. They complement each other -- the library provides the "what", patch management handles the "when and how".

Field reference

Software library fields

Vendor The software publisher or manufacturer (e.g. "Microsoft", "Adobe", "Mozilla").
Name The product name (e.g. "Office 365", "Acrobat Pro", "Firefox").
Description Optional free-text description of the software.
License Type Default licensing model: per-device, per-user, site, concurrent, volume, or other.
Product Family Optional grouping label (e.g. "Microsoft 365 Suite", "Creative Cloud").
Support URL Link to the vendor's support or product page.
Vendor Product ID The vendor's own product identifier or SKU, useful for procurement and vendor communication.
Version Count Number of tracked versions for this software (computed, read-only).
License Count Number of license records associated with this software (computed, read-only).

Installer fields

OS Type Target operating system: windows, linux, or darwin.
OS Version Optional minimum OS version requirement (e.g. "10.0", "22.04").
Architecture Target CPU architecture: x64, x86, or arm64.
Installer Type Package format: msi, exe, deb, rpm, etc.
Installer URL Download URL for the installer package. Must be accessible by the agent on the host.
SHA-256 Hash Optional integrity hash for verifying the download.
Size (MB) Installer file size for bandwidth planning.
Silent Install Arguments Command-line arguments for unattended installation (e.g. /S /norestart).
Uninstall Arguments Command-line arguments for unattended removal. Required for the uninstall feature to work.
Requires Reboot Whether the installation requires a host reboot to complete.

License fields

Organization The organization this license belongs to. Licenses are tenant-isolated.
License Key The product activation key. Encrypted at rest and never displayed after saving.
License Type Licensing model for this specific license record (per-device, per-user, site, concurrent, volume, etc.).
Entitlement Count Total number of licenses purchased.
Used Count Number of licenses currently in use based on installations. Updated via reconciliation.
Available Licenses Remaining unused licenses (Entitlement Count minus Used Count). Computed automatically.
Expiration Date When this license expires. Expired licenses are flagged automatically.
Purchase Order Number PO reference for procurement tracking.
Purchase Date When the license was purchased.
Cost Purchase cost for budgeting and reporting.
Vendor Contact Contact information for the license vendor or reseller.
Notes Free-text notes about this license (renewal terms, special conditions, etc.).

Permissions

Permission Allows
software.view View the software library, versions, installers, and license records
software.manage Create, update, and delete software entries, versions, and installers. Create and manage license records. Deploy and uninstall software on hosts. Trigger inventory and license reconciliation.

Troubleshooting

Symptom Cause Fix
Software not appearing in host inventory Agent has not yet reported software data Wait for the next host info collection cycle (approximately 5 minutes), or trigger a manual software reconciliation for the host.
License used count seems wrong Counts are stale after deployments or uninstalls Run license reconciliation to recalculate used counts from current agent inventory data.
Deployment skips some hosts No matching installer for the host OS/architecture Add an installer that matches the skipped host's OS type and architecture. Check the host detail page to confirm its reported OS and architecture.
Uninstall job fails No uninstall arguments configured on the installer Edit the installer and add the correct uninstall arguments for the software (e.g. /X /S for MSI, apt remove -y for Debian packages).
Duplicate software entry rejected Same vendor + name combination already exists Search the library for the existing entry. Use the existing entry or update it instead of creating a duplicate.
License key not visible after saving Keys are encrypted at rest and never displayed This is by design for security. If you need to verify the key, update it with the correct value.
Reconciliation job rejected A reconciliation job is already pending for that host Wait for the existing reconciliation job to complete before requesting another. Check the Jobs view for the pending job's status.
Cannot create license for an organization Insufficient permissions or organization not accessible Verify your role has software.manage permission and that you have access to the target organization.