TPS components are frequently updated with the release of new service packs and product versions. It is highly important for Security and IT teams to ensure that the TPS components used in Spotfire products are not compromised or vulnerable.

Locating the correct documentation to find the list of TPS components and their exact versions used in a specific Spotfire product is a necessary first step in determining internal risk assessments and further action plans.

Doc: Spotfire Documentation

• https://www.spotfire.com/docs 

1. Spotfire Software Bill of Materials (SBOM)
Since the release of Spotfire 14.8.0 and higher (as well as Spotfire 14.6.2 and above), Spotfire Software Bill of Materials (SBOMs) are available from the Spotfire downloads site for every product component release.

SBOM files list the third-party source software components, versions, and licenses included within the Spotfire platform. These are provided in the standard Software Package Data Exchange (SPDX) format, a machine-readable format designed for the exchange of software component and license information.

Example 1: Spotfire Industry Pro > 14.8.0 > Individual file download > SPOT_sfire-app_14.8.0_sbom.spdx.json

Example 2: Spotfire Enterprise > 14.8.0 > Individual file download > SPOT_sfire_server_14.8.0_sbom.spdx.json

2. Product Release Notes
For all versions of Spotfire products, the Release Notes for each product component can be referenced. The release notes contain a "Third Party Software Updates" section, which provides detailed information about the versions and updates made to third-party software. This file is available with every product component release.

You can find the release notes in the Spotfire documentation > All Spotfire products.  Navigate to the docs of the concerned product.

3. License Agreement Files
For all versions of Spotfire products, the "License Agreement" file can also help identify information regarding the TPS components used and their versions. This file is available with every product component release.

You can find the release notes in the Spotfire documentation > All Spotfire products. Navigate to the docs of the concerned product.

Security and IT teams often need to ensure that Spotfire products are secure by identifying any vulnerabilities associated with Third-Party Softwares (TPS) used in the platform. This article explains where to find the exact TPS components and versions included in your specific Spotfire release.