Monitor third-party dependencies for vulnerabilities

In addition to addressing security vulnerabilities in its own software, Perforce monitors third-party dependencies for security vulnerabilities to help address issues on a timely basis. Perforce also monitors end-of-life schedules for third-party dependencies to help ensure currency.

Common Vulnerabilities and Exposures (CVE) information for all Perforce products can be found on the Security CVEs page and any CVEs for P4 Code Review can be found on the P4 Code Review (Helix Swarm) page. Details about CVE fixes are announced in the product release notes. The Perforce CVE list includes only zero-day CVEs. These are CVEs that directly impact the Perforce products for which CVE data is published.

If a Software Bill of Materials (SBOM) containing more information about the third-party software is required, contact the Perforce Security team at security@perforce.com.

To help avoid security issues, ensure that your Perforce software is current. You can find information about the latest releases in What’s new in P4 Code Review.