Procurement & Vendor Management
Purchase orders, vendor onboarding, third-party risk, and SaaS spend management.
For accounts payable / bill pay see Expense Management. For broader compliance / vendor security review see Compliance. For inventory after goods are received see Inventory & Asset Management.
Open source / self-host
- ★ ERPNext Buying — POs, supplier quotes, supplier scorecards, request-for-quotation flows; tied to inventory + accounting. GPLv3. Default OSS pick if you'll grow into ERPNext.
- ★ Odoo Purchase — Community-free; vendor bills, POs, blanket orders.
- Dolibarr Suppliers — basic; passable for small SMBs.
- OFBiz — has a purchasing module; heavyweight.
- Snipe-IT — handles vendor + warranty info on assets; see Inventory & Asset Management.
- Tradogram Free — hosted; not OSS but free for small teams.
Hosted procurement (free tiers / SMB)
- ★ Tradogram Free — up to 1 user free; full procurement (POs, requisitions, vendors, contracts).
- Procurify — paid; free trial; modern UX.
- Coupa — enterprise incumbent; expensive.
- Ivalua — enterprise.
- SAP Ariba — enterprise.
- Precoro, Spendwise, ProcurementExpress — SMB-friendly; paid.
- Pivot — modern French / EU procurement; paid.
SaaS spend / vendor management (the modern subset)
- ★ Vendr — SaaS-buying-as-a-service; paid; runs negotiations on your behalf.
- ★ Cledara — SaaS spend visibility + cards; small free tier.
- Spendflo, Tropic, Sastrify — competitors; paid; some include negotiation.
- Zip — modern intake + procurement; paid.
- Productiv, Zylo, Torii, BetterCloud — SaaS management platforms (SMP); discovery + license optimization; paid.
- Vanta Vendor Risk / Drata Vendor Management — bundled with compliance; see Compliance.
Vendor risk / third-party risk (TPRM)
- ★ Vanta / Drata Vendor Risk — bundled with the compliance platform; the SMB default.
- SafeBase — vendor security review automation; trust portal.
- Whistic, OneTrust Third-Party Risk, Prevalent, ProcessUnity, ProcessBolt — dedicated TPRM; paid.
- UpGuard, Bitsight, SecurityScorecard — external security ratings; paid.
Vendor onboarding / W-9 / KYB
- Middesk — KYB / business verification; paid; free trial.
- Persona — KYB + KYC; pay-per-verification.
- Routable, Tipalti, Bill.com — collect W-9 / W-8 + payment details on vendor onboarding.
- DocuSign / Documenso / DocuSeal for the paper bits — see E-Signing.
RFP / RFQ tools
- Loopio, Responsive (formerly RFPIO) — vendor-side (responding to RFPs); paid.
- Buyer-side RFP — usually handled inside the procurement platform (Coupa, Procurify, Tradogram).
- Olive — modern enterprise procurement / RFQ; paid.
Patterns to know
- Three quotes for purchases above $X. Common policy threshold; ERPNext / Tradogram automate the comparison.
- PO before invoice, always. Don't pay invoices that don't match an open PO; basic fraud control.
- Annual vendor review. Scope cuts, renewal-shopping, security re-attestation.
- Centralize SaaS contracts. A single spreadsheet of "vendor / cost / renewal date / owner / contract" beats most $30k SMP tools at under $5M ARR.
- Single point of contact per vendor. "Whose tool is this?" is the question that kills shadow SaaS.
- Auto-renew clauses bite. Track them in Contract Management and disable when reasonable.
License watch-outs
- ERPNext is GPLv3.
- Odoo Community is LGPLv3 (modules vary).
- Dolibarr is GPLv3.
Pick this if…
- Default OSS, will grow: ERPNext Buying or Odoo Purchase.
- Free hosted SMB procurement: Tradogram Free.
- Mid-market, paid procurement: Procurify or Precoro.
- SaaS-spend specifically: Cledara or Vendr.
- Vendor security / TPRM: Vanta / Drata vendor risk + SafeBase trust portal.
- You're under $5M ARR with under 30 SaaS tools: a Notion / Sheets vendor list is fine; come back when it isn't.