Support

• P

  Question About Vulnerability Assessment Expiry Behavior in ProGet
  2 days ago • pooyan.zamanian_1706   about 13 hours ago

  2
  0
  Votes
  2
  Posts
  8
  Views

  about 13 hours ago

  Hi @pooyan-zamanian_1706, Sorry on the slow reply, I tried to quickly reproduce it but it worked as expected -- but I must have done something wrong. Then I realized we can just ask for your analysis logs. On this particular package, can you do a "Re-Analyze" (in the drop-down button) and then share the logs from that? That will help us identify exactly what's going on. But overall you are correct... once an assessment expires, it should be treated as if it were unassessed, which in your caase, would mean a noncompliant / blocked package. Thanks, Alana
• U

  docker.osgeo.org/geoserver:2.27.x
  2 days ago • udi.moshe_0021   2 days ago

  2
  0
  Votes
  2
  Posts
  6
  Views

  2 days ago

  Hi @udi-moshe_0021, Do you see any errors logged in the diagnostics center in ProGet? I did a test of pulling the image using Docker and the Pull Tag button in ProGet and they both worked in my case. I'm thinking you might be rate limited by docker.osgeo.org in your ProGet instance. Thanks, Rich
• V

  Packages not found after upgrading to 2024.29
  12 days ago • v.makkenze_6348   4 days ago

  8
  0
  Votes
  8
  Posts
  30
  Views

  4 days ago

  Hi @v-makkenze_6348, Glad to hear it! Thanks, Rich
• D

  (500) Server Error When editing description of a Universal Package
  15 days ago • daniel.pardo_5658   5 days ago

  5
  0
  Votes
  5
  Posts
  19
  Views

  D 5 days ago

  Thank you so much!
• F

  Otterscript: Usage of Success exit code or EXEC operation - clarifications
  5 Jun 2024, 09:06 • fabio.xodo_3872   9 days ago

  12
  0
  Votes
  12
  Posts
  52
  Views

  S 9 days ago

  Hi Alana, This seems to work for what I am trying to accomplish. Thanks! Scott
• P

  Maven Policy not blocking Noncompliant packages
  10 days ago • parthu.reddy   9 days ago

  4
  0
  Votes
  4
  Posts
  9
  Views

  9 days ago

  Hi @parthu-reddy , If you can provide my with some step-by-step instructions (reproduction case), then I can see if if there's a bug in ProGet. However we can't really change the "license file is embedded in the package file" technical requirement. That said... using custom licenses for blocking package is definitely inappropriate. Please do not do that. It will cause you headaches and probably business disruptions later. There are already tools to prevent users from downloading packages from ProGet, this is not how you want to do it. The easiest solution here is to align the security team's understanding/expectations align with reality. You don't want to try to configure ProGet in unrealistic ways that will lead to actual problems/risks. I suspect the security team is conflating "vulnerable packages" with "malware and viruses", so it'd be best to take this opportunity to educate them on how packages / ProGet works. ProGet can prevent users from downloading certain packages, but vulnerable packages are freely available on the internet for download. A vulnerable package is NOT some a "virus in a lab that can escape" and infect a system A package is just a library and cannot run on its own If a user has a copy of vulnerable package, they can't use it to "hack" a system with it nor will it cause any harm Vulnerable packages simply shouldn't be used as building blocks in your own applications Thanks, Alana
• P

  Need info on blocking packages
  9 days ago • parthu.reddy   9 days ago

  2
  0
  Votes
  2
  Posts
  6
  Views

  9 days ago

  Hi @parthu-reddy , This hasn't changed; to "Set Package Status", you need to first Pull the Package to the feed. From there, you can a compliance rule override of Always Block or Always Allow Downloads. Thanks, Alana
• C

  Proget: SCA Event Notifier not working
  29 Jan 2025, 13:35 • caterina   11 days ago

  8
  0
  Votes
  8
  Posts
  32
  Views

  11 days ago

  Hi @caterina, I'm sorry about this. There looks like there was a conflict with another notifier change. I have created a new ticket, PG-2933, to fix this and it will be released in the next maintenance release. Thanks, Dan
• A

  ProGet: NullReferenceException in SharedConfig.cs after upgrade to v24.0.30
  12 days ago • arose_5538   12 days ago

  3
  0
  Votes
  3
  Posts
  14
  Views

  12 days ago

  Hi @arose_5538, We just released ProGet 24.0.31 that has the fix included for this so you do not need to specify those extra environment variables. Thanks, Rich
• P

  Import error
  13 days ago • pratik.kumar_8939   12 days ago

  2
  0
  Votes
  2
  Posts
  9
  Views

  12 days ago

  Hi @pratik-kumar_8939 , Unfortunately Nexus has a very limited API, which is why the so the import isn't working (404 error - not found). Basically, it doesn't implement the "catalog API" that allows all artifacts/packages to be listed. However, you can use a file-system / drop-path import after you extract the files from Nexus Thanks, Alana
• V

  Upgrade to 2024.29 crashes
  17 days ago • v.makkenze_6348   17 days ago

  3
  0
  Votes
  3
  Posts
  12
  Views

  17 days ago

  Hi @v-makkenze_6348 , This error was related to an error on our end - basically there was some bad data in the package that the InedoHub downloaded, and it caused the installer script to crash. We fixed the package on our end, so reinstalling normally should work now. Cheers, Steve
• R

  Rust Crates are uploaded with an incorrect compression method
  26 days ago • rel_0477   19 days ago

  7
  0
  Votes
  7
  Posts
  27
  Views

  R 19 days ago

  Awesome, thank you so much!
• M

  Adding an ad-hoc deployment process to an existing application
  30 days ago • mwatt_5816   19 days ago

  3
  0
  Votes
  3
  Posts
  15
  Views

  M 19 days ago

  Thank you for your guidance Dean!
• J

  pgutil allow wildcard input file
  26 days ago • jblaine_9526   23 days ago

  4
  1
  Votes
  4
  Posts
  15
  Views

  J 23 days ago

  Thanks ! Works as expected... as always :)
• I

  Proget upgraded 6 -> 2024. Scoped npm packages no longer accessible.
  26 days ago • infrastrcture_6303   24 days ago

  2
  0
  Votes
  2
  Posts
  14
  Views

  24 days ago

  Hi @infrastrcture_6303 , We've had one other user report this, and unfortunately it's a bit complicated behind the scenes. ProGet 6 allowed npm packages to be uploaded without a @ in the scope, which meant that if you used a non-npm client (your own script, etc), you could have "bad data" in the database. We did not anticipate this data when doing the ProGet 2023 datamigration, so the bad data was brought over. We don't have a means of fixing it, and it would take a nontrivial amount of time to do that - so as a free user we can't really put in that time. We do plan on a cleanup task ina few months that will take care of this automatically. If you're comfortable with SQL, you may be able to fix it yourself (that's what the other user did), and it invovles a figuring out some queries around the PackageNameIds table. Another alternative is to setup a new instance of ProGet 2024 and then just import the packages from disk. Thanks, Alana
• J

  Can't browse files within nuget (choco or ps) package
  26 days ago • jfullmer_7346   25 days ago

  2
  0
  Votes
  2
  Posts
  11
  Views

  25 days ago

  Hi @jfullmer_7346 , I was able to reproduce this, and we will fix it in an upcoming maintenance release (PG-2920). This came from a regression in 2024.28, with some other NuGet feed changes. Cheers, Alana
• P

  NPM Failed to fetch package tags
  29 days ago • procha_8465   29 days ago

  2
  0
  Votes
  2
  Posts
  5
  Views

  29 days ago

  Hi @procha_8465 , I'm afraid we'll need a bit more information here to help you. There are a lot of changes between ProGet 5.2 and ProGet 2024 and between older/newer versions of the npm client. If you can put together a reproduction case, ideally on a new instance of ProGet 2024, that'll help us determine what you're trying to do and how to help. -- Dean
• P

  Prometheus support?
  19 May 2020, 14:22 • patchlings   29 days ago

  9
  2
  Votes
  9
  Posts
  35
  Views

  29 days ago

  Hi @f-medini_8369, Here is our documentation on how to use Prometheus: https://docs.inedo.com/docs/installation/logging/installation-prometheus -- Dean
• P

  Maven release and snapshot repo type
  6 Mar 2025, 15:34 • pratik.kumar_8939   30 days ago

  2
  0
  Votes
  2
  Posts
  10
  Views

  30 days ago

  Hi @pratik-kumar_8939 , ProGet does not require two different feeds for this, and we would generally recommend putting them in the same feed. If you wish to have the artifacts intwo different feeds, then you can just create different feeds and name them how you'd like. Thanks, Alana
• S

  Using ProGet with TeamCity
  6 Mar 2025, 08:19 • simon.marriott_1201   6 Mar 2025, 14:52

  2
  0
  Votes
  2
  Posts
  4
  Views

  6 Mar 2025, 14:52

  Hi @simon-marriott_1201, If you haven't seen it already, I'd check out How Files and Packages Work in ProGet for Artifactory Users. Long story short is, you should consider a more modern approach than the Maven-based file/folder that Artifactory uses. Many have found a lot of success with Universal Feeds & Packages. We don't maintain a TeamCity plugin, but it's really easy to create, publish, deploy packages using the pgutil command line (i.e. pgutil upack create); see HOWTO: Create Universal Packages Hope that helps! -- Dean