Support

• C

  SBOM Dependency Tree is lost when importing and exporting
  • christian.georg_5533  

  5
  0
  Votes
  5
  Posts
  14
  Views

  C

  Hi Alana, thanks for your response. The main beenfit of the depenency tree is to understand what needs to be done to get ridd of a certain component. If there is a component in your supply chain that you would like to get ridd of, then there is a big diference if this is a direct dependency that you included and that could possible be solved quite easily or if this is a component that is part of another direct dependecy (or even multiple other dependencies) where you would neet do remove the direct dependencie(s). I do however understand from your response that keeping the dependency tree is not planned in the near future and that using ProGet as a central SBOM Repository to enable further workflows which need the dependency tree is not the way to go as the focus of Proget is the management of the feeds and providing validated and approved packages Best regards Chris
• G

  Increased Incorrect Classification of Security Vulnerabilities
  • geraldizo_0690  

  7
  0
  Votes
  7
  Posts
  24
  Views

  

  Hi @geraldizo_0690 , I think the best way for us to proceed with this investigation is to get a copy of your database backup. And as a bonus, we'll validate your database to make sure the upgrade to ProGet 2026 and the new vulnerability management features work nicely :) I created a secure public link for you, which you can access in this ticket that I've created for you: https://my.inedo.com/tickets/view?ticketNumber=EDO-12790 Just let us know once you've uploaded the BAK file, and we'll take a look and figure it out from there. Thanks, Alana
• C

  Unhandled exception in execution #xxx: 42702: column reference "DatabasePath_Text" is ambiguous
  • cole.brand_2889  

  2
  0
  Votes
  2
  Posts
  5
  Views

  

  Hi @cole-brand_2889 , In general, that error message means some kind of code problem. Like, using "DatabasePathText" on a multi-table join without specifying which table/alias it belongs to. However given the queries (see below code), I don't see the problem. I haven't seen the error on PostgreSQL... so that must mean it's Aurora Postgres specific? According to ChatGPT, "Aurora PostgreSQL is stricter about recordset functions and want a relation alias before the column definition list.", but who knows if that's true. About the only way to test this theory is to modify the function code in your database. I've pasted it below, and you should be able to just run that to "edit" the code. It'll get updated during any normal upgrade/downgrade, so no real worry. The first change suggested was to add a BPT here: WITH BlobPackages_Table AS ( SELECT * FROM jsonb_to_recordset("@BlobPackages_Table") AS BPT("DatabasePath_Text" VARCHAR(200), "PackageVersion_Id" INT) ), I don't see how that could work, but who knows. Another suggested change was this: WITH BlobPackages_Table AS ( SELECT * FROM jsonb_to_recordset(COALESCE("@BlobPackages_Table", '[]'::jsonb)) AS BPT("DatabasePath_Text" VARCHAR(200), "PackageVersion_Id" INT) ), Although, I also don't believe that word work, since the @BlobPackages_Table would not be null. But again who knows. Anyway... that's where I would start. It might be something else altogether, but I can't see it and I guess my ChatGPT prompt didn't spot it either. CREATE OR REPLACE PROCEDURE "DockerBlobs_RecordScanData" ( "@DockerBlob_Id" INT, "@BlobInfo_Configuration" XML, "@BlobPackages_Table" JSONB ) LANGUAGE plpgsql AS $$ BEGIN IF "@BlobInfo_Configuration" IS NULL THEN DELETE FROM "DockerBlobInfos" WHERE "DockerBlob_Id" = "@DockerBlob_Id"; ELSE INSERT INTO "DockerBlobInfos" ("DockerBlob_Id", "BlobInfo_Configuration") VALUES ("@DockerBlob_Id", "@BlobInfo_Configuration") ON CONFLICT DO UPDATE SET "BlobInfo_Configuration" = "@BlobInfo_Configuration" WHERE "DockerBlob_Id" = "@DockerBlob_Id"; END IF; UPDATE "DockerBlobs" SET "LastScan_Date" = CURRENT_TIMESTAMP WHERE "DockerBlob_Id" = "@DockerBlob_Id"; WITH BlobPackages_Table AS ( SELECT * FROM jsonb_to_recordset("@BlobPackages_Table") AS ("DatabasePath_Text" VARCHAR(200), "PackageVersion_Id" INT) ), packagesToRemove AS ( SELECT * FROM "DockerBlobPackages" DBP LEFT JOIN BlobPackages_Table BPT ON BPT."DatabasePath_Text" = DBP."DatabasePath_Text" AND BPT."PackageVersion_Id" = DBP."PackageVersion_Id" WHERE DBP."DockerBlob_Id" = "@DockerBlob_Id" AND BPT."PackageVersion_Id" IS NULL ), deletes AS ( DELETE FROM "DockerBlobPackages" DBP USING packagesToRemove PTR WHERE DBP."DockerBlob_Id" = "@DockerBlob_Id" AND DBP."DatabasePath_Text" = PTR."DatabasePath_Text" AND DBP."PackageVersion_Id" = PTR."PackageVersion_Id" ), newBlobPackages AS ( SELECT BPT.* FROM BlobPackages_Table BPT LEFT JOIN "DockerBlobPackages" DBP ON DBP."DockerBlob_Id" = "@DockerBlob_Id" AND BPT."DatabasePath_Text" = DBP."DatabasePath_Text" AND BPT."PackageVersion_Id" = DBP."PackageVersion_Id" WHERE DBP."PackageVersion_Id" IS NULL ) INSERT INTO "DockerBlobPackages" SELECT "@DockerBlob_Id", "DatabasePath_Text", "PackageVersion_Id" FROM newBlobPackages BPT; END $$; // also I do realize the json input is not a great way to handle this, but it's how we needed to port a few things from SQL Server to maintain parity in behavior Let us know if you find anything! Thanks, Alana
• B

  Deploying a Docker Image via Kubernetes with a yaml file
  • brandon_owensby_2976  

  2
  0
  Votes
  2
  Posts
  4
  Views

  

  Hi @brandon_owensby_2976, I'm afraid we don't have a lot of great documentation / information on how to deploy Kubernetes using BuildMaster. The existing extension is quite old and reflects a pre-Helm approach where Kubernetes resources were deployed directly via raw manifests. These days, Helm charts are the standard way to package Kubernetes applications. A chart contains templated manifests along with default configuration (values.yaml) that can be overridden per environment. Once you have a chart, you typically deploy it with a command like: helm upgrade --install myapp corp/app -f values.yaml Additional overrides (like your override.yaml) can be layered in as needed. In theory, that's where a BuildMaster configuration file would come in, and BuildMaster would also run the upgrade commands. However... Helm isn't really run outside of development environments. Instead, most teams use a GitOps-based tool (i.e. Argo CD or Flux), which in turn use Helm to continuously "sync" whatever's in Git with what's running in the cluster. The idea is that the "deployment state" is maintained in Git and doesn't need to be triggered from an external release system. In other words, a production "deployment" is done by issuing a commit. Because of this, pipeline-driven deployment tools BuildMaster just popular for Kubernetes workflows. We've seen competitive tools try, but they get a lot of pushback from the end-users (i.e. Kubernetes engineers) and as a result don't see much adoption. In my opinion, this is like 7 layers of unnecessary complexity (let alone error-prone) and a basic Docker deployment covers like 99% of use cases... but that's not where the market is. Hope that helps clarify things a bit, let us know what you find. Cheers, Alana
• P

  Not able to delete published docker images
  • parthu.reddy  

  5
  0
  Votes
  5
  Posts
  24
  Views

  

  Hi @parthu-reddy , This does not appear to be a "fat manifest". Two other things are coming to mind. First, are these referenced in any helm charts? If so, they won't get removed unless you delete the helm chart first. Second, how about trying a separate policy, "Delete untagged manifests"? That should clear out these images. Thanks, Alana
• C

  Amazon.S3.AmazonS3Exception: Please reduce your request rate.
  • cole.brand_2889  

  2
  0
  Votes
  2
  Posts
  7
  Views

  

  Hi @cole-brand_2889 , Wow, I didn't realize that S3 rate-limited like that!! That's good to know. Unless this is something that could be configured as an advanced SDK switch in the S3FileSystem, then I don't think there's much that could/should be done in the ProGet or extension code. After searching the error (and seeing this very post on the first page of Google ), this just seems to be endemic with S3; there's no published rate limit, and even in AWS official blog article the only solutions seem to be "follow the error message and reduce your request rate". There's probably something you can do do on the load-balancer side of things... reducing concurrent requests, etc. Let us know what you find! Thanks, Alana
• D

  ProGet Connector Filters Performance
  • davidroberts63  

  2
  0
  Votes
  2
  Posts
  11
  Views

  

  Hi @davidroberts63 , While connector filters were never really designed to replace the "approved packages" workflow, we've seen many users do exactly that over the years, yielding hundreds of entries. It's not exactly a use case we recommend, as one of the big benefits of the approved packages flow is to prevent "instinctively upgrading dependencies" yielding in regressions. But, if you're already effectively doing that through automation, then I suppose you already know the risks :) From a performance standpoint, it shouldn't make a notable impact. Those have been optimized for quite some time now. Thanks, Alana
• A

  Incorrect published date handling breaks min-release-age for npm feeds
  • aleksander.szczepanek_3253  

  3
  0
  Votes
  3
  Posts
  12
  Views

  A

  @atripp Thank you for your help. This resolves my problem. Good to hear that it will be default behaviour, current behaviour is not intuitive.
• G

  How to use Package/Container Usage in ProGet/Otter
  • geraldizo_0690  

  8
  0
  Votes
  8
  Posts
  43
  Views

  G

  I actually haven't looked into pgutil yet. I'll check it out. But overall, ProGet does a pretty good job. Right now, I really can't think of anything that ProGet can solve uniquely.
• S

  V5: Active Directory vs V4 - Delays
  • sigurd.hansen_7559  

  7
  0
  Votes
  7
  Posts
  47
  Views

  S

  No problem; I will use the generic one :) @george-bowen_9415: Did you experience delays in V5, and do you have any significant amount of group memberships? :) -Sigurd
• G

  Support for NotAutomatic/ButAutomaticUpgrades headers in Debian feed Release files
  • geraldizo_0690  

  9
  0
  Votes
  9
  Posts
  51
  Views

  G

  Thank you very much.
• 0

  PEP 700 conformance for PyPI feeds
  • 0xFFFFFFFF  

  3
  0
  Votes
  3
  Posts
  22
  Views

  0

  Hi Dean, Thank you very much for the reply! This landing in ProGet 2026 would be awesome! But of course I understand you want to be certain that those changes would not cause issues for the users, so I think having to wait a little more would be no problem for me.
• P

  nuget api calls blocking proget
  • parthu.reddy  

  4
  0
  Votes
  4
  Posts
  14
  Views

  

  Hi @parthu-reddy , Thanks for the additional information. Thinking about it further, I suspect this was a temporary network outage. It could have been DNS related, or who knows what. As for your configuration... 5000 is definitely too high; set this towards 100-500 max. If you're working on a load-balanced cluster, this should be done at the load balancer instead. I was incorrect about api.nuget.org, that is also used by the V3 API. I thought it was only V2. So please disregard. It's unlikely metadata caching will help, but you could try it. That's a relatively short-lived cache meant for traffic bursts, and it's not really going to help with a network outage. -- Dean
• N

  ProGet: Editing Feed(s) field in a project changes the field for all projects
  • Nils Nilsson  

  3
  0
  Votes
  3
  Posts
  9
  Views

  N

  Hi Dean, Thank you for the swift reply and fix :) Best regards Nils Nilsson
• R

  pgutil upack install ... --version=26.3 ... (core dumped)
  • rcpa0  

  2
  0
  Votes
  2
  Posts
  9
  Views

  

  @rcpa0 thanks for letting us know; we'll try to fix this next time we make some changes to pgutil it should only print "Version is not a valid semantic version." or something
• N

  Getting LDAP to work
  • no doubt  

  2
  0
  Votes
  2
  Posts
  16
  Views

  

  Hi @no-doubt, We are software engineers that provide technical support to technical end users. We cannot help non-technical users who provide no technical information. Moreover, I'm not willing to work with users who call our products "a real pain" and share counter-productive "facts" about how easy competitive products are. You should know better. I'm going to lock this thread, but I'll give you another chance though. If you'd like to continue your evaluation and receive technical support, please spend a few moments reviewing other forum posts to see how users communicate with us. If you feel comfortable doing that, then post again. If not, then it sounds like you've got two products to choose from. Sincerly, Alex
• N

  [Feature] ProGet: Set initial stage on builds scan
  • Nils Nilsson  

  1
  0
  Votes
  1
  Posts
  9
  Views

  No one has replied

• J

  Supported Database for ProGet HA Installations
  proget cluster database • • jeff.williams_1864  

  5
  0
  Votes
  5
  Posts
  26
  Views

  J

  Perfect, thanks Alana :)
• D

  Maven packages not including JAR files in ProGet
  • davi.morris_9177  

  2
  0
  Votes
  2
  Posts
  9
  Views

  

  Hi @davi-morris_9177 , I'm afraid this behavior is expected because kotlin-stdlib-2.3.20.jar is not in the downloaded index file. There's is no file-listing API, which means there's no way to know what should be there otherwise. The Maven client downloads "blindly downloads" some files, and "silently accepts" a 404 for other files. When it's downloaded (cached), then ProGet knows about it. So, you really need to download the artifacts first if you want to make a curated feed I'm afraid. -- Dean
• J

  Support for kubernetes-based deployment of ProGet and InedoDB?
  • jeff.williams_1864  

  3
  0
  Votes
  3
  Posts
  10
  Views

  J

  Thanks Alana, that is fair. I am mainly wanting to make sure that the app remains supported regardless of whether I deploy it on Linux using docker, or on a kubernetes platform. It is assumed there is underlying platform support that will be on us.