Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

  • ProGet New Vulnerability scanning removes ability to block a package

    5
    0 Votes
    5 Posts
    16 Views
    S
    Thank you very much for this, Alana. Very much appreciated.
  • 0 Votes
    5 Posts
    21 Views
    A
    Good Morning, Unfortunately that did not work and I had to restore to a previous database backup and update the packages etc. Thanks
  • 0 Votes
    4 Posts
    28 Views
    atrippA
    Hi @zs-dahe , Thanks for clarifying, that makes sense; that's not really the use case we intended for asset directory versioning, it was mostly a simple way for asset-directory end-users (i.e. generally not ProGet admins) to fix the occasional delete/accident. It's redundant with back-up, but the idea was that it would save administrator time at the cost of a little disk space. Since it'd be such a large change on our end to rewrite this, it'd be best to wait until there's more demand. Perhaps you could just not use asset versioning , and allow your backup server to handle this? Typically back-up tools will already retain a certain number of past versions of files. Cheers, Alana
  • Some latest versions of Nuget packages not available in ProGet

    4
    0 Votes
    4 Posts
    12 Views
    atrippA
    Hi @rick-kramer_9238, I'm really not sure what the underlying issue is or how to troubleshoot :( NuGet dependency resolution is really complicated, and what you're saying is probably related. If you get a "package/version cannot be found" error from the NuGet client, it doesn't necessarily mean that the version isn't there... jsut that the dependency search wasn't successful. You can just look at the ProGet server to see what packages/versions are there. If it's in the UI, iut will be in the API. Cheers, Alana
  • Reset ProGet Admin Password via API

    2
    0 Votes
    2 Posts
    18 Views
    atrippA
    Hi @forbzie22_0253 , For the Native API, you would pass in a base-64 encoded string value for byte[] values. Sorry that we don't have any examples; it's not a very friendly API, and we don't call it via JSON ourselves. Most users will configure LDAP or SAML, so so this isn't a big priority for us to document or create an API for as you can understand. If you find something that works, please do share it here :) Thanks, Alana
  • Package Latest Version not showing in All Versions

    2
    3
    0 Votes
    2 Posts
    12 Views
    atrippA
    Hi @scott-wright_8356 , This is unfortunately the consequence/downside with frequently-updated packages (like 2-3x daily updates of electron-to-chromium) and metadata caching. The underlying issue is that different metadata queries have different cache expirations, so the search queries (e.g. "electron-" or "electron-to" or "chromium", etc) will not line up with index queries (e.g. "list electron-to-chromium versions"). There is no solution to this, aside from changing durations or disabling caching. In general, we very strongly advise against developers "always using the latest version of packages they see", since that's a major attack vector for software supply chains. It also makes build reproducibility basically impossible and gives testing a headache. Instead, we encourage a package approval process where only approved packages are consumable by build servers, as opposed to whatever's the latest version on the net Best, Alana
  • Wrong debian apt documentation (web and app)

    4
    0 Votes
    4 Posts
    27 Views
    rhessingerR
    Hi @daniel-scati , Thanks for catching that! I have updated the documentation. Thanks, Rich
  • Incorrect packages count in Feeds page

    packages feeds
    4
    1
    0 Votes
    4 Posts
    22 Views
    ScatiS
    Just to give you a heads up. I'm already on version 2023.32 and it works like a charm. Thank you.
  • Error during upgrade

    3
    0 Votes
    3 Posts
    7 Views
    atrippA
    Hi @v-makkenze_6348 , This error can happen if you made certain changes to IIS configuration; in this case, you changed the name of the ProGet site in IIS to something else. That is not supported, so you will get this error. In general, we recommend moving away from IIS; this is because Microsoft no longer recommends using IIS for modern applications (.NET). And there is weird behavior like this. They only recommend it as a proxy server and legacy application server (Classic ASP, .NET Framework, etc).
  • An error occurred while retrieving rows.

    5
    2
    0 Votes
    5 Posts
    28 Views
    A
    @atripp The sp_updatestats stored procedure resolved the issue for us. Really appreciate the assistance.
  • 0 Votes
    8 Posts
    45 Views
    atrippA
    Hi @jw , let's move some of these to a new thread, since this is sort of getting a bit long / off topic. I'll reply here then lock the thread, but feel free to reply as a new thread for any one of these topics. First, if you haven't already, I'd submit your database so we can test using your database. I don't know what has/hasn't been tested yet, but that's what we plan to do this week. Internal Ids --- we will likely not include internal Ids in the /sca endpoints; those are only exposed in the native API (which we don't recommend using). We really don't you to use the Native API since it arbitrarily changes. Docs -- the docs are going to be a little behind, but those will come out shortly after; note that our primary API will become a CLI, so the API docs will favor examples for pgutil. This will actually make building out new APIs a lot easier, since we can just point to GitHub code to show how it works, etc. SCA Events -- these will also trigger when you upload a noncompliant package and one is discovered in an overnight scan (either of packages or builds). This is our starting point from zero, so we'll see what feedback we have and adjust accordingly.
  • Ability to bulk delete SBOMs

    4
    0 Votes
    4 Posts
    12 Views
    atrippA
    @v-makkenze_6348 thanks for clarifying - that's not how we intended to use the feature, but hopefully the ProGet 2024 model will work better. In ProGet 2024, they are called Builds, and Builds have a Release Number. They are also auto-archived, and have a kind of Build Stage. Sorry but I don't yet have screenshots, but there is some documentation: https://docs.inedo.com/docs/proget-sca-builds
  • Small spelling error in image Usage Instructions

    2
    0 Votes
    2 Posts
    7 Views
    atrippA
    @v-makkenze_6348 Thanks, we'll add this to our "final touches" in PG2024 :)
  • Unknown licenses that are known

    2
    2
    0 Votes
    2 Posts
    9 Views
    atrippA
    Hello @v-makkenze_6348 , We're aware of this issue, and it's related to NuGet packages with four-part versions that end in zero, and the way the package is handled behind the scenes. It's a fairly involved/complex issue that we need to fix in a major version -- and we've already done that, in ProGet 2024 :) We expect it to release soon. You'll need to delete the cached package then re-add it. We've tested this exact scenario w/ SCA Builds/Releases. Thanks Alana
  • 0 Votes
    3 Posts
    23 Views
    J
    I'm afraid this is a bit too granular for us now, but it's something we can consider re-evaluating down the line, especially as we will likely want to add specialize permissions for projects, policies, etc. We expect that will happen later in the year, after ProGet 2024's new features get more adoption. We'll see if anyone else requests package-level permissions, etc. Thanks for the feedback, let's see if there is more demand. As for the Advanced, I put a note in ProGet 2024's final touches to address that. Honestly I thought those were only on Debug builds only, but clearly not... thanks for reporting! Glad to hear it is just an UI issue, I was worried users could mess with metadata. Cheers
  • Proget as registry proxy

    2
    0 Votes
    2 Posts
    21 Views
    stevedennisS
    Hi @aharalambopoulos_3520 , ProGet works as a "Private Docker Registry" which seems to be different than a "Docker Hub Mirror". Last time we researched Docker Hub Mirrors, they seemed to be primarily intended to provide image to certain geographic regions (like China) where Docker Hub content would otherwise be restricted. They could also be used to set up a "local mirror" of Docker Hub, but in all cases, it seemed to basically just redirect traffic from the default docker.io URL (or whatever) - so it wasn't intended to be used as "Private Docker Registries". In any case, Mirrors don't seem to be a good fit for ProGet; instead, if you wish to use nginx, we would advise to "privatizing" and "lock" images using sematic tag, so that you can be assured that corp.local/images/nginx is a tested/safe image with tags you control. Best, Steve
  • ProGet SAML group mapping

    5
    0 Votes
    5 Posts
    35 Views
    P
    Thank you very much for the information, we will get in touch with our account manager. We would greatly appreciate having this implemented as we need to manage over 150 users via SAML authentication.
  • apt Package file malformatted

    7
    0 Votes
    7 Posts
    29 Views
    F
    Thank you for taking time to sort this out with me! I greatly appreciate your efforts and will be happy, if this works out well. :)
  • proget 2023 - topology

    5
    0 Votes
    5 Posts
    17 Views
    U
    Hi @atripp , thank you very much.
  • proget 2023 - iis vs internal web

    3
    0 Votes
    3 Posts
    8 Views
    U
    Hi Alana, thank you very much. will do.
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation