Support

• G

  How to use Package/Container Usage in ProGet/Otter
  • geraldizo_0690  

  2
  0
  Votes
  2
  Posts
  10
  Views

  G

  Additional Information: proget[1916719]: Scan using Otter at http://otter/ failed: Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
• 0

  PEP 700 conformance for PyPI feeds
  • 0xFFFFFFFF  

  1
  0
  Votes
  1
  Posts
  5
  Views

  No one has replied

• J

  Proget is unable to download Maven packages that use a nonstandard versioning scheme
  • joshua.mitchell_8090  

  12
  0
  Votes
  12
  Posts
  76
  Views

  

  Hi @devops-user @joshua-mitchell_8090 , Thank you so much for testing! We'll merge this in via PG-3251 in tomorrow's maintenance release. As for the other error, it's technically unrelated - but that package has such a long "compliance analysis report" that it's getting truncated in the database cache. PostgreSQL complains about that, SQL Server silently does it. Anyway w'ell fix via PG-3250 perhaps in tomorrow's release as well. Cheers, Alana
• S

  Docker _catalog and tags calls do not respect tokens
  • Stephen.Schaff  

  2
  0
  Votes
  2
  Posts
  6
  Views

  

  Hi @Stephen-Schaff , The Docker API does not use API keys but a ticket-based system (i.e. docker login). Here is how to use it: https://docs.inedo.com/docs/proget/docker/semantic-versioning#example-powershell-script-to-authenticate-to-docker We added some kind of support via PG-3206 in ProGet 2025.20, though it was only intended to address self-connectors to Docker registries. I do'nt know how well it will work here. Thanks, Alana
• 

  Support for Air-gapped environments
  • steviecoaster  

  3
  0
  Votes
  3
  Posts
  17
  Views

  

  We have the full gamut of environments. Those with unfettered access to the unwashed internet, proxied environments, a single machine with access we can tunnel through, to, yes, SCIF-levels of lockdown. In all of those scenarios, we offer an offline prep script that bundles everything needed for the installation into a zip file, which you can then sneaker-net into the environment and continue the installation. I think we can make the offline installation work based on what I'm seeing in the documentation. I just wanted to make sure it was a "supported" mechanism of installation.
• V

  Composer feed: metapackage is not saved as a local package
  • vdubrovskyi_1854  

  4
  0
  Votes
  4
  Posts
  11
  Views

  

  Hi @vdubrovskyi_1854 , Unfortunately this is just how composer works; it never requests the metapackage from the server (i.e. ProGet) nor does it upload the composer.lock file to ProGet. There is obviously no way for ProGet to "guess" what metapackages you may want. Obviously, ProGet does not automatically download/install every metapackage from the upstream repository. That's obviously not behavior anyone would want, and we will not add it to ProGet. You have two options: Modify the behavior of composer to request these packages from ProGet, Writing a script to parse your composer.lock and then download and/or promote those files within ProGet Hope that helps, Alana
• A

  [Buildmaster] Add queryable custom properties on a deployment level
  • Anthony  

  5
  0
  Votes
  5
  Posts
  27
  Views

  A

  Ok @atripp, thanks for getting back to me. I'll see if I can include the deployment ID and return code as key-value pairs in the build instead. Have a nice day, Anthony.
• S

  404 error for missing SVG image (issues-hold.svg) on the Administration > Logs page
  • sigurd.hansen_7559  

  2
  0
  Votes
  2
  Posts
  9
  Views

  

  Hi @sigurd-hansen_7559, This is a known issue, PG-3246, and will be fixed on Friday in ProGet 2025.25. Thanks, Rich
• 

  proget.inedo.com DDOSed?
  • felfert  

  2
  0
  Votes
  2
  Posts
  14
  Views

  

  Thanks for the heads up @felfert ! Looks like we're back now, looks like there was some issue reporting the outage on our end :) Alana
• I

  Symbol Server id issue
  • it_9582  

  17
  0
  Votes
  17
  Posts
  83
  Views

  I

  Hi @atripp, @gdivis, we have checked this issue today and all seems to work like a charm. Big thanks for quick and really good work :) Best regards
• G

  Support for NotAutomatic/ButAutomaticUpgrades headers in Debian feed Release files
  • geraldizo_0690  

  7
  0
  Votes
  7
  Posts
  44
  Views

  G

  I have a small issue to report. Btw. adding the headers works perfectly. However, the fields don't allow spaces. Like here to see. "Debian Backports" Can you make the fields compatible for values with spaces?
• S

  V5: Active Directory vs V4 - Delays
  • sigurd.hansen_7559  

  4
  0
  Votes
  4
  Posts
  23
  Views

  

  Hi @sigurd-hansen_7559, We can add back support to not do the recursive search. If you would like to use a search scope, we would recommend using the OpenLDAP/Generic LDAP user directory and specifying your own LDAP queries. With that said, I think that is overkill for this situation and adding a way to disable recursive groups will be the easiest. I will get that added on the April 3rd release of ProGet 2025.25. Thanks, Rich
• _

  ProGet SBOM Scan Not Creating Vulnerability Issues for NPM Packages
  proget • • _moep_  

  2
  0
  Votes
  2
  Posts
  15
  Views

  

  Hi @_moep_ , So there are quite a few "moving pieces" here. Vulnerability -> Assessment -> Compliance -> Build Issue Vulnerabilities & Assessments First and foremost, when you navigate to qs@0.6.6 in the ProGet UI, you should see several vulnerabilities listed, such PGV-2287703. So, the "identification" is there as a result of the offline version of that database being included with ProGet. But, ProGet is all about reducing noise while helping elevate real risks - and most vulnerabilities are theoretical, have no real-world exploits, would require a dedicated attacker, and would result tin no real damage. A "Denial of Service from Prototype Pollution" is great example of such a vulnerability. The risks and problems introduced by reactively upgrading every dependency far exceed any benefits -- moreover, it "de-sensitizes" everyone to real security risks. The idea of "when everything is severe nothing is" is the same as "when everything is a priority, nothing is". That's where Assessment comes in. In ProGet 2025 and earlier, a vulnerability is generally as "assessed" Ignored, Warn, or Blocked. PGV-2287703 will be assessed as Warn by default. **NOTE this will be changing in ProGet 2025. ** Policies & Compliance Next, there's the question of Compliance; the vulnerability assessment (among other things, like license, deprecation status, etc) will determines whether or not a package is Compliant, Noncompliant, or Warn. Compliance rules are configured in policies. In ProGet 2025, by default, the "Warn" Assessment will not make a package Noncompliant. Just Warn. Builds & Issues A Build is considered Noncompliant if any of the packages are Noncompliant. A Noncomplaint build should be blocked from deploying to production. This is where Issues come in: an issue may be created when a build is analyzed (try it out by clicking [analyze] in the UI) for a Noncompliant package. The purpose of these Issues are to effectively "override" the compliance status on a single package. They are not informational; if you want a list of packages, vulnerabilities, licenses, just use pgutil builds audit to get that listing. Long story short, I'd decide on a process you'd want to use before even considering web hooks for all this. Also note that this mostly requires a paid license, so you may not even be getting functionality if you're on a free version hope that helps, Alana
• J

  Working with Secure Resources / Secure Credentials
  otter otterscript • • jimbobmcgee  

  2
  0
  Votes
  2
  Posts
  12
  Views

  J

  Looks like I pasted the SecureCredential... file twice (and can't edit/update now). The SecureResource... version is: SecureResourcePropertiesVariableFunction.cs using System.Collections; using System.ComponentModel; using Inedo.ExecutionEngine.Executer; using Inedo.Extensibility; using Inedo.Extensibility.SecureResources; using Inedo.Extensibility.VariableFunctions; using Inedo.Serialization; namespace Inedo.Extensions.VariableFunctions.SecureResources { [ScriptAlias("SecureResourceProperties")] [Description("Gets the properties available to a named Secure Resource. Use `$SecureResourceProperty()` to obtain the value.")] public sealed class SecureResourcePropertiesVariableFunction : VectorVariableFunction { [VariableFunctionParameter(0)] [ScriptAlias("resource")] [Description("The name of the Secure Resource for which to fetch property names.")] public string? ResourceName { get; set; } [Description("The type of the Secure Resource for which to fetch property names.")] [ScriptAlias("type")] [VariableFunctionParameter(1, Optional=true)] public SecureResourceType? ResourceType { get; set; } protected override IEnumerable? EvaluateVector(IVariableFunctionContext context) => GetPropertyNames(ResourceName, ResourceType, context); internal static IEnumerable<string> GetPropertyNames(string? resourceName, SecureResourceType? resourceType, IVariableFunctionContext context) { var resourceResolutionContext = new ResourceResolutionContext(context.ProjectId); var secureResource = SecureResource.TryCreate(resourceType.GetValueOrDefault(), resourceName, resourceResolutionContext) ?? throw BadResourceName(resourceName ?? "<null>"); return Persistence.GetPersistentProperties(secureResource.GetType(), true) .Select(p => p.Name); } internal static Exception BadResourceName(string resourceName) { return new ExecutionFailureException(string.Concat( "Could not find a Secure Resource named \"", resourceName, "\"; this error may occur if you renamed a resource, " + "or the application in context does not match any " + "existing resources. To resolve, edit this item, " + "property, or operation's configuration, ensure a " + "valid credential for the application in context is " + "selected, and then save.")); } } [ScriptAlias("SecureResourceHasProperty")] [Description("Checks if the named property can be read from the named Secure Resource")] public sealed class SecureResourceHasPropertyVariableFunction : ScalarVariableFunction { [VariableFunctionParameter(0)] [ScriptAlias("resource")] [Description("The name of the Secure Resource to test.")] public string? ResourceName { get; set; } [Description("The name of the property to test.")] [ScriptAlias("property")] [VariableFunctionParameter(1)] public string? PropertyName { get; set; } [Description("The type of the resource property to test.")] [ScriptAlias("type")] [VariableFunctionParameter(2, Optional=true)] public SecureResourceType? ResourceType { get; set; } protected override object? EvaluateScalar(IVariableFunctionContext context) { if (string.IsNullOrWhiteSpace(PropertyName)) return false; return SecureResourcePropertiesVariableFunction .GetPropertyNames(ResourceName, ResourceType, context) .Contains(PropertyName, StringComparer.InvariantCultureIgnoreCase); } } [ScriptAlias("SecureResourceCredential")] [Description("Gets the name of the Secure Credential assigned to a Secure Resource")] public sealed class SecureResourceCredentialVariableFunction : ScalarVariableFunction { [VariableFunctionParameter(0)] [ScriptAlias("resource")] [Description("Literal text value")] public string? ResourceName { get; set; } [Description("The type of the resource property to get.")] [ScriptAlias("type")] [VariableFunctionParameter(1, Optional=true)] public SecureResourceType? ResourceType { get; set; } protected override object EvaluateScalar(IVariableFunctionContext context) { var resourceResolutionContext = new ResourceResolutionContext(context.ProjectId); var resourceType = ResourceType; var secureResource = SecureResource.TryCreate( resourceType.GetValueOrDefault(), ResourceName, resourceResolutionContext) ?? throw SecureResourcePropertiesVariableFunction.BadResourceName(ResourceName ?? "<null>"); return secureResource?.CredentialName ?? string.Empty; } } }
• R

  Allow networkservice to use the DB in Proget
  • reseau_6272  

  4
  0
  Votes
  4
  Posts
  18
  Views

  

  SQL Server is super fun! So the account you initially installed ProGet with in Inedo Hub will have permissions in SSMS to modify permissions for the SQL instance. This is because Proget installs SQL for you if you don't already have it installed. If you have the credentials the Proget service used to use, log in to SSMS with those credentials, then create the SQL Server login for the NetworkService account following @atripp's guidance above. Then, when you start the ProGet service, it should "see" the database.
• M

  Nuget connector stuck in failed state ("'0x00' is an invalid start of a property name")
  • mayorovp_3701  

  5
  0
  Votes
  5
  Posts
  22
  Views

  S

  Got this on a NPM feed, which has a connector to *npm-registry.npmjs.org. Recently upgraded to 25.23.11 An error occurred processing a POST request to http://packagemanager.REDACTED/npm/NPM-Source/-/npm/v1/security/advisories/bulk: '0x00' is an invalid start of a property name. Expected a '"'. LineNumber: 0 | BytePositionInLine: 1. System.Text.Json.JsonReaderException: '0x00' is an invalid start of a property name. Expected a '"'. LineNumber: 0 | BytePositionInLine: 1. at System.Text.Json.ThrowHelper.ThrowJsonReaderException(Utf8JsonReader& json, ExceptionResource resource, Byte nextByte, ReadOnlySpan`1 bytes) at System.Text.Json.Utf8JsonReader.ReadSingleSegment() at System.Text.Json.JsonDocument.Parse(ReadOnlySpan`1 utf8JsonSpan, JsonReaderOptions readerOptions, MetadataDb& database, StackRowStack& stack) at System.Text.Json.JsonDocument.Parse(ReadOnlyMemory`1 utf8Json, JsonReaderOptions readerOptions, Byte[] extraRentedArrayPoolBytes, PooledByteBufferWriter extraPooledByteBufferWriter) at System.Text.Json.JsonDocument.Parse(Stream utf8Json, JsonDocumentOptions options) at Inedo.ProGet.WebApplication.FeedEndpoints.Npm.NpmAuditHandler.HandleBulkAdvisory(AhHttpContext context, NpmFeed feed) at Inedo.ProGet.WebApplication.FeedEndpoints.Npm.NpmAuditHandler.TryProcessRequestAsync(AhHttpContext context, WebApiContext apiContext, NpmFeed feed, String relativeUrl) at Inedo.ProGet.WebApplication.FeedEndpoints.Npm.NpmHandler.ProcessRequestAsync(AhHttpContext context, WebApiContext apiContext, NpmFeed feed, String relativeUrl) at Inedo.ProGet.WebApplication.FeedEndpoints.FeedEndpointHandler.FeedRequestHandler.ProcessRequestAsync(AhHttpContext context) ::Web Error on 19.03.2026 19:52:44::
• G

  Unable to import packages from another Proget instance
  • gbeckett  

  11
  0
  Votes
  11
  Posts
  42
  Views

  

  Hi @gbeckett, Glad to hear it is working for you! Please let us know if you run into any other issues. Thanks, Rich
• K

  [ProGet] Unexpected redirect when accessing Maven package with non-standard version starting with a character
  proget maven • • koksime.yap_5909  

  5
  0
  Votes
  5
  Posts
  29
  Views

  

  Hi @koksime-yap_5909, Good news, it's available now for testing! We're considering merging to ProGet 2025, or maybe keeping for ProGet 2026? Anyway, I posted a lot more detail now: https://forums.inedo.com/topic/5696/proget-is-unable-to-download-maven-packages-that-use-a-nonstandard-versioning-scheme/2 Thanks, Alana FYI -- locked this, in case anyone has comments/questions on that change, I guess that post will be the "official" thread at this point :)
• M

  Debian mirror feed / connector doesn't work " Signature by xyz was created after the --not-after date."
  • matthias.schmitz_2037  

  4
  0
  Votes
  4
  Posts
  32
  Views

  S

  Hi @stevedennis , hi @geraldizo_0690 , sorry for the late reply, it was indeed a timesync issue. Thanks, Matthias
• P

  Proget error when setting vulnerability expiry date
  proget postgresql • • phil.sutherland  

  3
  0
  Votes
  3
  Posts
  18
  Views

  P

  @rhessinger Thank you Rich - will install it once released and confirm it is fixed.