Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Inconsistent license reporting
-
There are a number of packages that show up with a compliance warning like this one
But when I look at the package it says everyting is ok
-
Hi @v-makkenze_6348 ,
If you download (i.e. cache) the package, then you shouldn't see the compliance issue anymore. The reason is that ProGet does not have information about the package unless it's cached/local, or if you're viewing it on the package overview page.
When ProGet runs a build analysis (first screenshot), it only uses local/cached package data. This is for performance reasons, as users will have 100's of builds with 1000's of packages in each build, and that much traffic to each connector is problematic.
However, we are working on building a "remote metadata cache" that will fetch this data in a more performant manner.
-- Dean
-
See this topic for additional information on the subject:
https://forums.inedo.com/topic/4152/proget-sca-2024-preview-feedback-package-detection-still-hit-or-miss
-
Downloading the package did not help.
I'm pretty sure it was already in the cache, we clean the nuget cache on our buildservers weekly and everything is downloaded through Proget. The package downloads section shows the downloads.
-
I did a "Pull to ProGet" and ran analyze again and now the warning is gone.