Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Dependency Confusion in ProGet
-
Hello,
We currently have a pipeline dedicated to detecting dependency confusion, but it takes around six hours to scan all artifacts. Does Inedo provide a native API or built-in capability to perform the same kind of analysis?
Regards
-
This is really easy to do in ProGet and no need for a "scan". I can't even imagine how such a "scan" could work.
Anyway, you just simply need to add a connector filter that prefixes your internal packages. For example, our filter for NuGet packages would look like
Inedo*- which prevents any package named that coming through a connector.Check out this article to get some more details:
https://blog.inedo.com/software-supply-chain-security/three-thingsThanks,
Steve
