Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    Integrating ProGet with Vor Security

    Scheduled Pinned Locked Moved Support
    proget
    14 Posts 1 Posters 28 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      I'm able to install the vor security extension after setting path mentioned above.

      After setting above mentioned path, and on run VulnerabilityDownloader, getting runtime issue like "ERROR: Unhandled exception: System.ArgumentException: Assembly VorSecurity was not found. The extension may be out of date, have been deleted, or could not be loaded. ---> System.IO.FileNotFoundException: Could not load file or assembly 'VorSecurity' or one of its dependencies. The system cannot find the file specified."

      Path that I have set:

      Extensions.ExtensionsPath
      Extensions.ServiceTempPath
      Extensions.WebTempPath

      Let me know if I'm missing anything.Thanks

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        In this case, make sure to restart the service. The service is unable to load the assembly which must mean the extension is not loaded.

        1 Reply Last reply Reply Quote 0
        • ? This user is from outside of this forum
          Guest
          last edited by

          Restarted Service as well, but the same issue.
          Below all path should be unique?

          Extensions.ExtensionsPath
          Extensions.ServiceTempPath
          Extensions.WebTempPath

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            It must be unique. For example:

            Extensions.ExtensionsPath = C:\ProGet\Extensions

            Extensions.ServiceTempPath = C:\ProGet\Temp\Service

            Extensions.WebTempPath= C:\ProGet\Temp\Web

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              Team,

              After setting everything as discussed above, on "Override scheduling and run VulnerabilityDownloader now?" getting a runtime error like:

              ERROR: Unhandled exception: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

              Let me know if I'm missing something above.

              1 Reply Last reply Reply Quote 0
              • ? This user is from outside of this forum
                Guest
                last edited by

                That error is not related ; it sounds like a connector issue. Perhaps your internal network is not trusting some certificate on like NuGet.org? With out more information, such as specifically what isn't working, when you get the error, etc, I can only guess.

                1 Reply Last reply Reply Quote 0
                • ? This user is from outside of this forum
                  Guest
                  last edited by

                  Hi,

                  Do vulnerability scan requires SSL connection?If yes than I have configured my proget site over SSL certificate and it should as expected right?

                  1 Reply Last reply Reply Quote 0
                  • ? This user is from outside of this forum
                    Guest
                    last edited by

                    This is unrelated.

                    When you configure ProGet for SSL, that means ProGet's users communicate with ProGet using SSL (HTTPS instead of HTTP). This has nothing to do with how ProGet communicates to external services.

                    Vulnerability scanning uses an HTTPS connection to a third-party website. Your server must not trust that site for whatever reason.

                    1 Reply Last reply Reply Quote 0
                    • ? This user is from outside of this forum
                      Guest
                      last edited by

                      My team is looking at using your service to scan packages within an internal Proget server. It appears from the source, in the GetPackageRequestStream method builds a JSON object (VorPackage) that ONLY sends feed type, group, and package name to Vor to check for vulnerabilities. Is there anything else sent to Vorsecuritty to determine vulnerabilities?

                      Reference:
                      https://github.com/Inedo/progetx-vorsecurity/blob/master/VulnerabilitySources/VorSecurityVulnerabilitySource.cs
                      https://inedo.com/support/tutorials/proget/configuring-a-vulnerability-source

                      1 Reply Last reply Reply Quote 0
                      • ? This user is from outside of this forum
                        Guest
                        last edited by

                        Correct; that, and the API key, are what get sent over.

                        1 Reply Last reply Reply Quote 0

                        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                        With your input, this post could be even better 💗

                        Register Login
                        • 1 / 1
                        • First post
                          Last post
                        Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation