Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
proget 2023 - topology
-
hi,
i want to use the free edition in the following configuration:- dmz - will connect to internet for external repositories and vulnerability checks and oss and vulnerability db download.
- lan - will connect to dmz
- airgapped - will import everything from lan
what i need to know is: - will the lan instance be able to download from the dmz instance (not directly from internet) all the db off the vulnerabilities and scan results ?
- how can i transfer all the vulnerability db and oss index information to the airgapped server ?
- if i want to retain all the vulnerability information on packages including scans and oss index and sonatype checks, what is the correct configuration ? should i create a self hosted feed which connect to a feed with a connector to npmjs.org for ex. ?
Regards,
Udi
-
Hi @udi-moshe_0021 ,
Your configuration is not possible.
- ProGet Free Edition does not support vulnerability scanning, so this is not possible in any scenario (airgap or online). You will need at least ProGet Basic to have some vulnerability support.
- ProGet Free Edition does not support connecting to other ProGet instances. You will need at least three ProGet Basic licenses to have three instances (dmz, lan, and airgapped)
Your configuration is possible with ProGet Basic. ProGet paid editions include an offline vulnerability database that will be updated every time you upgrade ProGet.
Note that, after a steady decline in service and data quality, ProGet no longer relies on the free, third-party OSS Index. Instead, ProGet uses industry-leading vulnerability and malicious package detection from our own Inedo Security Labs. OSS Index integration will be fully removed in ProGet 2024.
-
Hello @atripp ,
thank you very much for your answer.
i went through the licensing module for proget free in the documentation and i was under the impression that i can do this configuration, this is why i posted this. what was i missing ?
regarding the vulnerability db, i was able to perform download to the test server i have and it was successful and i want to copy that db to the airgapped server, is it possible ? from the tests i made, i saw vulnerabilities in reference to packages that i have downloaded and it is enough for me for now. i saves me the task of going to the internet and find this info myself.
-
Hi @udi-moshe_0021,
Here is the license restrictions per edition:
https://docs.inedo.com/docs/proget-administration-licenseVulnerability Scanning is not available n ProGet Free; you would need a paid license for that. You may see some information in ProGet free, but it's mostly intended to bring awareness to the feature and encourage users to evaluate/purchase the software.
Cheers,
Alana
-
Hi @atripp ,
thank you very much.