<![CDATA[Dependency Confusion in ProGet]]>Hello,

We currently have a pipeline dedicated to detecting dependency confusion, but it takes around six hours to scan all artifacts. Does Inedo provide a native API or built-in capability to perform the same kind of analysis?
Regards

]]>https://forums.inedo.com/topic/5739/dependency-confusion-in-progetRSS for NodeFri, 01 May 2026 12:25:25 GMTFri, 01 May 2026 09:28:14 GMT60<![CDATA[Reply to Dependency Confusion in ProGet on Fri, 01 May 2026 09:28:14 GMT]]>Hello,

We currently have a pipeline dedicated to detecting dependency confusion, but it takes around six hours to scan all artifacts. Does Inedo provide a native API or built-in capability to perform the same kind of analysis?
Regards

]]>https://forums.inedo.com/post/19616https://forums.inedo.com/post/19616Fri, 01 May 2026 09:28:14 GMT<![CDATA[Reply to Dependency Confusion in ProGet on Fri, 01 May 2026 12:17:30 GMT]]>Hi @certificatemanager_4002 ,

This is really easy to do in ProGet and no need for a "scan". I can't even imagine how such a "scan" could work.

Anyway, you just simply need to add a connector filter that prefixes your internal packages. For example, our filter for NuGet packages would look like Inedo* - which prevents any package named that coming through a connector.

Check out this article to get some more details:
https://blog.inedo.com/software-supply-chain-security/three-things

Thanks,
Steve

]]>https://forums.inedo.com/post/19618https://forums.inedo.com/post/19618Fri, 01 May 2026 12:17:30 GMT