Migrating from Sonatype Nexus to ProGet

Reply to Migrating from Sonatype Nexus to ProGet on Mon, 04 May 2026 19:10:19 GMT

pg_user_8607 — Mon, 04 May 2026 19:10:19 GMT

Hi there,

I’m currently evaluating ProGet as an alternative to Sonatype Nexus, and I have to say the product looks very promising so far—great work

I have a couple of questions:

Authentication exclusions

In our previous Nexus setup, we had certain endpoints excluded from authentication due to compatibility issues with other tools. I attempted to recreate this behavior in ProGet.

With the current configuration, accessing https://proget-test.some-company.net/nuget/internal-nuget/v3/index.json still requires authentication. Am I misunderstanding the configuration? Do these rules need to be inverted?

My goal is to have security enabled by default, with explicit exceptions for certain paths.

Vulnerability analysis updates

On the vulnerability search page https://security.inedo.com/vulnerability/search?showOnlyInedoAnalysis=True the most recent entry appears to be from January 16, 2026. Is there a reason there haven’t been newer analyses published since then?

Prometheus / OpenTelemetry integration

The documentation mentions that “by integrating Prometheus with Inedo products, users can gain real-time visibility into metrics, detect anomalies, and address issues” (see: https://docs.inedo.com/docs/installation/logging/installation-prometheus), which I completely agree with. However, from what I can tell, ProGet itself does not currently expose any Prometheus-compatible metrics. Is that correct? Are there any plans to add native Prometheus and/or OpenTelemetry support to ProGet? From an operations and observability perspective, I think this would be an excellent fit.

Thanks in advance for your help — I appreciate it.

Roadmap

https://inedo.com/products/roadmap looks outdated

Best regards,
K

Reply to Migrating from Sonatype Nexus to ProGet on Tue, 05 May 2026 02:51:40 GMT

apxltd — Tue, 05 May 2026 02:51:40 GMT

Hi @pg_user_8607 ,

Thanks! If you haven't already, please do check out our Migrating from Sonatype to ProGet guide.

[1] This is a common configuration, and it looks like anonymous is allowed based on the screenshot. It's hard to say withtout more troubleshooting. I would try using the Test Privileges function , which allows you to select a user, feed, and then it will show you all the task attributes available.

[2] To be honest, our users have not found those analyses to add any real value (outside of describing what the library does). So, starting in Q1 we've shifted our research efforts to align with the big changes to vulnerability management in ProGet 2026, including Category 5 Vulnerability Research. Check out the Vulnerability Management Done Right with ProGet guide to learn more about what's coming!

[3] No plans... in retrospect, there's no value in monitoring activity outside of checking the /health endpoint periodically. In fact, we've seen the opposite -- even monitoring HTTP traffic for abnormalities creates false positives that just wastes everyone's time.

For example, if NuGet.org is having an outage, then your NuGet feeds connect to nuget.org will run slow, as the connector times out.

[4] I suppose so! We'll update once we get ProGet 2026 out :)

Cheers,

Alex

Reply to Migrating from Sonatype Nexus to ProGet on Tue, 05 May 2026 05:58:19 GMT

pg_user_8607 — Tue, 05 May 2026 05:58:19 GMT

Thank you for the detailed response! I see your points. I will check the links :)

Reply to Migrating from Sonatype Nexus to ProGet on Tue, 05 May 2026 07:28:48 GMT

pg_user_8607 — Tue, 05 May 2026 07:28:48 GMT

On my test instance i ran the "maven.org Full Maven Connector Index Job" manually but it seems to have crashed. Now ProGet does not start anymore because it can't reach the database. I already restarted the docker container but that didn't fix the issue.

How to get the logs from the built in database to check what's wrong?

I already checked https://docs.inedo.com/docs/installation/postgresql but the troubleshooting info did not help:

root@dc6f66f82da3:/usr/local/proget/service# ./proget query --file=-
unexpected argument: query
unexpected argument: --file=-

Description:
  Hosts the ProGet service and performs various operations.

Usage:
  proget [command] [options]

Commands:
  run                 Runs the ProGet service.
  resetadminpassword  Switches to the built-in user directory and changes the Admin account password to "Admin".
  upgradedb           Upgrades the database schema version to this version of ProGet.
  database            Commands for performing database maintenance operations

Reply to Migrating from Sonatype Nexus to ProGet on Tue, 05 May 2026 08:18:16 GMT

pg_user_8607 — Tue, 05 May 2026 08:18:16 GMT

I checked the /var/log/postgresql/postgresql-17-main.log file but it is empty.

Reply to Migrating from Sonatype Nexus to ProGet on Tue, 05 May 2026 13:48:24 GMT

stevedennis — Tue, 05 May 2026 13:48:24 GMT

Hi @pg_user_8607 ,

Can we move this issue to a new topic? I would "split" it for you, but then it won't show up on our dashboard when a reply comes through.

Separate threads make it a lot easier to manage things on our end and keep track of things better :)

But before you do that, just a hint - look at the container output startup logs. Basically just run without the -d and you'll be able to see the console output, and post anything related to the databse there.

Thanks,
Steve

Reply to Migrating from Sonatype Nexus to ProGet on Wed, 06 May 2026 16:47:33 GMT

stevedennis — Wed, 06 May 2026 16:47:33 GMT

@pg_user_8607 sorry I accidently deleted that when trying to fork it into a new topic... I briefly saw the logs and wanted to review w/ team to see if we can figure them out

Can you repost them again as a new topic? Thanks, we can then track it separately.