Thank you for the pointers.
I think I finally got it working, though I must admit I'm still not a 100% sure what combination in what order actually led to success.
I'm already in contact with @apxltd about your planned SCA changes. I will try to write up what tripped me as part of that feedback.
There is updated documentation with step-by-step instructions here:
Hi @atripp,
We haven't updated the production instance to the version that introduced this feature yet, so nobody breathing down my neck. ;)
I'll wait for the official release, but thanks for the offer.
Have a nice weekend!
First of all thanks for adding the ability to list all packages for a given license on the package usage overview page (PG-2783), very helpful feature.
There seems to be an issue with listing packages that are matched to custom licenses. We have added a number of custom licenses to ProGet, to deal with proprietary packages that do not have OSS SPDX identifiers.
When clicking on the link to list the packages on such a custom license there is a 500 error on the next page:
Stack trace from error log page:
Stack trace: at Inedo.ProGet.WebApplication.Pages.Licenses.ListLicensePackagesPage.CreateChildControls()
at Inedo.ProGet.WebApplication.Pages.ProGetSimplePage.InitializeAsync()
at Inedo.Web.PageFree.SimplePageBase.ExecutePageLifeCycleAsync()
at Inedo.Web.PageFree.SimplePageBase.ProcessRequestAsync(AhHttpContext context)
at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
Ahh, took me a while to get it, but this is the dialog I was looking for.
It wasn't quite clear that the orange "Package Status is Deprecated" is actually a policy violation dialog, which is overriding this one here.
Thanks again.
Hello @atripp
Thanks for the feedback.
Just to double check: When the box shows "Package Status is Deprecated" it should also contain the custom deprecation reason, right?
Right now the box looks like in my screenshot above and I could not find any place where one could read the custom reason.
Or am I just looking in the wrong place?
ProGet Version 2024.15
1. Deprecation reason not visible
The custom deprecation reason does not seem to be visible anywhere anymore. If I recall correctly it was visible both in the ProGet UI and also Visual Studio.
VS package manager:
Any chance something got broken when that field was changed from a dropdown to a textbox?
2. License policy violation overrides deprecation status/reason
When a package is marked as deprecated and it also violates a license policy, the deprecation reason are not visible in the info box, instead only the license message is shown.
It would be good if the deprecation state and reason would always be visible regardless of policy compliance.
Inedo.ProGet was never updated on nuget.org since the initial deployment compared to pgutil. It looks like there have been a number of interesting additions looking at the source.
Any chance this package can be updated?
Always releasing it together with pgutil would also be appreciated.
Thanks for adding it to the roadmap.
From what I can see so far, there haven't been that many changes in the spec. For us mainly the author field changed.
Right now there is no immediate need. It might arise in the future if improvements or fixes are only being made available in the CycloneDX 4.x tooling.
CycloneDX .NET Runner 4.0.0 was just released and produces spec version 1.6 by default.
Do you guys already have plans for supporting this?
Hi Alana,
the API would have been my next option, thanks for the pointers to the scripts.
My colleagues want to use the deprecation feature in connection with SCA to better communicate package states.
When packages are being deprecated it is usually more than one package that is affected.
Could this bulk edit feature be implemented in the UI?