Hello; I've updated the documentation to clarify this, but it's available starting in ProGet 5.2.9. So, you'll need to upgrade to enable it :)
Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
atripp
@atripp
C# developer by trade, but writing less and less code and more and more specs.
89
Reputation
1.7k
Posts
190
Profile views
2
Followers
0
Following
Best posts made by atripp
-
RE: Service Health API call returning 404posted in Support
-
RE: NPM Connector returns plus "+" in versionsposted in Support
Thanks for the update! I've noted this in the docs, and linked to this discussion :)
https://github.com/Inedo/inedo-docs/commit/d24087911584bbda833314084a58c2ae1ff41c39
-
RE: [ProGet] [NativeApi] NpmPackages_DeletePackage not working.posted in Support
Hello,
That API will only delete package metadata from the database, not from disk. It's mostly intended for internal use only, and probably shouldn't be exposed to the API. In any case, we don't store the
@with internally, so if you change@myscopetomyscopeit should work.Note that the NPM doesn't provide a way to delete packages, and we never implemented it. There hasn't been any demand for it to date, as people don't really delete packages programmatically - but you're definitely welcome to submit a feature request and help us understand why it'd be a value (like, the workflow you use that requires deleting packages, etc).
Alana
-
RE: Creating PowerShell repository, protecting pull/download by API keyposted in Support
Hello, for sure!
It's pretty easy; just don't give the
Anonymoususer any access to your feeds, and then authentication will always be required, either when browsing the ProGet application or using the API (such asInstall-Module).When you use the Register-PSRepository command, you can the
Credentialoption to specify a credential.This credential can be the name/password of a user inside of ProGet (let's say,
Admin:Admin), or it can be username ofapiwith a password of an api key you've configured (so,api:my-secret-key).
-
RE: Restricting API access to View/Downloadposted in Support
Hello;
The Native API is for low, system-level functions, and it's "all or nothing". If you give someone access to Native API, you are effectively making them an administrator, as they can also change permissions and grant admin privileges. So, I don't think you want this. Instead, you'll want to use the Debian API endpoint that we implement.
It's a third-party API format
In order to support third-party package formats types like NuGet, npm, etc., ProGet implements a variety of third-party APIs. We only provide minimal documentation for these APIs, as they are generally either already documented elsewhere. However, you can generally find the basics by searching for specific things you'd like to do with the API, such as "how to search for packages using the NuGet API" or "how to publish an npm package using the API".
So in this case, I recommend to search "how to view and download apt packages".
-
RE: PyPI package not shown in search results accessible via urlposted in Support
I'm not very familiar with PyPi packages, but I know there are some oddities with
-and_, and that they are sometimes supposed to be treated the same, and sometimes not. We don't totally understand all the rules, to be honest (even after reading PEP503 specifications).In this case, the package is actually
websocket_client, notwebsocket-client.See: https://pypi.org/project/websocket_client/
When you search for
websocket_clientin ProGet, it shows up, as expected.
-
RE: How to find out package disk space?posted in Support
In ProGet 5.3, we plan to have a couple tabs on each
Tag(i.e. container image) that would provide this info: Metadata (will be a key/value pair of a bunch of stuff), andLayerswill show details about each of these layers.That might help, but otherwise, we have retention policies which are designed to clean up old and unused images.We'll also have a way to detect which images are actually being used :)
-
RE: [BUG - ProGet] Not able to remove container descriptionposted in Support
As @apxltd mentioned, we've got a whole bunch planned for ProGet 5.3.
I've logged this to our internal project document, and if it's easy to implement in ProGet 5.2 (I can't imagine it wouldn't be), we'll log it as a bug and ship in a maintence release.
Do note, this is not an IMAGE description, it's a REPOSITORY (i.e. a collection of images with the same name, like
MyCoolContainerApp) description; so this means the description will be there on all images/tags in the repository.
-
RE: [Question - ProGet] Are versions amount wrong ?posted in Support
You're right, I guess that's showing the "layers" instead of the "tags"; I think it should be showing container registries separately (they're not really feeds), but that's how it's represented behind the scenes now.
Anyways we are working on ProGet 5.3 now; there's a whole bunch of container improvements coming, so I've noted this on our internal project document, to make sure we get a better display for container registries.
-
RE: Anonymous user can see list of packages and containersposted in Support
@Stephen-Schaff thanks for the bug report, I verified that this may happen depending on permission of user, and which feeds they can/can't use --- but it seems an easy enough fix that we can do via PG-1894 (targeted to next release) - the packages can't be viewed upon clicking, but it's a sub-optimal experience for showing packages they can't see
Latest posts made by atripp
-
RE: Feature request - Feed "Other Settings" editorposted in Support
Hi @michal-roszak_0767 ,
Just as an update, we've added this to our roadmap planning for ProGet 2026.
We will begin that process later this year, after ProGet 2025 has been released (see road to ProGet 2025).
Cheers,
Alana
-
RE: Buildmaster fresh install / Unable to clone repositoryposted in Support
Hi @carsten_1879 ,
Can you try using
buildmaster:24.0.5instead of latest? There was a change in the Git library, and I'm wondering if this is a kind of regression on some platforms.Thanks ,
Alana
-
RE: Publish a Docker image from Gitlab pipeline using Kaniko to Progetposted in Support
Hi @pmsensi,
I'm sorry I'm not sure. The error
HTTP_1_1_REQUIREDindicates that an intermediary (e.g., proxy or load balancer) is rejecting HTTP/2 requests and requiring HTTP/1.1.So, I would check with the proxies or load balancers between Kaniko (running in your GitLab pipeline) and ProGet. I suspect it's interfering with HTTP/2 traffic, causing the server to fall back to HTTP/1.1.
Alternatively, you can try forcing Kaniko to use HTTP/1.1 instead of HTTP/2. I don't know how to do that, but there may be an
--insecureflag that may also work.Thanks,
Alana
-
RE: Image Scanningposted in Support
This error means there's some kind of problem/issue with the format of the blob file. Tar is a very finicky format, so we'd need to be able to recreate this in a lab/debug setting.
If you can create a simple repro case then we'd be happy to investigate further.
As for vulnerabilities, each version of ProGet ships with an offline database. So you should be fine as long as you upgrade semi-regularly.
Cheers,
Alana
-
RE: Feature request - PGUtil Assets creationposted in Support
@michal-roszak_0767 currently
maven2is a workaround, so it will continue to warm. In ProGet 2025,Mavenwill create the expected feed type.
-
RE: Feature request - PGUtil "Security" editorposted in Support
This is what I meant by the Security API -- a combination of HTTP Endpoints and
pgutilcommands. We will consider them for our ProGet 2026 roadmap.So until then you'll need to use the Native API; At this time the Native API is the option.
You can also check out @steviecoaster 's PowerShell module, which has some modules that can help https://github.com/steviecoaster/InedoOps
Thanks,
Alana
-
RE: Api-Call to get vulnerabilties by package and versionposted in Support
It looks like you're trying to do a
GETrequest, which is why it's not working.You need to
POSTan array of package identifiers like this:POST /api/sca/audit-package-vulns [ { "name": "NuGet.CommandLine" "version": "6.8.0" "type": "nuget" } ]Cheers,
Alana
-
RE: Feature request - PGUtil "Security" editorposted in Support
Just an FYI, we discussed creating/documenting/etc. a new security API (users, groups, permissions) for our ProGet 2025 roadmap, but decided against fitting it in. We'll reevaluate when it comes time to planning out ProGet 2026!
Thanks,
Alana
-
RE: PGUtil and "Maven (New)" Feedposted in Support
Ah, that must have been an oversight; trivial change but best we don't change it until ProGet 2025.
I think you can use
maven2as the type for now, it's the internal identifier. Later on, we will make itmavenandmavenlegacyThanks,
Alana
-
RE: Api-Call to get vulnerabilties by package and versionposted in Support
Hi @itadmin_9894 ,
It doesn't seem to be documented, but we do have a
pgutil packages auditcommand:$> pgutil packages audit --help Description: Analyzes a package for compliance issues Usage: pgutil packages audit [options] Options: --package=<package> (REQUIRED) Name (and group where applicable) of package --version=<version> (REQUIRED) Version of package Common Options (packages): --api-key=<api-key> ProGet API key used to authorize access --feed=<feed> Name of feed in ProGet --no-connectors Only include local (non-connector) package data in results --password=<password> ProGet user password used to authorize access --source=<source> Named source or URL of ProGet --username=<username> ProGet user name used to authorize access -?, --help Show help and usage information Examples: $> pgutil packages audit --feed=approved-nuget --package=Newtonsoft.Json --version=12.0.3 $> pgutil packages audit --feed=public-npm --package=@babel/runtime --version=7.25.0 $> pgutil packages audit --feed=private-pypi --package=Django --version=5.0.6 --filename=Django-5.0.6.tar.gzCheers,
Alana