Topics created by harald.somnes.hanssen_2204

There is a lightweight standard for bom called cyclonedx though (https://cyclonedx.org/). Cyclonedx can be output as either xml or json, which can be consumed in an application such as dependency-track. The problem though, is that dependency-track consumes the bom file and does not keep it. Of course, it's possible to Asset Directory could be used as a bom repository, though pushing files to a git repository might be better in that regard, since it's easier to download the whole repo and compare files.

@harald-somnes-hanssen_2204 unfortunately not; a feed index provides details about only the latest version of a package. You need a separate query to find details about all versions of a package, and then would need to do that query for each package in an index Instead, it's better to just have a feed of approved packages that developers could use. This will let you also filter for other problems like quality. We recently published some advice about, but it's for nuget feeds. https://blog.inedo.com/nuget/package-approval-workflow It would work the same way for npm though

We have a lot of customers who maintain a separate test instance of ProGet; while upgrade testing is important of course, a dedicated testing instance also lets you evaluate new ProGet feature usage patterns (such as requiring promotion workflows, etc.), try out new tools (perhaps new version of visual studio, etc.), and conduct training on ProGet usage -- all without risking/disturbing your production instance. To keep things simple from a licensing perspective, we just treat testing instances separate instances (and thus require a separate license key). Many customers use a ProGet Free License for this, but of course not all the features are available. It's rare to see a second license be cost prohibitive, especially given the labor/server costs involved with maintaining a testing instance -- even ProGet Enterprise customers will have full instances just for testing and even DR purposes. You're right --- Active Directory is usually a pain point; sometimes our code changes (we try to never touch this), but also people want to change their AD configuration (move to LDAPS, etc.). Wrong settings, and you can lock-out your instance. If it's an uncommon / one-off testing case then a temporary trial license is fine for this.

At the very least, a bulk operation would help.

Hi @harald-somnes-hanssen_2204, Thanks for sending this over to us. It is very helpful! We will definitely be discussing this further as a team! Thanks, Rich

Hi @harald-somnes-hanssen_2204, The fix is scheduled for release in ProGet 5.3.16 which is due out on Friday. I'll reply back if anything changes. Thanks, Rich

Hello; That was a mistake/typo in the docs, which i've since corrected; https://github.com/Inedo/inedo-docs/commit/cd7091e8eaf37939949d0681f137a78d579acbc6 The correct url is https://«proget-server»/«feed-name»/«packageName»/«versionNumber[optional]» But note, that's only for NuGet package. You can easily find the download url for any package from the UI, by looking at the Download button on the package page. Cheers, Alana

If there is a guide somewhere, how to traverse and push, then sure. But I haven’t found such a thing. The only thing I’ve heard from other forums is a question: Is ProGet really a good option for Maven? As with you, I don’t have much knowledge about maven. Working on it though, but as you’ve mentioned, it’s just weird. However, I’ve got a hunch it’s sort of like a file repository. Where everything connected to a version is put into a folder and pom. Unlike nuget where a package contains a version and lists of dependencies in the nuspec file. I don’t really know, but that’s my impression of maven vs nuget. I’d suggest you guys should invest time in the types of products your customer might come from. Don’t underestimate the power of a guide, easy transitions and quality checks to reassure customers. Look at Octopus Deploy how much effort they do, I rarely have issues figuring out how to do stuff with their features. By the way, I appreciate that ProGet Free has enough features to let me do a POC. Only Nexus Sonar is at the same level as ProGet free when it comes to the amount of repository support.

The Integrated Web Server doesn't have many features, including request logging and tracking. So in this case, you'll want to upgrade to IIS: Please refer to KB#1013: Hosting Through IIS Instead of the Integrated Web Server