Topics created by matt.wood_5559

Hi @matt-wood_5559, I think I understand what you're asking - basically you'd like to create a feed when some users see one set of packages, but other users see a different set? This is definitely not possible, and it's simply not something ProGet does from a design standpoint: i.e. "file-system type" granular permissions. While it might seem convenient or nice to give users "just a single URL" to access, it ends up makes things much more complicated to configure/use/maintain. Basically some users will get random "package not found" errors while others will build fine. It'd be very confusing and big headache. Instead, it's best to educate on different feeds/repositories, and help them use and request access as needed. Hope that helps, Alana

Ok that makes sense thanks, I can see the option to add addition files now.

Hi @matt-wood_5559, Our solution for Maven builds is to leverage CycloneDX to generate the SBOM, and then upload that SBOM to ProGet: https://docs.inedo.com/docs/proget-sca-java We had considered reproducing the functionality, but the only way to get dependency information from a Maven project is to create a Maven plugin and "watch" the build as it happens --- and that's already what CycloneDX does very effectively. If you can think of ways to make it easier to work with pgutil we're very open to that :) Thanks, Alana

Hi @matt-wood_5559, I might need a little more information / screenshots with what you're looking at here.... There could be a bug/oversight, etc. Perhps you could walk through steps / show screenshots of what you're seeing? If it's on maven central, we can then repro and take a look Thanks, Alana

Hi @matt-wood_5559, A Maven package's license is determined by the license field in the POM: https://maven.apache.org/pom.html#Licenses There are unfortunately no real standards here, and the author can put in anything from a SPDX Code (which is recommended, by the way) to a string like "Apache license" (which probably means apache 2.0, but who knows?). We would rather not guess what the author might have intended, so ProGet only detects licenses with SPDX codes and then lets you decide how assign which codes to other license types as you come across packages that don't follow SPDX. However, once you start associating those strings with licenses, it will work for future packages. Thanks, Alana

Hi @matt-wood_5559 , Looks like your account was added to My Inedo incorrectly due to a human error (someone manually added it on our end since you had been talking to sales)... but it looks like its already been corrected, and you have a working key to use now. You shouldn't have any issues going forward. Cheers, Alana