Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 2 additions & 9 deletions Content/proget/sca/policies.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,6 @@ title: "Policies & Compliance Rules"
order: 1
---

:::(Internal) (Update Screenshots)
/resources/docs/proget-accord-licence-blocked.png
:::

Policies & Compliance Rules make it easy to clearly define what "compliant" means for open-source packages in different contexts. You can easily define rules about licensing, vulnerability, deprecation, etc. to block download/usage of noncompliant packages, while also having flexibility to create exceptions for known packages and "warn" for packages that are in-between.

:::(Info) (🔒 ProGet Enterprise Feature)
Expand All @@ -23,8 +19,6 @@ A set of rules is called a Policy, and you create additional Policies and use th

The easiest way to view or change the Policies that apply to a feed is by navigating to Feeds > Manage Feeds > Policies and Blocking.



![](/resources/docs/proget-policies-sharedpolicy.png){height="" width="50%"}

This page combines the feed's Policies into a single view, so you can easily see which rules will apply to packages in the feed. You can also see and edit an individual policy under Admin > Policies.
Expand All @@ -33,7 +27,7 @@ This page combines the feed's Policies into a single view, so you can easily see

Based on the feed's policies, packages will display a banner that indicates compliant, noncompliant, or warn.

![](/resources/docs/proget-accord-licence-blocked.png){height="" width="50%"}
![](/resources/docs/proget-licence-blocked.png){height="" width="50%"}


This status is the result of a *package analysis*, which occurs:
Expand Down Expand Up @@ -109,7 +103,6 @@ Although ProGet does not include any default rules for Specified Licenses, the G

![](/resources/docs/policies-default-license-rules.png){height="" width="50%"}


#### Creating Whitelist, Greylist, and Blacklist Policies
The *Unspecified License Rule* primarily serves to let you define a Whitelist-, Greylist-, and Blacklist-style policies.

Expand Down Expand Up @@ -275,4 +268,4 @@ We're not entirely sure what the use case would be (which is why creating them i
## ProGet 2023 and Earlier
Policies & Compliance Rules are a new feature for ProGet 2024, replacing the download blocking rules for [licenses (archive.org)](https://web.archive.org/web/20231210172007/https://docs.inedo.com/docs/proget-sca-licenses) and [vulnerabilities (archive.org)](https://web.archive.org/web/20230927141932/https://docs.inedo.com/docs/proget-sca-vulnerabilities) in which you could implement similar functionality.

When "Policies & Compliance Rules" is first enabled after updating from ProGet 2023 and earlier, existing license rules and vulnerability assessments will be used to create new policies that you can view, edit, and combine as described below. These policies will then be used to determine if a package download should be blocked.
When "Policies & Compliance Rules" is first enabled after updating from ProGet 2023 and earlier, existing license rules and vulnerability assessments will be used to create new policies that you can view, edit, and combine as described below. These policies will then be used to determine if a package download should be blocked.
24 changes: 13 additions & 11 deletions Content/proget/sca/vulnerabilities/#.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,6 @@ title: "Vulnerability Scanning & Assessment"
order: 3
---

:::(Internal) (Update Screenshots)
/resources/docs/proget-vulnerabilities-details.png

:::

ProGet can identify vulnerabilities in open-source packages, assess the exploitation risk in your environment, and help you decide which actions to take and when. This lets you monitor vulnerabilities across your CI/CD pipeline and production environments, and optionally block risky packages from being downloaded.

This article explains how vulnerability detection works and how you can configure blocking rules and assessments when a package is found to be vulnerable.
Expand All @@ -32,24 +27,31 @@ ProGet uses *PVRS Categories* to provide you with actionable, context-specific g
See [What is PVRS & PVRS Categories?](https://guides.inedo.com/vulnerability-management/categories/) to learn more.
:::


## Blocking Vulnerable Packages
If you have a paid version of ProGet, [you'll scan and block packages](/docs/proget/sca/vulnerabilities/howto) so that packages like this can't be used as well as assess vulnerabilities and comment as to why they're severe or okay for your organization.

:::(Internal) (pgutil builds scan/audit)
### Blocking Builds
- Summarize how to use ProGet SCA to block builds
- quick screenshot of pgutil blocking a build

![Select Blocked](/resources/docs/proget-pgutil-build-blocked.png){height="" width="50%"}
:::

### Blocking Downloads

You can also block downloads of the package file itself by navigating to Feed > Policies & Blocking.
You can also block downloads of the package file itself by navigating to Feed > Policies & Blocking, and selecting "Change Blocking Settings".

:::(Internal) (Update Screenshot)
![Download Blocked](/resources/docs/proget-vulnerabilities-blocked.png){height="" width="50%"}
![Select Blocked](/resources/docs/proget-feed-select-blocking.png){height="" width="50%"}

::info (Note: Configuring Download Blocking)
Note that download blocking is not configured by default. To block downloads select "Block noncompliant packages" in "Configure Download Blocking".
![Configure Blocked](/resources/docs/proget-feed-configure-blocking.png){height="" width="50%"}
:::

Non compliant packages will then be blocked from being downloaded.

![Download Blocked](/resources/docs/proget-vulnerabilities-blocked.png){height="" width="50%"}

When enabled on a feed, users will not be able to download blocked packages from the UI or use the API. Attempts to download the package from the API will result in a `404` error when:
* A vulnerability was assessed as severe enough to prevent downloads
* The vulnerability is unassessed, and you enabled the "block unassessed" rule on the feed
Expand Down Expand Up @@ -135,4 +137,4 @@ This means that:

As the security and vulnerability management practices evolved over the years, so has ProGet. While earlier versions of ProGet will behave differently than what's documented here, the functionality and workflows remain conceptually similar.

See the [archived documentation (github.com)](https://github.com/Inedo/inedo-docs/blob/f8d48bc98f0112c653819f565e5bab2a7a20c01d/Content/proget/sca/vulnerabilities/%23.md){ target="_blank"} to understand how earlier versions functioned, as well as the [ProGet 2026 Upgrade Notes](/docs/proget-upgrade-2025) to learn what changed recently.
See the [archived documentation (github.com)](https://github.com/Inedo/inedo-docs/blob/f8d48bc98f0112c653819f565e5bab2a7a20c01d/Content/proget/sca/vulnerabilities/%23.md){ target="_blank"} to understand how earlier versions functioned, as well as the [ProGet 2026 Upgrade Notes](/docs/proget-upgrade-2025) to learn what changed recently.
Binary file added Resources/proget-assessments-expiry.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Resources/proget-feed-configure-blocking.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Resources/proget-feed-select-blocking.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Resources/proget-licence-blocked.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Resources/proget-policies-licenses-select.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Resources/proget-vulnerabilities-blocked.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.