Contains a Vulnerability Source which connects to Sonatype’s OSS Index. Previously, this was the Vor Security Extension.

  • About
  • Details
  • Release Notes
  • Installation

OSS Index Integration

The OSS Index extension provides a Vulnerability Source that will automatically import vulnerability reports from various public databases using a Sonatype OSS Index registered account.

All newly imported vulnerability reports are considered unassessed, which means that packages matching the vulnerability will be blocked until the report is assessed. An assessment involves an authorized user reviewing the report, choosing an assessment type (Ignore, Caution, Block), and leaving an optional comment.

First, you need to install the OSS Index Extension by going to Administration > Extensions > OSS Index.

Note: Sonatype acquired Vor Security in 2017, read the press release for more details. In ProGet v5.0 and earlier, this extension was named Vor Security.

If you're new to OSS Index, you'll need to create an account and become a register user. This can be done by visiting https://ossindex.sonatype.org/, selecting the user icon in the top right corner, and Register for an account.

Once logged into OSS Index, you can copy the API token.

After retrieving the API token from OSS Index, set it as your Vulnerability Source in ProGet by going to Administration > Manage Vulnerability Sources > Create Vulnerability Source.

Check out the documentation for more details on how the integration works.



No notes for this release

Download (requires inedox 1.0.0 or newer)

If your installation of inedox can access inedo.com, simply navigate to Admin > Extensions, and install or update extensions from the gallery.

You can also manually install the extension.

  1. Copy the extension file (VorSecurity.upack) to the Extension Library path (by default, this is %ProgramData%\inedox\Extensions).
  2. Restart the inedox Service (Admin > Service).
  3. Restart the inedox Web Application (Admin > All Settings > Save).
  4. Verify that the new extension has been loaded (Admin > Extensions)