Getting Started with ProGet Tutorial 

In this short tutorial, you’ll get started with some of ProGet’s most foundational actions:

Once you’ve set up a ProGet instance, you’ll have a private NuGet feed that will cache and filter packages from NuGet.org and can be later configured to scan for vulnerabilities and detect unwanted licenses. 

To get started, all you need an installation of ProGet. If you haven’t already, you should start by downloading ProGet. The download and install takes about five minutes, and you will have your NuGet Feed set up about three minutes after that! If you want to do the last step of this tutorial, you’ll also need Visual Studio. This tutorial is also available as a video.

Creating a Feed

From a clean ProGet instance, you’ll start by creating a feed.

A feed is a private repository for your own applications and components. Feeds are used to store packages, container images, or other assets. Users can easily see what’s available to download in a feed. 

In this case, you’ll be creating a NuGet feed, a package format developed by Microsoft to distribute free and open-source .NET libraries. Typically, these packages are publicly available on NuGet.org and are consumed by Visual Studio or the nuget.exe command-line client.

To begin, simply click “Create New Feed.”

This will bring up a host of different feed types you can create.

Select the package type of your choice. In this tutorial, you’ll select “NuGet Packages” as the type.

You’ll then see a pop-up with some different options. Name the feed (we used “public-nuget”), and since this example will be caching and filtering packages from NuGet.org, make sure the Free/Open Source packages option is selected for Feed Usage. Then select “Create New Feed,” and feed is created.

As it’s a new feed, it has nothing in it until we populate it. For that, you’ll next create a connector in ProGet.

Add a Connector

Connectors allow ProGet feeds to include packages from an external source. This lets you get packages from, in this case, NuGet.org into your private repository so that you’ll have a private store of your NuGet packages instead of relying on the NuGet site.

On your feed overview page for public-nuget, there is an option to “Add Connector”; select that.

There is already a feed type (NuGet) and the proper connector URL filled in. For new connectors, selecting a feed type will automatically set the connector URL to the default endpoint for that feed type.

Click “Save,” and ProGet will show a list of available packages that can be cached and filtered in the public-nuget feed you’ve created.

You’ll also see a prompt with information about how to connect ProGet to Visual Studio, which you’ll do next.

Add ProGet as NuGet Package Manager in Visual Studio

In Visual Studio, from the top navigation, select Tools > NuGet Package Manager > Package Manager Settings.

In the prompt that appears, select “Package Sources.”

Next, deselect NuGet.org and click on the green plus (+) symbol to create a new package source.

This will automatically create a new source with information at the bottom of the prompt box. For our example, we’ll rename the source “ProGet Feed.”

Change the source URL using the API endpoint URL, which you can find this on the Feed Overview page in ProGet.

Select “Update” and “OK,” and Visual Studio will now use the ProGet feed as the place to pull packages from.

Confirm this by using package manager console and searching for package.

Congratulations! You’ve just set up a basic NuGet feed in ProGet with a connector and an API endpoint connection to Visual Studio.

What’s Next?

Configure License Detection

When using third-party, open-source packages in your application, you agree to whatever licensing terms the packages’ authors specify. For example, if you were to use a GPL-3.0-licensed package, you would be required to open-source your application and then license it under GPL-3.0. If your organization failed to do that, it could face a lawsuit from the package authors or other legal liabilities. ProGet allows you to filter by license type.

Promote Packages

Not all free/open source packages belong in your production applications. With package promotion, you can ensure that only NuGet packages that meet your internal quality standards get used in production-ready code.

Configure Retention Rules

As you download and cache more and more public packages, your disk space will quickly fill up with old and unused packages. You can configure retention rules to automatically reclaim disk space by deleting old or unused packages that meet criteria you define, such as unused or old versions.