ProGet as a Private NuGet Server or Proxy
NuGet is the place for .NET and C# development. But when a third party owns and curates your packages, you have less control. And unrestricted access to third-party NuGet packages can introduce unwanted license agreements, vulnerabilities, and more problems to your code.
Instead of accessing NuGet.org directly, you could set up nuget.server to host the packages you need. But this supports only a single feed. And in the development world of 2020, how many organizations are using just one feed?
For a solution that supports as many NuGet feeds as your organization requires, you need ProGet.
ProGet was born as a first-rate private NuGet server in 2012. We wanted to support NuGet developers who couldn’t be interrupted by NuGet Gallery downtime or who needed a completely private repository for their organization. In the years since its first release, ProGet has grown from a NuGet specialist to a package and container superhero.
ProGet as Your Private NuGet Server
First-party storage for first-party packages.
Sharing packaged code can save time and allow you to get expert code from someone else. No wonder NuGet.org is so popular. But what of proprietary .nupkg packages, packages you’ve created for internal-use in your organization? Luckily, there are other private NuGet server solutions like BaGet, LiGet, and our very own ProGet.
ProGet provides a secure, private home for first-party NuGet packages.
Instead of requiring dozens of nuget.server instances to give you multiple feeds and risking crashes, a single ProGet license does the trick. One ProGet customer experienced regular outages and crashes to the over 30 nuget.server instances they needed to do their work. Now, they rely on just one ProGet installation and experience zero downtime.
And with Symbol and Source Server available out-of-the-box, you can maintain your internally created packages with zero extra work.
Security and Access Controls
Even if your organization is very small and staffed only by the most trustworthy people, nuget.server’s lack of security and user restrictions can present problems. But for large companies, feed-level privileges in ProGet give the granular control needed to secure your work. And with feed-level privilege controls (automatically, if you integrate with AD/LDAP), you can define who may take what action in each feed, keeping different teams’ work as separate as you need. With ProGet as your private NuGet repository, your internal NuGet packages remain constantly accessible and secure.
Easily organize your packages and feeds and maintain security by keeping production-ready and -unready packages totally separate. Instead of a single type of NuGet feed, ProGet offers additional NuGet feed-types to indicate package status:
• Public (for third-party, production-unready packages)
• Private (for first-party packages)
• Validated (for approved, production-ready packages)
By separating packages using these different quality-based feeds, ProGet lets you add an additional layer of “insurance,” protecting Production from human error or misunderstandings.
ProGet provides a private server for your NuGet packages without the limitations of nuget.server.
ProGet as Your NuGet Proxy
First-party storage or caching for third-party packages.
When you need to use third-party, open-source packages, but your organization doesn’t allow access to sites like NuGet.org, you can’t just stop developing.
ProGet can “stand in front of” NuGet as your proxy to get 100% of the NuGet packages you need with 0% direct contact with the site.
A development free-for-all hurts business. If developers can go to NuGet.org and pull and use any package, risk of unwanted licenses, vulnerabilities, and more add risk to your production instance. This adds security and safety by filtering out unacceptable packages.
Package and metadata caching avoid developer interruptions by reducing response times and ensuring that your third-party packages are available even if NuGet.org is running slow or goes down. ProGet as your NuGet proxy also avoids the loss-of-face and possible legal troubles of bringing unacceptable packages into your organization.
Access NuGet.org packages with greater security and more consistent up-time with ProGet.
More than a Proxy
If ProGet was just a proxy or a private NuGet server, it’d be great at it. But ProGet does so much more to add security and reliability to your .NET and C# development.
Keep your NuGet packages separated by team or by quality without the awkward, time-consuming transfer between feeds. Package promotion copies a package between feeds in just three clicks. And a package promotion pipeline restricts the ‘promote to’ feed, adding an extra layer of privilege controls.
Further delineate production-ready packages while keeping packages immutable with repackaging. Once a package has passed prerelease testing, ProGet lets you easily repackage it as release-quality.
License Detection and Blocking
Protect yourself and your organization from the liability of unwanted licenses. License detection and blocking in ProGet reads package metadata to alert you of licenses present. You can then configure ProGet to block (or allow) certain license types, like GNU-3.
Let ProGet automatically record deployment information from BuildMaster or OctopusDeploy. See where package versions have been deployed and find vulnerable servers more quickly when a vulnerability is discovered in a package.
ProGet and NuGet – Together
.NET development with confidence, availability, and privacy: Protect your NuGet development with ProGet.