- BuildMaster
- Getting Started with BuildMaster
- Builds and Continuous Integration
- What is a "Build" in BuildMaster?
- Git and Source Control
- Git Pipelines and Workflows
- Build Scripts & Templates
- Packages & Dependencies
- Build Artifacts
- Automated Testing & Verification
- Deployment & Continuous Delivery
- What is a “Pipeline” in BuildMaster?
- CI Server (Jenkins, TeamCity, etc.) Integration
- Deployment Scripts & Templates
- Automatic Checks & Approval Gates
- Manual Deployment Steps and Tasks
- Databases
- Configuration Files
- Rollbacks
- Advanced CD Patterns
- Applications & Releases
- Connecting to your Servers with BuildMaster
- Scripting in BuildMaster
- Configuring for Your Team
- Docker/Containers
- Development Platforms
- Deployment Targets
- Tools & Service Integrations
- Reference
- BuildMaster API Endpoints & Methods
- Extending BuildMaster
- Built-in Functions & Variables
- Applications
- Builds
- Configuration Files
- Containers
- Credentials
- Databases
- Deployables
- Environments
- Executions
- Files
- General
- JSON
- Linux
- Lists
- Maps
- Math
- Nuget
- Packages
- Pipelines
- PowerShell
- Python
- Releases
- Servers
- Strings
- XML
- Built-in Operations
- Azure
- Batch
- BuildMaster
- Configuration Files
- Databases
- DotNet
- Files
- Firewall
- General
- Apply-Template
- Attach Package
- Build
- Checkout-Code
- Close-Issue
- Concatenate-Files
- Copy-Files
- Create-Directory
- Create-File
- Create-Issue
- Create-Issue
- Create-IssueComment
- Create-Package
- Create-ZipFile
- Delete-Files
- Download-Asset
- Download-Http
- Ensure-Directory
- Ensure-File
- Ensure-HostsEntry
- Ensure-Metadata
- Ensure-Milestone
- Ensure-Package
- Ensure-Release
- Ensure-Tag
- Exec
- Execute Python Script
- Execute VSTest Tests
- Get-Http
- Install-Package
- OSCall
- OSExec
- Post-Http
- Push-PackageFile
- PYCall
- PYEnsure
- Query-Package
- Remediate-Drift
- Rename-File
- Repackage
- Replace-Text
- Send-Email
- Set-FileAttributes
- Set-Variable
- SHEnsure
- Sleep
- Transfer-Files
- Transition-Issues
- Upload-Assets
- Upload-Http
- Upload-ReleaseAssets
- Git
- IIS
- Nuget
- PowerShell
- ProGet
- Python
- Registry
- Servers
- Services
- Shell
- Windows
- Administration
- Installation & Upgrading
- ProGet
- Getting Started with ProGet
- Packages: Managing & Tracking
- Feeds Types & Third-Party Packages
- What is a "Feed" in ProGet?
- What is a "Connector" in ProGet?
- NuGet (.NET)
- PowerShell
- Chocolatey (Windows/Machine)
- RubyGems (ruby)
- Visual Studio Extension (.vsix)
- Maven (Java)
- npm (Node.js)
- Bower (JavaScript)
- Debian (Apt)
- Helm (Kubernetes)
- PyPI (Python)
- Conda (Python)
- RPM (Yum)
- Alpine (APK)
- CRAN (R)
- pub (Dart/Flutter)
- Other Feed Types
- Universal Packages & Feeds
- UPack Overview
- Universal Packages
- Virtual Packages
- Tools and Libraries
- Universal Package Registry
- Downloads & Source Code
- Universal Feed API
- Asset Directories & File Storage
- Docker and Containers
- Replication & Feed Mirroring
- Software Composition Analysis (SCA)
- Security and Access Controls
- Cloud Storage (Amazon S3, Azure Blob)
- Administration
- Installation & Upgrading
- API Endpoints & Methods
- Otter
- Getting Started with Otter
- Orchestration & Server Automation
- Connecting to your Servers with Otter
- Collecting & Verifying Configuration
- Drift Remediation / Configuration as Code
- Scripting in Otter
- Configuring for Your Team
- Installation & Upgrading
- Administration & Maintenance
- Reference
- Otter API Reference
- OtterScript Reference
- Built-in Functions & Variables
- Executions
- Files
- General
- JSON
- Linux
- Lists
- Maps
- Math
- PowerShell
- Python
- Servers
- Strings
- XML
- Built-in Operations
- Batch
- Docker
- DotNet
- Files
- Firewall
- General
- Apply-Template
- Collect Debian Packages
- Collect RPM Packages
- Collect-InstalledPackages
- Concatenate-Files
- Copy-Files
- Create-Directory
- Create-File
- Create-Package
- Create-ZipFile
- Delete-Files
- Download-Asset
- Download-Http
- Ensure-Directory
- Ensure-File
- Ensure-HostsEntry
- Ensure-Metadata
- Ensure-Package
- Exec
- Execute Python Script
- Get-Http
- Install-Package
- OSCall
- OSExec
- Post-Http
- Push-PackageFile
- PYCall
- PYEnsure
- Query-Package
- Remediate-Drift
- Rename-File
- Repackage
- Replace-Text
- Send-Email
- Set-FileAttributes
- Set-Variable
- SHEnsure
- Sleep
- Transfer-Files
- Upload-Assets
- Upload-Http
- IIS
- Otter
- PowerShell
- ProGet
- Python
- Registry
- Servers
- Services
- Shell
- Windows
- Installation & Maintenance
- Windows (Inedo Hub)
- What is the Inedo Hub?
- Configuring & Maintaining Inedo Products
- Offline Installation (no Internet access)
- HOWTO: Install on Windows
- HOWTO: Upgrade or Downgrade with the Inedo Hub
- HOWTO: Install Pre-release Product Versions
- HOWTO: Configure Your Inedo Product to Run As a Windows Domain Account
- Silent/Automated Installation Guide
- Legacy (Traditional) Installer
- Linux (Docker)
- Manual Installation
- High Availability & Load Balancing
- LDAP/AD Integration
- IIS & Web Hosting on Windows
- Logging & Analytics
- SAML Authentication
- Upgrading your Inedo Product
- Managing Agents and Servers
- Backing Up & Restoring
- Installation Configuration Files
- SQL Server & Inedo Products
- Windows (Inedo Hub)
- Inedo Agent
- What is the Inedo Agent?
- Installation & Upgrading
- Downloads & Release Notes
- Maintenance & Configuration
- Internal Architecture
- MyInedo
- OtterScript (Execution Engine)
- Reference
- OtterScript
- Inedo Execution Engine
- Operations & Functions
- Text Templating
- Resource Pools
- Runtime Variables
- Advanced Scenarios & Features
- Statements and Blocks
- Romp (Discontinued)
- Using Romp
- Installing, Configuring, and Maintaining
- Romp CLI Reference
- Package Layout
- Downloads & Source Code
- Extensibility
- Inedo SDK
HOWTO: Receive Alerts for Deprecated Packages in Use
ProGet 2025 will introduce OSS Metadata Updating & Caching for open-source packages you're using from public repositories, helping you ensure the packages you're using haven't been deprecated, unlisted, or are outdated. This is currently available in ProGet 2024.12 as a preview feature supporting NuGet and npm feeds.
Deprecated packages are those no longer recommended for use due to being replaced by newer versions, containing security vulnerabilities, or no longer being actively maintained. Continuing to use deprecated packages can lead to security risks and compatibility issues that can impact the stability and functionality of your software.
Receiving alerts when a package becomes deprecated allows you to quickly address these issues, ensuring your application remains secure, reliable, and up-to-date.
This article will explain how to configure policies for deprecated packages, and set up alerts for when deprecated packages are in use.
Step 1: Enable OSS caching
Start by navigating to "Administration Overview" and selecting "OSS Metadata Updating & Caching".
Next select "Enable"
Step 2: Configure Policies for Deprecated Packages
Return to "Administration Overview" and select "Package Policies & Rules".
Then select "edit" under the "Global" policy.
Next, select "edit" under "Other Rules".
From here, set "Deprecation Rule" as "Noncompliant" and select "Save".
Step 3: Set Up Alerts
Return to the "Administration Overview" once more and select "Notifiers and Webhooks".
From here select "Create Notifier".
Now set "Event Type" as "Package Status Changed", and set "Action" to your preferred notifier (email, Slack or Teams message, etc.), along with the relevant email or URL.
Finally, select "Save" to create this notifier, which will now be sent when a deprecated package is in use.
Step 4: Optional: Customize Conditions & Messages
When creating the notifier in Step 3, you have the choice of setting some additional options:
Conditions
On this tab you can set the notifier to run on specific feeds only, or for packages that match specific criteria.
This includes using advanced conditions like triggering notifications only for packages with a vulnerability score above a certain threshold (e.g., $Compare($VulnerabilityScore,>=,7.5)) or based on patterns in package names (e.g., $MatchesRegex(\(PackageName, "^MyPackage\.*\)")). These conditions give you more control over when notifications are sent.
Custom Message
You can create a customized text to be sent, be it email, slack or teams message, or customized webhook:
You can personalize these messages using variables and expressions. Your notifications can include dynamic content such as package details, user actions, or data from third-party APIs. Additionally, custom webhooks can be configured to integrate with external tools, enabling automated workflows or audits.
For more details and examples, take a look at Customizing Content & Webhooks and Variables & Expressions.