We are looking into doing vulnerability scans of our deployment packages in an efficient and pragmatic way. The idea is to download the latest version of all our deployment packages from the Octopus feed (or even more efficient, a delta) and let Nessus scan the files for vulnerabilities. Anyone got input on how to bulk download the latest version of each package in the internal nuget feed?
Hi Jasper,
Thank you for contacting Octopus Support.
Packages in the internal feed are located in the \Packages subdirectory of your Home directory, separated by Space. I would recommend scanning the files directly.
Let me know if you have any additional questions.
Regards,
Donny
Hi Donny,
That could be a possibility. In this case, I would have to filter out the newest version of each package manually, but still an ok approach.
Is there no way to query the NuGet feed directly?
Hi Jasper,
Thank you for getting back to me.
You may query the built-in feed for the latest package via the API with:
/api/Spaces-x/packages?filter=&latest=true&take=500
You may replace the '500" with the number of different packages
You can then combine that with the following to download the packages:
Let me know what you think.
Regards,
Donny
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.