Featured
Posted by
Crista Perlton on June 23rd, 2026.
Modern applications often rely on hundreds of open-source and third-party packages, making it difficult to track exactly what software is being used across an organization. Without visibility into package usage, teams can struggle to identify vulnerable, deprecated, or non-compliant dependencies and understand their impact on...
Featured
Posted byCrista Perlton on June 11th, 2026.
Software Bills of Materials (SBOMs) have become an increasingly important part of software development. Whether you’re being asked to provide an SBOM to customers, improving supply chain visibility, or simply trying to understand exactly what dependencies your applications contain, having an accurate inventory is becoming a...
Featured
Posted byCrista Perlton on May 28th, 2026.
If you’ve used ProGet for a while, you may have heard of pgutil, but maybe never really dug into what it does or why you’d use it. Simply put, pgutil is ProGet’s cross-platform command-line tool for managing your instance without having to do everything through the web UI. It’s especially useful for automating repetitive tasks, scripting...
Featured
Posted byCrista Perlton on April 16th, 2026.
Having uncontrolled package dependencies can lead to some unintended consequences, like version conflict and even malicious and vulnerable packages. Let’s see what happens when you let those dependency trees go unchecked.
Featured
Posted byCrista Perlton on December 24th, 2025.
If you work with CI/CD pipelines, artifact repositories, or DevOps workflows, you’ll be familiar with Amazon S3. It’s flexible and widely used, but as your repository grows, costs can add up fast. Storage is just one piece of it; request charges and egress fees can catch teams off guard, especially when traffic spikes. As you...
Featured
Posted byCrista Perlton on December 11th, 2025.
If you’re managing projects that rely on multiple teams delivering consistent components, you’ve probably noticed the chaos that comes from storing build artifacts and libraries in shared folders. Each team has its own way of organizing files, versions get mixed up, and no one really knows which asset the project should be using....
Featured
Posted byCrista Perlton on December 9th, 2025.
You’re likely pulling OSS packages straight from NuGet.org, npmjs.com, or PyPI.org, via the CLI. It’s the path of least resistance and the fastest way to get what your teams need. But without something sitting in the middle, it’s hard to know exactly what’s being pulled in or whether it meets your org’s requirements. When you pull OSS...
Featured
Posted byCrista Perlton on December 4th, 2025.
Internal registries are a smart way to manage OSS packages. They let you curate reusable code for your apps and cut down on risky repeat pulls from the wild. But when every team spins up its own siloed registry and tooling sprawls across the org, you end up with duplicate work, outdated packages, and security headaches that didn’t need...
Featured
Posted byCrista Perlton on November 28th, 2025.
Inedo’s newest whitepaper, “Migrating from Sonatype to ProGet,” releases this month and is available online. Migrating from Sonatype Nexus to ProGet is more than just copying your packages over. Nexus spreads its features across different products—Repository, Lifecycle, Firewall—while ProGet rolls everything together:...
Featured
Posted byCrista Perlton on November 25th, 2025.
Many teams pull open-source packages into their projects without thinking twice. They might stash them locally, pass them around through CI pipelines, or build and test on their own. But without internal repositories or any guardrails in place, each team ends up working in its own bubble. That kind of flexibility can feel great at first,...
Crista Perlton on June 23rd, 2026.