Migrating from Artifactory To ProGet

ProGet and JFrog’s Artifactory are both private package repository managers, but are different enough in frameworks and practices that migrating requires careful planning to avoid issues and disruptions.

This article introduces the key concepts you’ll need when working with ProGet, including:

• Feeds and Repositories
• Packages vs Files, and Docker Containers
• Self-Managing your Instance, Users and Security, and API Keys
• Vulnerability Management, Package Curation, and License Management
• Backup, Retention and Replication

Platform Differences

Artifactory is a “universal artifact repository”, storing artifacts in repositories and managing different file types. Other functionality, such as X-ray and curation, for detecting and preventing risky packages from use in builds, are separate components.

ProGet has this functionality out of the box, with integrated package management, build scanning, and governance.

In ProGet:

• Feeds replace repositories
• Feeds handle files as packages (NuGet, npm, PyPI, Docker, and more)
• SCA and license scanning are built in
• Policies can be applied globally or scoped to feeds
• Governance and automation are managed centrally

Feeds in ProGet serve the same purpose as repositories in JFrog Artifactory but packages have standard-defined formats like NuGet, npm, etc., segregated into their own feeds, giving you more control over code entering or leaving different feeds.

Getting Started with ProGet

ProGet can be installed easily via InedoHub or using Docker for Linux, and can be installed either as a single node or in High Availability.

Before migration, you’ll need to assess your current Artifactory setup. Take note of:

• Users and groups: The permissions assigned to your users and groups.
• Repositories: The repositories you have, and the artifacts they store.
• Builds: Any builds you have and their configuration.
• License and vulnerability policies: The “Policies” and “Watches” you have set up.
• Replication: If configured, the nodes that are currently set up.

Migrating Your Environment

With ProGet up and running start by migrating your users and groups, and their associated permissions. This should be quite easy if you’re using LDAP to migrate Active Directory.

You should also set up any policies you have set up for vulnerabilities and licenses. ProGet automatically categorizes and assesses vulnerabilities based on an organizational risk profile you configure, telling you how urgently remediation is needed in your unique environment.

One last thing you may need to do is create any builds you have in Artifactory, by exporting the SBOM and then uploading it to ProGet.

Maintaining Your Instance

You may have automation or workflows in your organization to configure in ProGet. If you’re using API keys for access and automation, you’ll need to set these up. Luckily it’s easy to carry over your current API keys in ProGet.

Large organizations may also be using replication for edge locations of federated development. This is also straightforward to set up, and can be easily done through the UI.

While using ProGet it’s important to configure it to keep everything running smoothly, such as setting measures for data security. ProGet has ways to back up and restore, and also and also offers data retention policies and storage solutions.

Conclusion

Migrating from to ProGet requires mapping Artifactory’s concepts and terminology to ProGet’s integrated package management solution.

Many concepts will be familiar, but ProGet taking the packages approach instead of files, and its context based vulnerability categories are important to understand early in the migration process.

By following each article in this guide you’ll learn how everything works in terms you’ll understand as an Artifactory user, starting with repositories, making your migration smooth and stress-free.