Skip to content
NuGetKeep
Get started

Built for teams that take their supply chain seriously

Community features are free and self-hosted. Enterprise features unlock with a license.

Publish & consume

The full NuGet v3 protocol, plus the publishing workflows modern CI demands.

NuGet v3 protocol

Restore, push, and unlist with the standard tooling you already use — download-ranked search, autocomplete, registration, and flat-container included.

Docs: NuGet v3 protocol

Trusted publishing Enterprise

Keyless, OIDC-based pushes from CI — no long-lived API keys to leak.

Docs: Trusted publishing

Symbols server

Push .snupkg symbol packages and step into your own libraries — portable PDBs indexed and served to your debugger.

Package-type badges & filters

Tools, templates, MSBuild SDKs, and MCP servers are recognized, badged, and filterable in search and the UI.

Docs: Package-type badges & filters

Download counts

Every served package is counted — real numbers in IDE search, download-ranked results, and badges in the UI.

Docs: Download counts

Package READMEs

READMEs render in the UI and are served through the v3 readme resource, so IDEs can show them too.

Supply-chain security

Every package gated, assessed, and accounted for — before anyone can restore it.

Supply-chain quarantine Enterprise

Every pushed package is OSV-scanned; vulnerable versions are quarantined before anyone can restore them.

Docs: Supply-chain quarantine

Health insights & dependency graph

Per-package health grades, transitive dependency graphs, and feed-wide risk and download totals — see trouble before it ships.

Vulnerability info in the feed

Known-vulnerability data is published through the standard v3 resource, so dotnet restore warns your developers directly.

Scoped API keys Enterprise

Restrict keys to package patterns and operations. Least-privilege publishing.

Docs: Scoped API keys

Audit trail

Pushes, quarantine decisions, retention prunes, and key changes — who, what, and when, kept for compliance.

Docs: Audit trail

Operate with confidence

One container to run, with the controls a real organization needs day two.

Single Docker image

The whole server — API, MCP, and admin UI — in one container on a /data volume. Air-gapped friendly.

Docs: Single Docker image

SSO / OIDC + RBAC

Bring your own identity provider; map roles to Reader / Publisher / Admin.

Docs: SSO / OIDC + RBAC

Multiple isolated feeds Enterprise

Separate teams and trust boundaries into independent, access-controlled feeds.

Docs: Multiple isolated feeds

Retention policies

Bound storage on busy CI feeds — keep-latest and max-age rules with a dry-run preview before anything is deleted.

Docs: Retention policies

Prometheus-ready metrics

An OpenTelemetry /metrics endpoint with request, runtime, and per-feed push/quarantine/download counters — plus liveness and readiness probes.

Docs: Prometheus-ready metrics

Update notifications

Admins see in the UI when a newer NuGetKeep is available — one cached call to the nugetkeep.com update manifest, easy to disable.

Docs: Update notifications

AI & integrations

Your feed, readable by the AI tools your team already uses.

MCP tools for AI Enterprise

Model Context Protocol tools for AI assistants: read tools for everyone (search, health, secure versions), plus gated write tools like request_publish for Publisher/Admin keys.

Docs: MCP tools for AI
A look inside

The admin experience

Real screens from the running server. Click any to take a closer look.