Dependency Combobulator is an open-source framework designed to detect and prevent dependency confusion attacks in software development environments. The tool provides a modular and extensible architecture that can be integrated into various stages of the software development lifecycle, including commit-level checks, build processes, and release pipelines. Key capabilities include: - Support for multiple package management systems including npm and Maven - Integration with various code sources such as GitHub Packages and JFrog Artifactory - Heuristic-based analysis engine that uses an abstract package data model - Pluggable architecture allowing integration at different SDLC stages - Extensible design enabling practitioners to add support for additional package managers and repositories - Decision tree functionality based on analysis insights and verdicts The framework targets security auditors, penetration testers, and organizations looking to incorporate dependency security checks into their application security programs and automated release processes.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.