Dependency Combobulator Logo

Dependency Combobulator

0
Free
Visit Website

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., npm, maven). Intended Audiences: The framework can be used by security auditors, pentesters and even baked into an enterprise's application security program and release cycle in an automated fashion. Main features: - Pluggable - interject on commit level, build, release steps in SDLC. - Expandable - easily add your own package management scheme or code source of choice. - General-purpose Heuristic-Engine - an abstract package data model provides agnostic heuristic approach supporting a wide range of technologies. - Flexible - decision trees can be determined upon insights or verdicts provided by the toolkit. - Easily extensible - the project is designed for practitioners to extend and fit the toolkit to their specific needs, allowing extension to other sources, public registries, and package management systems.

FEATURES

ALTERNATIVES

Dynamic application security testing tool for identifying and fixing web application vulnerabilities.

An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.

Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.

Automatic tool for pentesting XSS attacks against different applications

Automatic authorization enforcement detection extension for Burp Suite

A tool for secure content publishing and verification using offline signing and trusted collections.

A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.

A Dynamic Application Security Testing (DAST) platform that provides automated security testing for web applications, APIs, and LLM-powered applications throughout the software development lifecycle.