Dependency Combobulator Logo

Dependency Combobulator

0
Free
Visit Website

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., npm, maven). Intended Audiences: The framework can be used by security auditors, pentesters and even baked into an enterprise's application security program and release cycle in an automated fashion. Main features: - Pluggable - interject on commit level, build, release steps in SDLC. - Expandable - easily add your own package management scheme or code source of choice. - General-purpose Heuristic-Engine - an abstract package data model provides agnostic heuristic approach supporting a wide range of technologies. - Flexible - decision trees can be determined upon insights or verdicts provided by the toolkit. - Easily extensible - the project is designed for practitioners to extend and fit the toolkit to their specific needs, allowing extension to other sources, public registries, and package management systems.

FEATURES

ALTERNATIVES

A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

Prevents you from committing passwords and other sensitive information to a git repository.

A tool for building and installing PhoneyC with optional Python version configuration and root privileges.

StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.

Automatic authorization enforcement detection extension for Burp Suite

FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.

A centralized application security posture management platform that integrates security tools, automates workflows, and provides visibility into application security risks.

PINNED