Dependency Combobulator
Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., npm, maven). Intended Audiences: The framework can be used by security auditors, pentesters and even baked into an enterprise's application security program and release cycle in an automated fashion. Main features: - Pluggable - interject on commit level, build, release steps in SDLC. - Expandable - easily add your own package management scheme or code source of choice. - General-purpose Heuristic-Engine - an abstract package data model provides agnostic heuristic approach supporting a wide range of technologies. - Flexible - decision trees can be determined upon insights or verdicts provided by the toolkit. - Easily extensible - the project is designed for practitioners to extend and fit the toolkit to their specific needs, allowing extension to other sources, public registries, and package management systems.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An integrated software supply chain platform that combines repository management, security scanning, and DevSecOps capabilities for managing and securing the entire software development lifecycle.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.
An automated code security tool that analyzes repositories, identifies vulnerabilities, and generates pull requests with fixes while integrating with existing development workflows.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
Snyk Code is a real-time SAST tool that provides secure code analysis and actionable remediation advice to prevent code delays and ensure secure development.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.
A deliberately vulnerable modern day app with lots of DOM related bugs
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.