Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., npm, maven). Intended Audiences: The framework can be used by security auditors, pentesters and even baked into an enterprise's application security program and release cycle in an automated fashion. Main features: - Pluggable - interject on commit level, build, release steps in SDLC. - Expandable - easily add your own package management scheme or code source of choice. - General-purpose Heuristic-Engine - an abstract package data model provides agnostic heuristic approach supporting a wide range of technologies. - Flexible - decision trees can be determined upon insights or verdicts provided by the toolkit. - Easily extensible - the project is designed for practitioners to extend and fit the toolkit to their specific needs, allowing extension to other sources, public registries, and package management systems.
FEATURES
ALTERNATIVES
Mitigate security concerns of Dependency Confusion supply chain security risks.
A Windows Kernel driver intentionally vulnerable to help improve skills in kernel-level exploitation.
ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
A Dynamic Application Security Testing (DAST) platform that provides automated security testing for web applications, APIs, and LLM-powered applications throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Apiiro ASPM Platform is an application security solution that provides code-to-runtime visibility, risk assessment, and remediation capabilities to help organizations manage and reduce security risks across their application portfolio.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.