snync
When you manage private open source packages, for reasons such as keeping intellectual property private, then these packages will be hosted and served via private registries, or require authorization. By definition, these packages won't exist on public registries. However, when a package name is used without a reserved namespace (also known as a scope in npm, for example), they are often free to be registered by any other user on the Internet and create a potential Dependency Confusion attack vector. The attack manifests due to a mix of user misconfiguration, and bad design of package managers, which will cause the download of the package from the public registry, instead of the private registry. This tool detects two types of potential Dependency Confusion compromises: - Vulnerable - Suspicious Vulnerable: A case of actual vulnerable package is when a package name is detected to be used in a project, but the same package name is not registered on the public registry.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
Curiefense is an application security platform that protects against various threats and offers community involvement.
A tool for dynamic analysis of mobile applications in a controlled environment.
WordPress plugin to reduce comment spam with a smarter honeypot.
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
Statistical renaming, Type inference, and Deobfuscation tool for JavaScript code.
An API security and governance platform that provides discovery, security testing, compliance monitoring and lifecycle management capabilities for enterprise API implementations.
Data Theorem API Secure is an application security platform that combines SAST, DAST, IAST, and SCA testing methodologies to provide comprehensive security assessment and monitoring for APIs and modern applications throughout their development lifecycle.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.