When you manage private open source packages, for reasons such as keeping intellectual property private, then these packages will be hosted and served via private registries, or require authorization. By definition, these packages won't exist on public registries. However, when a package name is used without a reserved namespace (also known as a scope in npm, for example), they are often free to be registered by any other user on the Internet and create a potential Dependency Confusion attack vector. The attack manifests due to a mix of user misconfiguration, and bad design of package managers, which will cause the download of the package from the public registry, instead of the private registry. This tool detects two types of potential Dependency Confusion compromises: - Vulnerable - Suspicious Vulnerable: A case of actual vulnerable package is when a package name is detected to be used in a project, but the same package name is not registered on the public registry.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.
Static application security testing (SAST) tool for scanning source code against security and privacy risks.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.