Add dependency confusion section to DevSecOps.
This commit is contained in:
fabacab
parent
80839870e9
commit
349c38e3da
|
|
@ -27,6 +27,7 @@ Many cybersecurity professionals enable racist state violence, wittingly or unwi
|
|||
- [DevSecOps](#devsecops)
|
||||
- [Application or Binary Hardening](#application-or-binary-hardening)
|
||||
- [Compliance testing and reporting](#compliance-testing-and-reporting)
|
||||
- [Dependency confusion](#dependency-confusion)
|
||||
- [Fuzzing](#fuzzing)
|
||||
- [Policy enforcement](#policy-enforcement)
|
||||
- [Supply chain security](#supply-chain-security)
|
||||
|
|
@ -170,6 +171,12 @@ See also [awesome-devsecops](https://github.com/devsecops/awesome-devsecops).
|
|||
- [Chef InSpec](https://www.chef.io/products/chef-inspec) - Language for describing security and compliance rules, which become automated tests that can be run against IT infrastructures to discover and report on non-compliance.
|
||||
- [OpenSCAP Base](https://www.open-scap.org/tools/openscap-base/) - Both a library and a command line tool (`oscap`) used to evaluate a system against SCAP baseline profiles to report on the security posture of the scanned system(s).
|
||||
|
||||
### Dependency confusion
|
||||
|
||||
- [Dependency Combobulator](https://github.com/apiiro/combobulator) - Open source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks.
|
||||
- [Confusion checker](https://github.com/sonatype-nexus-community/repo-diff) - Script to check if you have artifacts containing the same name between your repositories.
|
||||
- [snync](https://github.com/snyk-labs/snync) - Prevent and detect if you're vulnerable to Dependency Confusion supply chain security attacks.
|
||||
|
||||
### Fuzzing
|
||||
|
||||
See also [Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing).
|
||||
|
|
|
|||
Loading…
Reference in New Issue