diff --git a/README.md b/README.md index a88b669..f3a93d3 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ Many cybersecurity professionals enable racist state violence, wittingly or unwi - [DevSecOps](#devsecops) - [Application or Binary Hardening](#application-or-binary-hardening) - [Compliance testing and reporting](#compliance-testing-and-reporting) + - [Dependency confusion](#dependency-confusion) - [Fuzzing](#fuzzing) - [Policy enforcement](#policy-enforcement) - [Supply chain security](#supply-chain-security) @@ -170,6 +171,12 @@ See also [awesome-devsecops](https://github.com/devsecops/awesome-devsecops). - [Chef InSpec](https://www.chef.io/products/chef-inspec) - Language for describing security and compliance rules, which become automated tests that can be run against IT infrastructures to discover and report on non-compliance. - [OpenSCAP Base](https://www.open-scap.org/tools/openscap-base/) - Both a library and a command line tool (`oscap`) used to evaluate a system against SCAP baseline profiles to report on the security posture of the scanned system(s). +### Dependency confusion + +- [Dependency Combobulator](https://github.com/apiiro/combobulator) - Open source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. +- [Confusion checker](https://github.com/sonatype-nexus-community/repo-diff) - Script to check if you have artifacts containing the same name between your repositories. +- [snync](https://github.com/snyk-labs/snync) - Prevent and detect if you're vulnerable to Dependency Confusion supply chain security attacks. + ### Fuzzing See also [Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing).