Add dependency confusion section to DevSecOps.

This commit is contained in:
fabacab 2021-11-13 09:57:40 -05:00
parent 80839870e9
commit 349c38e3da
No known key found for this signature in database
GPG Key ID: B0303BF6BA36A560

View File

@ -27,6 +27,7 @@ Many cybersecurity professionals enable racist state violence, wittingly or unwi
- [DevSecOps](#devsecops)
- [Application or Binary Hardening](#application-or-binary-hardening)
- [Compliance testing and reporting](#compliance-testing-and-reporting)
- [Dependency confusion](#dependency-confusion)
- [Fuzzing](#fuzzing)
- [Policy enforcement](#policy-enforcement)
- [Supply chain security](#supply-chain-security)
@ -170,6 +171,12 @@ See also [awesome-devsecops](https://github.com/devsecops/awesome-devsecops).
- [Chef InSpec](https://www.chef.io/products/chef-inspec) - Language for describing security and compliance rules, which become automated tests that can be run against IT infrastructures to discover and report on non-compliance.
- [OpenSCAP Base](https://www.open-scap.org/tools/openscap-base/) - Both a library and a command line tool (`oscap`) used to evaluate a system against SCAP baseline profiles to report on the security posture of the scanned system(s).
### Dependency confusion
- [Dependency Combobulator](https://github.com/apiiro/combobulator) - Open source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks.
- [Confusion checker](https://github.com/sonatype-nexus-community/repo-diff) - Script to check if you have artifacts containing the same name between your repositories.
- [snync](https://github.com/snyk-labs/snync) - Prevent and detect if you're vulnerable to Dependency Confusion supply chain security attacks.
### Fuzzing
See also [Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing).