Dependency Combobulator
#Application Protection#Application Security
Backslash Security is an application security platform that uses reachability analysis to enhance SAST and SCA, prioritize vulnerabilities, and provide remediation guidance.
Dependency Combobulator: An Open-Source Solution for Dependency Management
Dependency Combobulator is an Open-Source, modular, and extensible framework designed to detect and prevent dependency confusion leakage as well as potential attacks.
This Supports a Comprehensive Approach for Secure Application Releases
This supports a comprehensive approach to ensure secure application releases that can be assessed against various sources (e.g., GitHub Packages, JFrog Artifactory) and numerous package management systems (e.g., npm, maven).
The Framework's Versatility in Security Auditing and Application Security
The framework is suitable for use by security auditors, penetration testers, and can even be integrated into an enterprise's application security program and release cycle in an automated manner.
Main features:
- Pluggable
- Can interject at the commit level, during build, and throughout the release steps in the Software Development Life Cycle (SDLC).
- Expandable
- Easily incorporate your own package management scheme or preferred code source.
- General-purpose Heuristic Engine
- An abstract package data model supports an agnostic heuristic approach, accommodating a wide variety of technologies.
- Flexible
- Decision trees can be established based on insights or verdicts provided by the toolkit.
- Easily extensible
- The project is designed for practitioners to customize and adapt the toolkit to their specific needs, allowing for extensions to other sources, public registries, and package management systems.
