DepConfuse

A command-line tool to detect potential dependency confusion vulnerabilities from a Software Bill of Materials (SBOM) or list of package URLs (PURLs).

Overview

DepConfuse helps security teams and developers identify packages that might be potentially vulnerable to dependency confusion attacks. It analyzes CycloneDX SBOMs or direct package URLs (PURLs) and checks package availability across multiple package registries.

Installation

git clone [email protected]:th3-j0k3r/DepConfuse.git
cd DepConfuse
go build

Usage

DepConfuse can be used in two modes:

1. SBOM Analysis Mode

./depconfuse --sbom /path/to/sbom.json --output results.txt

2. PURL File Analysis Mode

./depconfuse --file /path/to/purls.txt --output results.txt

Credits

This project uses the following open-source projects:

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
samples		samples
src		src
LICENSE		LICENSE
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

DepConfuse

Overview

Installation

Usage

1. SBOM Analysis Mode

2. PURL File Analysis Mode

Credits

About

Releases

Packages

Languages

License

th3-j0k3r/DepConfuse

Folders and files

Latest commit

History

Repository files navigation

DepConfuse

Overview

Installation

Usage

1. SBOM Analysis Mode

2. PURL File Analysis Mode

Credits

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages