Tag
dependency-confusion
Safeguard articles tagged "dependency-confusion" — guides, analysis, and best practices for software supply chain and application security.
51 articles
Software Supply Chain Security
Dependency Confusion in Private Registries: The Attack That Keeps Working
Dependency confusion exploits the gap between public and private package registries. Despite widespread awareness, organizations keep falling for it.
Feb 20, 20245 min read
Software Supply Chain Security
Internal Package Naming Best Practices to Prevent Dependency Confusion
The wrong naming convention for internal packages makes dependency confusion attacks trivial. Here is how to name packages so attackers cannot substitute them.
Aug 8, 20234 min read
Supply Chain Attacks
Dependency Confusion Attacks Explained
Alex Birsan's research showed how internal package names can be exploited to inject malicious code into corporate build systems. Here's how the attack works and how to defend against it.
Jun 10, 20216 min read