Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about dependency confusion vulnerabilities in software supply chains through this 14-minute conference talk that introduces DepConfuse, an open-source command-line tool for detecting internal packages vulnerable to takeover in public registries. Discover how this SBOM-first approach differs from traditional detection methods by scanning CycloneDX SBOMs and parsing Package URLs without requiring source code or build system access. Explore why dependency confusion remains an overlooked threat in organizations with internal packages that shadow public registry names, and understand the limitations of existing detection tools that rely on lockfiles or ecosystem-specific logic. Examine how DepConfuse works under the hood using CycloneDX and PURL metadata, watch a live demonstration of detecting shadowed internal packages, and learn integration strategies for CI/CD pipelines to enable early detection. Gain insights into how open standards can simplify and democratize the detection of modern supply chain threats across diverse programming languages and environments.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
