Dependency Confusion Deep Dive

ependency Confusion caused quite a stir when it was made public in February 2021. It affects companies that run their own internal package repositories like Artifactory and Sonatype. The attack works by tricking a package repository like Artifactory to use a malicious upstream package rather than an internal package. In this talk we will dive into how Schibsted have mitigated this attack vector.