From GitHub - th3-j0k3r/DepConfuse :

DepConfuse is a command-line tool that proactively detects dependency confusion vulnerabilities. It scans SBOMs or PURLs to identify internal package names that could be subject to public package takeover, providing actionable insights to secure your software supply chain.

Key features: SBOM-first approach (CycloneDX), multi-registry support (20+ registries including npm, PyPI, Maven, NuGet, Docker Hub, Go, Ruby), PURL analysis, and Ecosystems.ms integration. Accepts CycloneDX SBOMs or plain PURL lists. Licensed under MIT.

Presented at Black Hat Europe 2025 Arsenal.