ThreatMapper provides detailed security insights into the vulnerable dependencies, configuration, and runtime behavior of your applications and production environment. ThreatStryker adds to these capabilities, enabling you to also install security policy modules to identify and block network traffic.

Deepfence achieves this using lightweight sensors on each host (Kubernetes node, Docker host, bare metal, VM, or serverless instance).

How Deepfence’s Lightweight Sensors Work

Deepfence’s lightweight sensors gather data and telemetry and forward this to the Deepfence Console for analysis.

radar with dots icon

Vulnerability Scans

Query the host and running applications and containers for operating system and language dependencies. Dependency identifiers are submitted to the Deepfence Console for matching against vulnerability feeds. Vulnerability scans can be executed when a host registers with the Console, on a schedule or on-demand.

check in circle icon

Compliance Checks

Query the host for local and network configuration, using a set of carefully curated OpenSCAP policies based on industry and community standard sources. Compliance Checking tests are run on-demand on each host.

gear with arrows icon

Sensor Installation

Configure local sensors for process integrity, file system integrity, and network deep packet inspection (DPI) capture. Sensors are implemented by standard kernel features (fsnotify, eBPF, proc); no additional kernel modules are required. Sensor data is captured locally, pre-filtered, and then forwarded to the Console for reassembly, classification, and processing.

Deepfence goes beyond an agentless approach which fails to provide the deep visibility required, and avoids heavyweight, stateful agents that impact performance. Deepfence’s approach minimizes load on production infrastructure by performing the necessary inspection and processing on a separate Console.

Key Benefits

lightweight sensors icon

Lightweight to minimize impact on production infrastructure

On-host sensors for deep visibility into dependencies and activity

Secure host-to-console communications ensure data remains private

Supported Platforms

Sensors support a wide range of deployment options

Kubernetes blue mark


Sensors are deployed as a daemonset, a common pattern for log, metrics, monitoring, and security services that run alongside Kubernetes workloads in a non-intrusive manner.

Docker blue mark


Sensors are deployed as a Docker container on each Docker host.

Bare metal and VM-based platforms

Agents are deployed as a Docker container on each Linux operating system instance using a Docker runtime.


Deepfence supports AWS Fargate, where sensors are deployed as a daemon service alongside each serverless instance.

Learn More

Sensor Documentation Schedule Demo