We were delighted to take part in KubeCon + CloudNativeCon North America 2021! It was awesome meeting so many of you virtually and in person. Although in person attendance was understandably light this year, we had great conversations about how we can bolster security practices across Kubernetes, clouds, containers, serverless, and more.
And we were super excited to announce that ThreatMapper is now 100% open source under the Apache 2.0 license! We were honored to receive such positive feedback on the open sourcing of ThreatMapper, its novel and useful features, and its beautiful UI. Try it out via GitHub and let us know what you think!
In this post we’ll share a recap of the latest Deepfence and ThreatMapper news and how to get started.
What is ThreatMapper?
ThreatMapper is an open source cloud native security observability platform that discovers, annotates, and displays the topology of your applications across multiple cloud environments. ThreatMapper was initially launched as a freemium edition and over time we worked closely with dozens of early adopters to evolve it into the robust cloud native security platform that it is today.
Deepfence ThreatMapper helps you monitor and secure your running applications by:
- Discovering running workloads
- Discovering vulnerabilities
- Ranking vulnerabilities by risk-of-exploit
Learn more and get started on GitHub.
Recent Deepfence and ThreatMapper News
We open sourced ThreatMapper because securing modern applications, which depend greatly on open source components and technologies, is most effectively done as a community effort – including responsible disclosure, public vulnerability feeds, and freely-available open source tooling. Open source ThreatMapper helps DevSecOps teams identify and prioritize threats quickly and easily, including vulnerabilities in production. And we became members of the OpenSSF, a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS). Here’s a recap of some of the news coverage from these two announcements …
Open source ThreatMapper:
- Help Net Security – “ThreatMapper: Open source platform for scanning runtime environments”
- Security Boulevard – “Deepfence Makes ThreatMapper Software Open Source”
- theCUBE – “Sandeep Lahane and Shyam Krishnaswamy | KubeCon + CloudNative Con NA 2021”
- TFiR – “Deepfence Does a Deep Dive into Cloud-Native Security”
- VentureBeat – “Deepfence open-sources ThreatMapper to find and rank software vulnerabilities”
- SC Media – “Linux Foundation announces $10 million cross-industry investment in Open Source Security Foundation”
- Security Week – “OpenSSF Bags $10 Million Investment”
- SiliconANGLE – “Linux Foundation raises $10M to support open-source security project”
- TFiR – “Linux Foundation Raises $10M To Expand And Support Open Source Security Foundation”
How to Get Started with ThreatMapper
It’s easy to get started with ThreatMapper, here are a few resources to help:
- Community Slack
- Quick Start
- Build from Source
- Video: How to Use ThreatMapper
- Video: How to Install ThreatMapper