Open source, multi-cloud platform for scanning, mapping, and ranking vulnerabilities in running containers, images, hosts, and repositories
ThreatMapper discovers the threats to your applications in production, across clouds, Kubernetes, serverless, and more. Use ThreatMapper to…
See the topology of your applications and infrastructure
What you cannot see, you cannot secure. ThreatMapper auto-discovers your production infrastructure. It identifies and interrogates cloud instances, Kubernetes nodes, and serverless resources, discovering the applications and containers and mapping their topology in real time. Use ThreatMapper to discover and visualize the external and internal attack surface for your applications and infrastructure.
Exploiting known vulnerabilities in common dependencies is one of the easiest ways for bad actors to gain a foothold within your infrastructure. ThreatMapper scans hosts, containers, and applications for known vulnerable dependencies, taking threat feeds from over 50 different sources. ThreatMapper augments any “shift left” scanning you do in your production pipeline, and scans third-party components such as monitoring, security, and load-balancing tools. ThreatMapper will identify fresh vulnerabilities in production that were not known at build or deploy time.
Rank vulnerabilities by attack surface
More than 18,000 new vulnerabilities are published each year by the National Vulnerability Database, and thousands of additional vulnerabilities come from other sources. It’s challenging to keep on top of a fast-moving security landscape. ThreatMapper ranks the discovered vulnerabilities based on CVSS and other severity signals, as well as their exploit method and proximity to your external attack surface. With ThreatMapper, you know what vulnerabilities pose the greatest threats, and what you must fix first.
100% open source
Modern applications and microservices rely heavily on shared, open source components. This makes security a community effort. That’s one of the reasons why we make all of ThreatMapper’s features freely available to all under the Apache 2.0 license.
Scan build artifacts for vulnerabilities during Continuous Integration
Scan container registries for vulnerable containers before deployment
Scan production environments for host, container, and application vulnerabilities
Real-time discovery and visualization of applications in production
Topology mapping for interconnected, microservice applications
Continuous scanning of production to identify newly-published vulnerabilities
Classification of vulnerabilities based on CVSS scores
Ranking of vulnerabilities based on exploitability and proximity to attack surface
Single-page view of “What to Fix First” to reduce exposure to risk-of-exploit quickly
CI/CD integration to raise build failures to Development
Fine-grained production notification, supporting multiple apps and teams
Support for Slack, PagerDuty, Teams, Jira, Splunk, ElasticSearch, SumoLogic, and more
Scan hosts and containers to identify opportunities to harden configuration and security
Evaluate compliance against community and industry standard benchmarks
Capture and archive selected network traffic, decrypting TLS, for offline analysis
Capture “Indicators of Compromise” process and filesystem events from hosts and containers
Seamlessly integrates with…
Deepfence ThreatMapper is 100% open source and available on GitHub
Looking to add real-time threat and attack observability?
If you’re looking for real-time security tools, Deepfence’s ThreatStryker is a fully-supported version of ThreatMapper that adds runtime telemetry and a sophisticated correlation engine that observes activity in your application in real time and detects emerging threats and attacks. Our future roadmap will move the real-time sensor and telemetry into ThreatMapper (open source), and ThreatStryker will be refactored into a separate real-time threat management tool.