Map the attack surface of your applications.

Discover and rank vulnerabilities.

Find out what to fix first.

ThreatMapper discovers the threats to your applications in production, across clouds, Kubernetes, serverless, and more. Use ThreatMapper to…

See the topology of your applications and infrastructure

You can’t secure what you can’t see. ThreatMapper auto-discovers your production infrastructure. It identifies and interrogates cloud instances, Kubernetes nodes, and serverless resources, discovering the applications and containers and mapping their topology in real time. Use ThreatMapper to discover and visualize the external and internal attack surface for your applications and infrastructure.

ThreatMapper topology view UI screenshot
discover vulnerabilities with ThreatMapper UI

Discover vulnerabilities

Exploiting known vulnerabilities in common dependencies is one of the easiest ways for bad actors to gain a foothold within your infrastructure. ThreatMapper scans hosts, containers, and applications for known vulnerable dependencies, taking threat feeds from over 50 different sources. ThreatMapper augments any “shift left” scanning you do in your production pipeline, and scans third-party components such as monitoring, security, and load-balancing tools. ThreatMapper will identify fresh vulnerabilities in production that were not known at build or deploy time.

Rank vulnerabilities by attack surface

More than 18,000 new vulnerabilities are published each year by the National Vulnerability Database, and thousands of additional vulnerabilities come from other sources. It’s challenging to keep on top of a fast-moving security landscape. ThreatMapper ranks the discovered vulnerabilities based on CVSS and other severity signals, as well as their exploit method and proximity to your external attack surface. With ThreatMapper, you know what vulnerabilities pose the greatest threats, and what you must fix first.

Ranked vulnerabilities by attack surface ThreatMapper

100% Open Source

Modern applications and microservices rely heavily on shared, open source components. This makes security a community effort. That’s one of the reasons why we make all of ThreatMapper’s features freely available to all under the Apache 2.0 license.

Key Features


Scan build artifacts for vulnerabilities during Continuous Integration

Scan container registries for vulnerable containers before deployment

Scan production environments for host, container, and application vulnerabilities


Real-time discovery and visualization of applications in production

Topology mapping for interconnected, microservice applications

Continuous scanning of production to identify newly-published vulnerabilities


Classification of vulnerabilities based on CVSS scores

Ranking of vulnerabilities based on exploitability and proximity to attack surface

Single-page view of “What to Fix First” to reduce exposure to risk-of-exploit quickly


CI/CD integration to raise build failures to Development

Fine-grained production notification, supporting multiple apps and teams

Support for Slack, PagerDuty, Teams, Jira, Splunk, ElasticSearch, SumoLogic, and more

Compliance (roadmap)

Scan hosts and containers to identify opportunities to harden configuration and security

Evaluate compliance against community and industry standard benchmarks

Sensors (roadmap)

Capture and archive selected network traffic, decrypting TLS, for offline analysis

Capture “Indicators of Compromise” process and filesystem events from hosts and containers

Seamlessly integrates with…

Get ThreatMapper

Deepfence ThreatMapper is 100% open source and available on GitHub

Looking to add real-time threat and attack observability?

If you’re looking for real-time security tools, Deepfence’s ThreatStryker is a fully-supported version of ThreatMapper that adds runtime telemetry and a sophisticated correlation engine that observes activity in your application in real time and detects emerging threats and attacks. Our future roadmap will move the real-time sensor and telemetry into ThreatMapper (open source), and ThreatStryker will be refactored into a separate real-time threat management tool.

Ready to use ThreatMapper?