Deepfence has announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.
Built on Deepfence’s record of securing enterprise applications, and taking threat feeds from more than 50 different sources, the suite of ThreatMapper capabilities and features are available on GitHub. ThreatMapper complements an organization’s existing initiatives to “shift left” by scanning applications and infrastructure post-deployment, catching emerging threats and scanning both first-party and third-party applications and components.
“By open-sourcing ThreatMapper, we aim to help teams to identify and prioritize threats quickly and easily. When the pressure is on to release early and often, yet vulnerabilities are reported at an ever increasing rate, ThreatMapper’s ability to find in-production vulnerabilities and identify which pose the greatest threats is a win for dev, cloud and security operations teams,” said Owen Garrett, Head of Products and Community at Deepfence who earlier led products at NGINX.
ThreatMapper is a fast-evolving open source project, and will rapidly gain additional security observability capabilities, including scanning for cloud misconfigurations, compliance related hardening and additional runtime capabilities based on eBPF. ThreatMapper will make all observed threats and telemetry available through a series of public APIs.