ThreatMapper: Open source platform for scanning runtime environments

2021-10-14 04:30

Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.

ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when.

"Modern applications and services depend greatly on open source componentry, and any vulnerabilities in such components can be quickly exploited at significant scale. Securing these components is most effectively done as a community effort; responsible disclosure, public vulnerability feeds, and freely-available open source tooling," said Owen Garrett, Head of Products and Community at Deepfence.

Continuous discovery of vulnerabilities: ThreatMapper scans online hosts, containers and serverless environments for known vulnerable dependencies, augmenting any "Shift left" vulnerability scanning you may do in your development pipeline.

"ThreatMapper has eased the burden not only of scanning for the myriad vulnerabilities out there, but also of figuring out which vulnerabilities demand the most and most-immediate attention. We had ThreatMapper up and running in a matter of minutes, and we have been able to shift our time to other tasks, knowing that ThreatMapper is on patrol."

ThreatMapper is a fast-evolving open source project, and will rapidly gain additional security observability capabilities, including scanning for cloud misconfigurations, compliance related hardening and additional runtime capabilities based on eBPF. ThreatMapper will make all observed threats and telemetry available through a series of public APIs.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/avlCRc_KIek/

#opensource