ThreatMapper
Apache-2.0๐ฆ Container Security ยท Go
ThreatMapper is an open-source Cloud Native Application Protection Platform (CNAPP) developed by Deepfence that performs runtime vulnerability scanning, secret detection, and compliance auditing across cloud-native workloads and infrastructure. It deploys lightweight sensors into Kubernetes clusters, Docker hosts, and cloud environments to discover running workloads and scan them for known CVEs, exposed secrets, and compliance violations. DevSecOps teams and cloud security engineers use ThreatMapper to maintain continuous visibility into their containerized and serverless environments, prioritizing vulnerabilities based on runtime context rather than static severity scores alone. The platform provides a visual attack graph that maps exploit paths through the infrastructure, helping teams focus remediation efforts on the vulnerabilities that pose the greatest real-world risk.
Tags
Details
- Category
- ๐ฆ Container Security
- Language
- Go
- Repository
- deepfence/ThreatMapper
- License
- Apache-2.0
- Platforms
- ๐งlinux๐macos
Links
Community Reviews
No reviews yet. Be the first to review ThreatMapper.
More in Container Security
Falco
C++Cloud-native runtime security. Detects threats in containers, Kubernetes, and Linux hosts using system call monitoring and custom rules.
kube-hunter
PythonKubernetes penetration testing tool. Hunts for security weaknesses in Kubernetes clusters from inside or outside the network.
CDK
GoContainer escape and exploitation toolkit. Zero-dependency binary for container pentesting with escape exploits and post-exploitation tools.
Deepce
ShellDocker enumeration and privilege escalation. Discover Docker containers, check for misconfigurations, and find escape paths.
Dockle
GoContainer image linter. Checks Docker images for security best practices, CIS benchmarks, and Dockerfile misconfigurations.
Syft
GoSoftware Bill of Materials generator. Creates SBOMs from container images and filesystems in SPDX and CycloneDX formats.