Cloud and container security company Deepfence this week announced the open source availability of ThreatMapper, a tool designed to help organizations scan for, map, and rank application vulnerabilities.
By performing post-deployment scans of applications and infrastructure, the platform seeks to identify emerging threats in both first-party and third-party solutions.
Designed to work across a wide range of environments, including serverless, container, and multi-cloud, ThreatMapper brings together feeds from over 50 different sources to identify software supply chain vulnerabilities and help organizations better respond to them.
ThreatMapper can discover and map services, cloud resources, and third-party APIs; scans resources for known vulnerable dependencies; and ranks identified security errors to help organizations prioritize patching.
Already fast-evolving, ThreatMapper is expected to gain new capabilities from the open source community, such as a misconfiguration scanner, compliance-related hardening, and more runtime capabilities.
Deepfence also offers a commercial solution for deeper runtime detection and protection, named ThreatStryker, which leverages the attack surface measured by ThreatMapper.
“By open-sourcing ThreatMapper, we aim to help teams to identify and prioritize threats quickly and easily. When the pressure is on to release early and often, yet vulnerabilities are reported at an ever increasing rate, ThreatMapper’s ability to find in-production vulnerabilities and identify which pose the greatest threats is a win for dev, cloud and security operations teams,” Owen Garrett, Head of Products and Community at Deepfence, said.
Related: Facebook Open-Sources ‘Mariana Trench’ Code Analysis Tool
Related: GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies
Related: Adobe Releases Open Source Anomaly Detection Tool “OSAS”
