Cloud and container security company Deepfence this week announced the open source availability of ThreatMapper, a tool designed to help organizations scan for, map, and rank application vulnerabilities.
By performing post-deployment scans of applications and infrastructure, the platform seeks to identify emerging threats in both first-party and third-party solutions.
Designed to work across a wide range of environments, including serverless, container, and multi-cloud, ThreatMapper brings together feeds from over 50 different sources to identify software supply chain vulnerabilities and help organizations better respond to them.
ThreatMapper can discover and map services, cloud resources, and third-party APIs; scans resources for known vulnerable dependencies; and ranks identified security errors to help organizations prioritize patching.
Already fast-evolving, ThreatMapper is expected to gain new capabilities from the open source community, such as a misconfiguration scanner, compliance-related hardening, and more runtime capabilities.
Deepfence also offers a commercial solution for deeper runtime detection and protection, named ThreatStryker, which leverages the attack surface measured by ThreatMapper.
“By open-sourcing ThreatMapper, we aim to help teams to identify and prioritize threats quickly and easily. When the pressure is on to release early and often, yet vulnerabilities are reported at an ever increasing rate, ThreatMapper’s ability to find in-production vulnerabilities and identify which pose the greatest threats is a win for dev, cloud and security operations teams,” Owen Garrett, Head of Products and Community at Deepfence, said.
Related: Facebook Open-Sources ‘Mariana Trench’ Code Analysis Tool
Related: GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies
Related: Adobe Releases Open Source Anomaly Detection Tool “OSAS”

More from Ionut Arghire
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
