Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.
Scanning runtime environments
ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when. Taking threat feeds from more than 50 different sources, the comprehensive suite of ThreatMapper capabilities and features are available on GitHub.
ThreatMapper complements an organization’s existing initiatives to “shift left” by scanning applications and infrastructure post-deployment, catching emerging threats and scanning both first-party and third-party applications and components.
“Modern applications and services depend greatly on open source componentry, and any vulnerabilities in such components can be quickly exploited at significant scale. Securing these components is most effectively done as a community effort; responsible disclosure, public vulnerability feeds, and freely-available open source tooling,” said Owen Garrett, Head of Products and Community at Deepfence.
ThreatMapper’s automated capabilities include:
Read the article