ThreatMapper
by deepfence
ThreatMapper is an open source cloud native application protection platform that detects and prioritizes runtime threats and vulnerabilities across cloud, Kubernetes, serverless, and on-prem environments.
Open Source Cloud Native Application Protection Platform (CNAPP)
Primary Use Case
ThreatMapper is used by security teams and DevOps engineers to continuously monitor production workloads for vulnerabilities, exposed secrets, and misconfigurations. It provides security observability and risk prioritization for cloud native applications and infrastructure, enabling proactive threat remediation and compliance with security best practices.
- Agent-based inspection combined with agentless cloud scanning for comprehensive threat detection
- Runtime threat management with risk-of-exploit ranking
- Attack path enumeration and ThreatGraph visualization for risk prioritization
- Supports cloud, Kubernetes, serverless (Fargate), and on-prem platforms
- Monitors software vulnerabilities, exposed secrets, and security configuration deviations
- Management Console deployable via Docker or Kubernetes
- Continuous monitoring aligned with 'shift left' security practices
Installation
- Download the docker-compose.yml file from the release branch: wget https://github.com/deepfence/ThreatMapper/raw/release-2.5/deployment-scripts/docker-compose.yml
- Deploy the Management Console on a suitable Docker host or Kubernetes cluster using docker-compose or Kubernetes manifests
- Configure and start the ThreatMapper Management Console container
- Deploy Sensor Agents on target infrastructure for agent-based monitoring
- Schedule or run Cloud Scanner tasks for agentless scanning of cloud environments
Usage
>_ docker-compose -f docker-compose.yml up -dStarts the ThreatMapper Management Console using Docker Compose
- Integrate ThreatMapper with CI/CD pipelines to enable continuous vulnerability and misconfiguration scanning during development and production.
- Use ThreatGraph visualization to prioritize remediation efforts based on attack path risk, improving resource allocation for security teams.
- Leverage agent-based and agentless scanning modes to maximize coverage across hybrid cloud, Kubernetes, and serverless environments.
- Combine ThreatMapper findings with SIEM and SOAR platforms for automated alerting and response workflows.
- Employ ThreatMapper in purple team exercises to simulate realistic attack paths and validate detection and defense capabilities.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about ThreatMapper. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
ProxmoxVE
community-scripts/ProxmoxVE
Proxmox VE Helper-Scripts (Community Edition)
prowler
prowler-cloud/prowler
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
aws-cdk
aws/aws-cdk
The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
my-arsenal-of-aws-security-tools
toniblyx/my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
keda
kedacore/keda
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
DevOps-Guide
Tikam02/DevOps-Guide
DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.