{"id":15039128,"url":"https://github.com/deepfence/threatmapper","last_synced_at":"2026-03-07T18:11:59.644Z","repository":{"id":37402382,"uuid":"238662977","full_name":"deepfence/ThreatMapper","owner":"deepfence","description":"Open Source Cloud Native Application Protection Platform (CNAPP)","archived":false,"fork":false,"pushed_at":"2025-05-05T10:59:23.000Z","size":225824,"stargazers_count":4990,"open_issues_count":144,"forks_count":608,"subscribers_count":54,"default_branch":"release-2.5","last_synced_at":"2025-05-05T11:50:35.593Z","etag":null,"topics":["cloud-native","cloudsecurity","cnapp","compliance","containers","cspm","cwpp","devops","devsecops","hacktoberfest","kubernetes","observability","registry-scanning","scanning-tool","secops","security-tools","threat-analysis","vulnerability-detection","vulnerability-management","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://deepfence.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deepfence.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-06T10:30:09.000Z","updated_at":"2025-05-05T10:59:28.000Z","dependencies_parsed_at":"2023-09-24T02:52:27.694Z","dependency_job_id":"df82df67-20bd-486c-b3cb-de881e79d257","html_url":"https://github.com/deepfence/ThreatMapper","commit_stats":{"total_commits":5769,"total_committers":59,"mean_commits":97.77966101694915,"dds":0.8431270584156699,"last_synced_commit":"40fb21f3fff13c6437c0a583fa735afb98550aa9"},"previous_names":[],"tags_count":1325,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FThreatMapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FThreatMapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FThreatMapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FThreatMapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deepfence","download_url":"https://codeload.github.com/deepfence/ThreatMapper/tar.gz/refs/heads/release-2.5","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253820669,"owners_count":21969560,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","cloudsecurity","cnapp","compliance","containers","cspm","cwpp","devops","devsecops","hacktoberfest","kubernetes","observability","registry-scanning","scanning-tool","secops","security-tools","threat-analysis","vulnerability-detection","vulnerability-management","vulnerability-scanners"],"created_at":"2024-09-24T20:41:42.515Z","updated_at":"2026-03-07T18:11:59.637Z","avatar_url":"https://github.com/deepfence.png","language":"TypeScript","readme":"![Deepfence Logo](images/readme/deepfence-logo.png)\n\n[![GitHub license](https://img.shields.io/github/license/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/blob/master/LICENSE)\n[![GitHub stars](https://img.shields.io/github/stars/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/stargazers)\n[![GitHub issues](https://img.shields.io/github/issues/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/issues)\n[![Documentation](https://img.shields.io/badge/documentation-read-green)](https://threatmapper.org/threatmapper/docs/v2.5/)\n[![Slack](https://img.shields.io/badge/slack-@deepfence-blue.svg?logo=slack)](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ)\n\n\n\u003ca href=\"https://trendshift.io/repositories/171\" target=\"_blank\"\u003e\u003cimg src=\"https://trendshift.io/api/badge/repositories/171\" alt=\"deepfence%2FThreatMapper | Trendshift\" style=\"width: 250px; height: 55px;\" width=\"250\" height=\"55\"/\u003e\u003c/a\u003e\n\n# ThreatMapper - Runtime Threat Management and Attack Path Enumeration for Cloud Native\n\n\u003e [!NOTE]\n\u003e This project is maintained by https://threatmapper.org\n\nDeepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. ThreatMapper uses a combination of agent-based inspection and agent-less monitoring to provide the widest possible coverage to detect threats.\n\nWith ThreatMapper's **ThreatGraph** visualization, you can then identify the issues that present the greatest risk to the security of your applications, and prioritize these for planned protection or remediation.\n\n* [Learn more about ThreatMapper](https://threatmapper.org/threatmapper/docs/v2.5/) in the product documentation.\n\n* [See ThreatMapper running](https://threatmapper.org/threatmapper/docs/v2.5/demo) in the live demo sandbox.\n\n## When to use ThreatMapper\n\nThreatMapper carries on the good 'shift left' security practices that you already employ in your development pipelines. It continues to monitor running applications against emerging software vulnerabilities, and monitors the host and cloud configuration against industry-expert benchmarks.\n\nUse ThreatMapper to provide security observability for your production workloads and infrastructure, across cloud, kubernetes, serverless (Fargate) and on-prem platforms.\n\n\n## Planning your Deployment\n\nThreatMapper consists of two components:\n\n* The **ThreatMapper Management Console** is a container-based application that can be deployed on a single docker host or in a Kubernetes cluster.\n* ThreatMapper monitors running infrastructure using agentless **Cloud Scanner** tasks and agent-based **Sensor Agents**\n\n### The Management Console\n\nYou [deploy the Management Console first](https://threatmapper.org/threatmapper/docs/v2.5/console/), on a suitable docker host or Kubernetes cluster.  For example, on Docker:\n\n```shell script\n# Docker installation process for ThreatMapper Management Console\n\nwget https://github.com/deepfence/ThreatMapper/raw/release-2.5/deployment-scripts/docker-compose.yml\ndocker-compose -f docker-compose.yml up --detach\n```\n\nOnce the Management Console is up and running, you can [register an admin account and obtain an API key](https://threatmapper.org/threatmapper/docs/v2.5/console/initial-configuration).\n\n### Cloud Scanner tasks\n\nThreatMapper [Cloud Scanner tasks](https://threatmapper.org/threatmapper/docs/v2.5/cloudscanner/) are responsible for querying the cloud provider APIs to gather configuration and identify deviations from compliance benchmarks.\n\nThe task is deployed using a Terraform module. The ThreatMapper Management Console will present a basic configuration that may be deployed with Terraform, or you can refer to the expert configurations to fine-tune the deployment ([AWS](https://threatmapper.org/threatmapper/docs/cloudscanner/aws), [Azure](https://threatmapper.org/threatmapper/docs/cloudscanner/azure), [GCP](https://threatmapper.org/threatmapper/docs/cloudscanner/gcp)).\n\n### Sensor Agents\n\nInstall the [sensor agents](https://threatmapper.org/threatmapper/docs/v2.5/sensors/) on your production or development platforms. The sensors report to the Management Console; they tell it what services they discover, provide telemetry and generate manifests of software dependencies.\n\nThe following production platforms are supported by ThreatMapper sensor agents:\n\n* [Kubernetes](https://threatmapper.org/threatmapper/docs/v2.5/sensors/kubernetes/): ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart.\n* [Docker](https://threatmapper.org/threatmapper/docs/v2.5/sensors/docker/): ThreatMapper sensors are deployed as a lightweight container.\n* [Amazon ECS](https://threatmapper.org/threatmapper/docs/v2.5/sensors/aws-ecs): ThreatMapper sensors are deployed as a daemon service using a task definition.\n* [AWS Fargate](https://threatmapper.org/threatmapper/docs/v2.5/sensors/aws-fargate): ThreatMapper sensors are deployed as a sidecar container, using a task definition.\n* [Bare-Metal or Virtual Machines](https://threatmapper.org/threatmapper/docs/v2.5/sensors/linux-host/): ThreatMapper sensors are deployed within a lightweight Docker runtime.\n\nFor example, run the following command to start the ThreatMapper sensor on a Docker host:\n\n```shell script\ndocker run -dit \\\n    --cpus=\".2\" \\\n    --name=deepfence-agent \\\n    --restart on-failure \\\n    --pid=host \\\n    --net=host \\\n    --log-driver json-file \\\n    --log-opt max-size=50m \\\n    --privileged=true \\\n    -v /sys/kernel/debug:/sys/kernel/debug:rw \\\n    -v /var/log/fenced \\\n    -v /var/run/docker.sock:/var/run/docker.sock \\\n    -v /:/fenced/mnt/host/:ro \\\n    -e CUSTOM_TAGS=\"\" \\\n    -e MGMT_CONSOLE_URL=\"---CONSOLE-IP---\" \\\n    -e MGMT_CONSOLE_PORT=\"443\" \\\n    -e DEEPFENCE_KEY=\"---DEEPFENCE-API-KEY---\" \\\n    -e http_proxy=\"\" \\\n    -e https_proxy=\"\" \\\n    -e no_proxy=\"\" \\\n    quay.io/deepfenceio/deepfence_agent_ce:2.5.8\n```\n\nNote: Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.5.8-multiarch` is supported in amd64 and arm64/v8 architectures.\n\nOn a Kubernetes platform, the sensors are installed using [helm chart](https://threatmapper.org/threatmapper/docs/v2.5/sensors/kubernetes/)\n\n### Next Steps\n\nVisit the [Deepfence ThreatMapper Documentation](https://threatmapper.org/threatmapper/docs/v2.5/), to learn how to get started and how to use ThreatMapper.\n\n\n# Get in touch\n\nThank you for using ThreatMapper.  Please feel welcome to participate in the [ThreatMapper Community](COMMUNITY.md).\n\n* [ThreatMapper Community Website](https://threatmapper.org)\n* [\u003cimg src=\"https://img.shields.io/badge/slack-@deepfence-brightgreen.svg?logo=slack\"\u003e](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ) Got a question, need some help?  Find the Deepfence team on Slack\n* [![GitHub issues](https://img.shields.io/github/issues/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/issues) Got a feature request or found a bug?  Raise an issue\n* [![Documentation](https://img.shields.io/badge/documentation-read-green)](https://threatmapper.org/threatmapper/docs/v2.5/) Read the documentation in the [Deepfence ThreatMapper Documentation](https://threatmapper.org/threatmapper/docs/v2.5/)\n* [productsecurity at deepfence dot io](SECURITY.md): Found a security issue?  Share it in confidence\n\n# Get ThreatStryker for Enterprise\n\nThreatStryker is the enterprise version of ThreatMapper, with additional features for enterprise security teams.  ThreatStryker is available as a cloud service or for on-premises deployment.\n\n\n# Security and Support\n\nFor any security-related issues in the ThreatMapper project, contact [productsecurity *at* deepfence *dot* io](SECURITY.md).\n\nPlease file GitHub issues as needed, and join the Deepfence Community [Slack channel](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ).\n\n\n# License\n\nThe Deepfence ThreatMapper project (this repository) is offered under the [Apache2 license](https://www.apache.org/licenses/LICENSE-2.0).\n\n[Contributions](CONTRIBUTING.md) to Deepfence ThreatMapper project are similarly accepted under the Apache2 license, as per [GitHub's inbound=outbound policy](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2Fthreatmapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeepfence%2Fthreatmapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2Fthreatmapper/lists"}