Deepfence ThreatMapper is an open-source Cloud Native Application Protection Platform (CNAPP) written primarily in TypeScript that provides runtime threat management and attack path enumeration for cloud-native environments. The platform hunts for threats in production systems and ranks them based on risk-of-exploit, uncovering vulnerable software components, exposed secrets, and deviations from security best practices. It combines agent-based inspection with agent-less monitoring to deliver comprehensive threat detection coverage across diverse infrastructure types.
The core architecture consists of two main components: a Management Console deployed as a containerized application on Docker or Kubernetes, and distributed monitoring agents. ThreatMapper uses Cloud Scanner tasks for agent-less monitoring that query cloud provider APIs to identify configuration deviations against compliance benchmarks, with support for AWS, Azure, and GCP. Sensor Agents provide agent-based monitoring and are deployable across multiple production platforms including Kubernetes via Helm charts, Docker containers, Amazon ECS, AWS Fargate as sidecars, and bare-metal or virtual machines. This multi-platform support enables organizations to monitor workloads across cloud, Kubernetes, serverless, and on-premises environments simultaneously.
The platform's ThreatGraph visualization feature helps security teams identify the highest-risk issues and prioritize remediation efforts. ThreatMapper extends shift-left security practices from development pipelines into production by continuously monitoring running applications against emerging vulnerabilities and comparing host and cloud configurations against industry-expert benchmarks. This provides security observability for production workloads and infrastructure across heterogeneous environments.
According to GitGenius activity tracking, the repository shows moderate engagement with a median issue and pull request response latency of 1823.3 hours and a mean of 3726.9 hours across 131 tracked items. The most active issue labels are needs-triage with 99 occurrences, bug with 83, and enhancement with 43, indicating ongoing maintenance and feature development. The primary contributors tracked include ramanan-ravi with 136 events, gnmahanth with 45 events, and sjkeerthi with 24 events. The repository shares overlapping contributors with ericlbuehler/mistral.rs, apache/arrow, and cockroachdb/cockroach, suggesting cross-project collaboration within the broader open-source ecosystem.
The project is maintained by threatmapper.org and operates under the Apache 2 license. ThreatMapper serves as the open-source foundation with ThreatStryker available as an enterprise version offering additional features for enterprise security teams in both cloud service and on-premises deployment models. The platform addresses multiple security domains including intrusion prevention, attack surface reduction, threat intelligence, vulnerability scanning, compliance auditing, container security, and incident response, making it relevant for DevSecOps teams seeking comprehensive cloud-native security observability.