Threatmapper is a cloud-native security observability platform that scans, maps, and ranks vulnerabilities from development through production across serverless, Kubernetes, container, and multi-cloud environments. 

This Wednesday, it was open-sourced by Deepfence under the Apache 2.0 license. 

“By open sourcing ThreatMapper, we aim to help developers, DevOps, DevSecOps, and security teams identify and prioritize threats quickly and easily, and focus their efforts on the vulnerabilities that need to be fixed first,” Deepfence wrote on its website

ThreatMapper users can see the topology of their applications and infrastructure because it auto-discovers production infrastructure, including cloud instances, Kubernetes nodes, serverless resources, and containers and maps the topology of applications in real-time. 

It also scans hosts containers, and applications for known vulnerable dependencies, taking threat feeds from more than 50 different sources. 

It ranks the discovered vulnerabilities based on CVSS and other severity signals, as well as the exploit method and proximity to the external attack surface. 

“Our intent is to migrate all security and observability capabilities, including compliance scanning and runtime sensors, into the open source ThreatMapper platform. ThreatMapper will make all threat and runtime data available through public APIs, for dashboards, SIEM and other external applications to consume,” the company stated.