PickYourTechPickYourTech home
ThreatMapper logo

ThreatMapper

Runtime threat detection and attack path visualization for cloud-native workloads

Container Security

ThreatMapper continuously scans containers, serverless functions, and cloud configurations, ranks risks, and visualizes attack paths to help teams prioritize remediation across Kubernetes, Docker, ECS, Fargate, and bare-metal environments.

Overview

Highlights

Risk‑based ranking of threats with exploit likelihood
ThreatGraph attack‑path visualization
Hybrid monitoring: agent‑based sensors and agent‑less cloud scanners
Multi‑platform support: Kubernetes, Docker, ECS, Fargate, VMs

Pros

  • Broad coverage across containers, serverless, and cloud resources
  • Open‑source Apache‑2.0 license
  • Real‑time detection with visual prioritization
  • Flexible deployment via Docker, Helm, or Terraform

Considerations

  • Requires management console and sensor deployment
  • Cloud scanner needs provider credentials
  • Resource consumption on host for sensor agents
  • Enterprise‑only features are in ThreatStryker

Fit guide

Great for

  • DevSecOps teams needing continuous runtime security
  • Organizations with multi‑cloud or hybrid Kubernetes environments
  • Teams that want visual attack‑path analysis
  • Enterprises looking for an open‑source CNAPP foundation

Not ideal when

  • Purely on‑prem legacy workloads without containerization
  • Teams preferring a fully managed SaaS solution only
  • Very low‑resource edge devices
  • Organizations requiring advanced enterprise features out‑of‑the‑box

How teams use it

Prioritize vulnerable containers in a Kubernetes cluster

Reduced exposure by fixing highest‑risk images first

Identify misconfigurations across AWS, Azure, and GCP

Remediate compliance gaps and prevent attack vectors

Detect secret leakage in serverless Fargate workloads

Protect sensitive credentials and avoid data breaches

Provide unified security observability for on‑prem VMs

Gain a single view of threats across physical and virtual assets

Tech snapshot

TypeScript57%
Go41%
Shell1%
Makefile1%
Dockerfile1%
HTML1%

Tags

observabilitykubernetescontainersvulnerability-detectioncompliancehacktoberfestcloud-nativevulnerability-managementcloudsecuritythreat-analysiscspmscanning-toolcnappsecurity-toolsdevopsvulnerability-scannerssecopsregistry-scanningcwppdevsecops

Frequently asked questions

Which platforms does ThreatMapper support?

Kubernetes, Docker, Amazon ECS, AWS Fargate, and bare‑metal or virtual machines.

How is the Management Console deployed?

It can be launched with a Docker‑Compose file on a single host or installed in a Kubernetes cluster via Helm.

Do I need to run agents on every host?

ThreatMapper uses both agent‑based sensors for detailed telemetry and agent‑less Cloud Scanner tasks for cloud‑API based checks.

Is there a commercial version?

Yes, ThreatStryker is the enterprise offering with additional features and support.

What license is ThreatMapper released under?

Apache‑2.0.

Project at a glance

Active
Visit siteView repo
Stars
5,222
Watchers
5,222
Forks
641
LicenseApache-2.0
Repo age5 years old
Last commit2 weeks ago
Primary languageTypeScript

Last synced 12 hours ago