🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

Related tags

DevOps Tools github kubernetes jenkins devops circleci gitlab serverless secops k8s cloud-native security-vulnerability vulnerability-management observability log4j2 threat-analysis security-tools devsecops vulnerability-scanning registry-scanning cwpp
Overview

Deepfence Logo

GitHub license GitHub stars GitHub issues GitHub wiki Demo Docker pulls Slack Twitter

CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper.

  • Live demo of Log4J Vulnerability here
  • More details here

ThreatMapper - Runtime Vulnerability Management and Attack Path Enumeration for Cloud Native

Deepfence ThreatMapper hunts for vulnerabilities in your production platforms, and ranks these vulnerabilities based on their risk-of-exploit. You can then prioritize the issues that present the greatest risk to the security of your applications - read more.



Learn the Topology

Identify Vulner­abilities

Discover Attack Paths

See ThreatMapper running with a live demo.

Getting Started with ThreatMapper

ThreatMapper.mp4

Planning your Deployment

The ThreatMapper console can be deployed on a single docker host or in a Kubernetes cluster.

ThreatMapper then monitors your development or production workloads using Sensor Agents. The sensors can be deployed on a wide range of platforms - Kubernetes, Docker, Fargate, Bare-Metal and Virtual Machines. Check the prerequisites before you proceed.

Install the Management Console

Installing the management console on a Docker host (4 cores, 16Gb) is as straightforward as:

wget https://github.com/deepfence/ThreatMapper/raw/master/deployment-scripts/docker-compose.yml
docker-compose -f docker-compose.yml up --detach

Once docker-compose has detached, allow 30 seconds or so for the console to complete its startup. Note that the console uses an untrusted self-signed TLS key by default (how to fix).

Installation on Kubernetes is performed with a Helm Chart:

# Install OpenEBS, and wait for it to start up
kubectl create ns openebs
helm install openebs --namespace openebs --repo "https://openebs.github.io/charts" openebs --set analytics.enabled=false
kubectl get pods -o wide --namespace openebs -w

# Install the Kubernetes metrics service (if not already installed)
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.5.0/components.yaml

# Configure the Deepfence ThreatMapper Helm Chart
helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper

# Install the ThreatMapper console and wait for the pods to start up
helm install deepfence-console deepfence/deepfence-console
kubectl get pods -o wide -w

# Optionally, install the Deepfence Router service and wait for the platform to deploy a load balancer
helm install deepfence-router deepfence/deepfence-router
kubectl get --namespace default svc -w deepfence-router

More details are in the ThreatMapper documentation.

Initial Configuration

Once the Management Console is up and running, you can register an admin account and obtain an API key.

When the console first starts up, it will begin to acquire the Threat Intel feed data; this usually takes a few minutes, but can take up to an hour. You can install sensors and browse the topology of your applications, but you will not be able to perform vulnerability scans until the threat feeds have been fully acquired.

Install the ThreatMapper Sensor Agents

Install the Sensor Agents on your production or development platforms. The Sensor Agents report to the Management Console; they tell it what services they discover, provide telemetry and generate manifests of software dependencies.

The following production platforms are supported by ThreatMapper sensors:

  • Amazon ECS: ThreatMapper sensors are deployed as a daemon service using a task definition.
  • AWS Fargate: ThreatMapper sensors are deployed as a sidecar container, using a task definition.
  • Google Kubernetes Engine: ThreatMapper sensors are deployed as a daemonset in the GKE cluster.
  • Azure Kubernetes Service: ThreatMapper sensors are deployed as a daemonset in the AKS cluster.
  • Kubernetes: ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart.
  • Docker: ThreatMapper sensors are deployed as a lightweight container.
  • Bare-Metal or Virtual Machines: ThreatMapper sensors are deployed within a lightweight Docker runtime.

For example, run the following command to start the Deepfence Sensor on the Docker host:

docker run -dit --cpus=".2" --name=deepfence-agent --restart on-failure --pid=host --net=host \
  --privileged=true -v /sys/kernel/debug:/sys/kernel/debug:rw -v /var/log/fenced \
  -v /var/run/docker.sock:/var/run/docker.sock -v /:/fenced/mnt/host/:ro \
  -e USER_DEFINED_TAGS="" -e MGMT_CONSOLE_URL="---CONSOLE-IP---" -e MGMT_CONSOLE_PORT="443" \
  -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \
  deepfenceio/deepfence_agent_ce:latest

On a Kubernetes platform, the sensors are installed using a Helm chart:

helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper

# helm v2
helm install deepfence/deepfence-agent \
    --name=deepfence-agent \
    --set managementConsoleUrl=---CONSOLE-IP--- \
    --set deepfenceKey=---DEEPFENCE-API-KEY---

# helm v3
helm install deepfence-agent deepfence/deepfence-agent \
    --set managementConsoleUrl=---CONSOLE-IP--- \
    --set deepfenceKey=---DEEPFENCE-API-KEY---

Next Steps

Once the sensor agents have been installed, you can begin to explore the topology of your infrastructure and applications.

Subsequently, when the threat feeds have been acquired, you'll see a message on Settings -> Diagnosis. You can begin with your first Production Vulnerability Scan.

Check out the Deepfence ThreatMapper wiki for how to get started with using Deepfence ThreatMapper.

Get in touch

Security and Support

For any security-related issues in the ThreatMapper project, contact productsecurity at deepfence dot io.

Please file GitHub issues as needed, and join the Deepfence Community Slack channel.

License

The Deepfence ThreatMapper project (this repository) is offered under the Apache2 license.

Contributions to Deepfence ThreatMapper project are similarly accepted under the Apache2 license, as per GitHub's inbound=outbound policy.

Comments
  • Scans failing to pick up RedHat RPMs

    Scans failing to pick up RedHat RPMs

    Describe the bug I'm scanning RH 7.7 machines with the Bare-Metal / Docker container configuration. I get results back for application code Java, Python, etc. But nothing about the RPMs and packages installed.

    To Reproduce Steps to reproduce the behavior:

    1. Install RH 7.7 - Might be tricky to find the ISO....

    2. Docker Won't install on RH 7.7 so you'll need to add some Centos packages sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-3.el7.noarch.rpm --nogpgcheck sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/slirp4netns-0.4.3-4.el7_8.x86_64.rpm --nogpgcheck sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/fuse3-libs-3.6.1-4.el7.x86_64.rpm --nogpgcheck sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm --nogpgcheck sudo yum -y install docker-ce docker-ce-cli containerd.io

    3. Then start docker and run the Sensor Agent as per the documentation.

    4. Run a scan with all options enabled.

    Expected behavior I'd expect to see details of the RPMs with CVEs that need updating.

    Components/Services affected

    • [ ] UI/Frontend
    • [ ] API/Backend
    • [ X] Agent
    • [ ] Deployment/YAMLs
    • [ ] CI/CD Integration
    • [ ] Other (specify)

    Additional context Both the Agent and Management Console are running as virtual machines (Oracle Virtual Box) on my laptop. I wanted to do a scan of RH 7.7 before updating to RH 7.9 to see how many CVEs get fixed, and how many remain.

    bug needs-triage 
    opened by sgreenslade 11
  • Unable to navigate from 'Topology'

    Unable to navigate from 'Topology'

    Hi,

    I've setup the management console on an AWS instance using the repository instructions. I've registered an account and accessed the console but I can't navigate to any other pages (registries, vulnerabilities, settings etc.). It seems to be in a loop of 'resuming the live state' and is stuck 'Optimizing hosts'.

    I've given it over 60 minutes as the readme mentioned, but there's been no change.

    I can't find any obvious problems looking through the various container logs. I wondered if someone here could offer any guidance?

    opened by lwilliams1990 11
  • deepfence_agent_ce:latest on armv7 docker

    deepfence_agent_ce:latest on armv7 docker

    Maybe this isn't really a bug, but maybe an configuration or compatibility issue. The sensor must be install on external chip set devices they are in a network comparison. Basic for this is armV7.

    The package installation in dependencies was installing docker.io on armv7. Which image or where can find the armV7 deploy image for ?

    1. try to deploy the deepfence_agent_ce:latest on armv7 with following script
    2. See error

    docker run -dit --cpus=".2" --name=deepfence-agent --restart on-failure --pid=host --net=host \ --privileged=true -v /sys/kernel/debug:/sys/kernel/debug:rw -v /var/log/fenced \ -v /var/run/docker.sock:/var/run/docker.sock -v /:/fenced/mnt/host/:ro \ -e USER_DEFINED_TAGS="" -e MGMT_CONSOLE_URL="XXX.XXX.XXX.XXX" -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="API-KEY" \ deepfenceio/deepfence_agent_ce:latest Result: WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm/v7) and no specific platform was requested Components/Services affected

    • [ ] UI/Frontend
    • [ ] API/Backend
    • [x] Agent
    • [ ] Deployment/YAMLs
    • [ ] CI/CD Integration
    • [ ] Other (specify)
    bug needs-triage 
    opened by armorvx 10
  • Docker Issue : deepfenceio/deepfence_init_ce:1.4.1 Exit Errror

    Docker Issue : deepfenceio/deepfence_init_ce:1.4.1 Exit Errror

    Dear team,

    I would like to ask you about the following error I have.

    The error happens after a zero installation by downloading the docker-compose file and running it.

    I only modify in it the default port since I have in use the 443, but after that everything is the same.

    The docker runs correctly but when I try to enter the port I get the following message in the browser: "secure connection failed" "PR_END_OF_FILE_ERRROR".

    It doesn't seem to be a browser problem since I validated it with several ...

    I run the command docker ps -a and I see that there is an instance with an error.

    Error :

    5f182a2d1de5 deepfenceio/deepfence_init_ce:1.4.1 "/usr/local/bin/entr…" 2 hours ago Exited (0) 2 seconds ago df-init-container

    I really don't know what I could do... the instance has the capability to support docker and is on AWS EC2 which I understand is compatible with this solution.

    thanks,

    bug needs-triage 
    opened by jplopezy 8
  • Upload Vulnerabilty Database Issue

    Upload Vulnerabilty Database Issue

    Describe the bug: Cannot upload the vulnerability database.

    To Reproduce: Steps to reproduce the behavior:

    1. Go to Settings > Vulnerability & Secret Management
    2. Upload the vulnerability database with tar.gz file
    3. Check Network tab on browser, it shows POST 404 Not Found with this URL: https://address/undefined/df-api/upload-vulnerability-db

    Screenshots: Screenshot 2022-09-13 091852

    Additional context: Deepfence: 1.4.0

    opened by wonhee0410 7
  • Threat Mapper Management Console does not show up when running on local server

    Threat Mapper Management Console does not show up when running on local server

    Describe the bug Threat mapper downloaded from git URL, performed steps to run management console on local server but console does not show up on the local IP address and given PORT.

    To Reproduce Steps to reproduce the behavior:

    1. Go to 'https://github.com/deepfence/ThreatMapper'
    2. Clone the repo.
    3. Follow steps give on: https://github.com/deepfence/ThreatMapper/wiki/Building-Console-and-Sensors-from-Source to run Threat Mapper Management Console on local server.
    4. Check if Threat Mapper Management Console came up on given IP and PORT.

    Expected behavior Threat Mapper Management Console should come up on given IP and PORT.

    Screenshots Attaching a PDF in comments section for detailed explanation and to show successful configuration steps.

    Components/Services affected

    Additional context OS Details: Ubuntu 20.04.4 LTS (64-bit) CPU/RAM/SSD: Intel Core i7 / 32 GB RAM / 512 GB SSD

    bug waiting-for-feedback 
    opened by yashtw 7
  • Issue scanning Management node and registries

    Issue scanning Management node and registries

    Unable to run vulnerability scans on management console node and registries. Vulnerability scans start but hang after a while with error "Scan was interrupted". There is no info in the docker-compose logs to investigate or viewable logs from the console itself.

    opened by jrose1738 7
  • PDF report always shows

    PDF report always shows "No vulnerabilities found for the applied filters"

    Thanks for providing this tool!

    Describe the bug When trying to generate a PDF report with vulnerabilities a PDF with the text "No vulnerabilities found for the applied filters" is always generated. Switching to the XLSX format returns thousands.

    To Reproduce Steps to reproduce the behavior:

    1. Go to 'Integrations > Reports / PDF/XLSX'
    2. Select 'Vulnerabilities', 'container image', 'last 1 day' and PDF format.
    3. Click Download.
    4. Wait until report is generated and download it (a file without vulnerabilities is generated).
    5. Switch to XLSX download type and click Download.
    6. A XLSX file with thousand of vulnerabilities is shown.

    Expected behavior I expected that the only difference would be the file format. The list of vulnerabilities should be the same.

    Screenshots Filter settings and "Filters used" - Note the differences here. image

    Extract from XLSX: image

    PDF file downloaded: image

    Components/Services affected

    Making a best effort guess here.

    • [X] UI/Frontend
    • [X] API/Backend
    • [ ] Agent
    • [ ] Deployment/YAMLs
    • [ ] CI/CD Integration
    • [ ] Other (specify)

    I hope the above helps with tracking down the issue. Since the Filters Used are different depending on file format, I suspect the issue might lay there.

    Thanks

    bug pr/merged 
    opened by mustajarvi 6
  • Error when register: Console URL is not valid

    Error when register: Console URL is not valid

    Describe the bug I started with the getting started page with docker-compose. After starting the services, I can enter the portal and click on "Register". After I filled the form, I got the error "Console URL is not valid"

    To Reproduce Steps to reproduce the behavior:

    1. Go to this page: https://github.com/deepfence/ThreatMapper/wiki/Installing-the-Management-Console
    2. Follow instruction in section: "Install the ThreatMapper Management Console - Single Docker Host"
    3. Go to web-portal "https://localhost/"
    4. Click on register
    5. Enter your details
    6. Click on button to submit form
    7. Got the error "Console URL is not valid"

    Expected behavior Registration should be successfull to be able to login into the web-ui.

    Screenshots image

    Components/Services affected

    • [X] UI/Frontend
    • [X] API/Backend
    • [ ] Agent
    • [ ] Deployment/YAMLs
    • [ ] CI/CD Integration
    • [ ] Other (specify)

    Additional context None

    bug waiting-for-feedback 
    opened by jonahbohlmann 6
  • Installation of Management Console Fails

    Installation of Management Console Fails

    Provided the docer-compose.yml file, when executing the following command:

    docker-compose -f docker-compose.yml up -d

    I am unable to browse to the management console as not all containers are started, specifically the deepfence-es-master container which presents the following errors:

    Exception in thread "main" java.lang.RuntimeException: starting java failed with [137]
output:

error:
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
	at org.elasticsearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:123)
	at org.elasticsearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:88)
	at org.elasticsearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:59)
	at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:95)

    Would appreciate any guidance.

    opened by derickrn 6
  • [K8s console] [vulnerability scan] scan failures

    [K8s console] [vulnerability scan] scan failures

    1. Setup a K8s cluster. Install management console on it.
    2. Connect a regular vm agent. In this setup there is just one fsharp docker container running on the vm.
    3. Scan both the fsharp container and the vm. Both scans run forever. image
    bug needs-triage 
    opened by jo19in1 5
  • [Graph integration] Add new deepfence CLI

    [Graph integration] Add new deepfence CLI

    As part of the ongoing effort to integrate with neo4j graph (https://github.com/deepfence/ThreatMapper/issues/692) we are adding a new CLI to allow headless interaction with the console.

    • [x] Topology API
    • [x] Threat API
    • [x] Authentication
    • [x] User API
      • [ ] Login API
      • [x] APIToken
      • [x] Register
    • [x] Scan API
      • [x] Secret scan
      • [ ] Compliance scan
      • [ ] Malware scan
      • [ ] Cloud scan
    • [ ] Ingesters API
    enhancement needs-triage 
    opened by noboruma 0
  • Vulnerability and Secret scans - show differences between scan results for a host/image in UI

    Vulnerability and Secret scans - show differences between scan results for a host/image in UI

    • We currently provide an API that helps diffing (new vulnerabilities, fixed vulnerabilities, etc) between any two given scan IDs on any node (container images or a host). This feature should be provided in UI.
    • API exists for vulnerability scan, required for secret scan
    • https://deepfence.github.io/deepfence_runtime_api/#operation--deepfence-v1.5-vulnerability_scan_diff-get
    enhancement 
    opened by ramanan-ravi 0
  • Kubernetes Sensor Agents do not run on ARM nodes

    Kubernetes Sensor Agents do not run on ARM nodes

    Describe the bug When the kubernetes sensor agent pods run on ARM64 (graviton2) worker nodes they crash with this error: exec /usr/local/bin/start_services: exec format error

    To Reproduce Steps to reproduce the behavior:

    1. Deploy https://github.com/deepfence/ThreatMapper/tree/master/deployment-scripts/helm-charts/deepfence-agent to a k8s cluster that is running ARM worker nodes.
    2. Pods from the daemonset that try to run on ARM nodes error out: exec /usr/local/bin/start_services: exec format error
    • [ ] UI/Frontend
    • [ ] API/Backend
    • [x] Agent
    • [ ] Deployment/YAMLs
    • [ ] CI/CD Integration
    • [ ] Other (specify)
    enhancement kubernetes 
    opened by j771 0
  • [Graph integration] Improvement unified package-scanner code

    [Graph integration] Improvement unified package-scanner code

    merge vulnerability mapper from ThreatMapper to package-scanner making it easier to run vulnerability scans using syft and grype from a single place

    add option to run only sbom generation(syft) on agent and run grype on threatmapper console using command line flags

    enhancement v2 
    opened by gnmahanth 0
  • Unable to change the Deepfence console url as my top level domain is engineering

    Unable to change the Deepfence console url as my top level domain is engineering

    Describe the bug My top level domain is engineering ex; xxx.xxx.engineering since engineering is a large alphabet, the console URL is not accepting it

    image

    bug 
    opened by namanjain-coditas 0
  • Missing 'Severity' filter in notification for vulnerabilities

    Missing 'Severity' filter in notification for vulnerabilities

    Describe the bug Earlier we used to have a filter called 'severity' in notification, which helped to filter only selected severity vuln. to be pushed as notification to slack, teams, etc. It's not present now.

    Screenshots image

    Components/Services affected

    • [x] UI/Frontend
    • [ ] API/Backend
    • [ ] Agent
    • [ ] Deployment/YAMLs
    • [ ] CI/CD Integration
    • [ ] Other (specify)

    Additional context Add any other context about the problem here.

    bug p0 
    opened by ibreakthecloud 0
Releases(threatintel-yara-2022-12-31_00-06-37)

  • threatintel-yara-2022-12-31_00-06-37(Dec 31, 2022)

  • threatintel-2022-12-31_00-15-22(Dec 31, 2022)

  • threatintel-yara-2022-12-30_00-07-07(Dec 30, 2022)

  • threatintel-2022-12-30_00-16-02(Dec 30, 2022)

  • threatintel-yara-2022-12-29_00-07-09(Dec 29, 2022)

  • threatintel-2022-12-29_00-16-42(Dec 29, 2022)

  • v1.4.1(Oct 3, 2022)

    What's Changed

    • reset check type on changing compliance provider by @manV in https://github.com/deepfence/ThreatMapper/pull/522
    • Add ThreatGraph missing icons by @manV in https://github.com/deepfence/ThreatMapper/pull/524
    • Remove UI resolver in router config #523 by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/525
    • Cloud stats by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/528
    • Update documentation by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/529
    • changed cve-links to show as actual links in popup by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/527
    • Bugfix/remove phone input arrows by @MilanRajkumar in https://github.com/deepfence/ThreatMapper/pull/515
    • Updated API params for report generation by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/531
    • Update README.md by @fferrann in https://github.com/deepfence/ThreatMapper/pull/532
    • New Helm chart version by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/537
    • Discrepancy in the results while we select container image in report download by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/536
    • fix the condition toenable schedule compliance scans by @ibreakthecloud in https://github.com/deepfence/ThreatMapper/pull/534
    • UI: Reset page index on filter on registry image list by @manV in https://github.com/deepfence/ThreatMapper/pull/542
    • UI: Show checkbox for only relevant node types on topology table by @manV in https://github.com/deepfence/ThreatMapper/pull/544
    • fix: empty response of search filter must update severity counts by @milan-deepfence in https://github.com/deepfence/ThreatMapper/pull/543
    • Fixed the CSS for status pills in topology table by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/546
    • Schedule Scan for compliance issue is fixed by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/547
    • Enable haproxy logs by @gnmahanth in https://github.com/deepfence/ThreatMapper/pull/552
    • Enable haproxy logs by @gnmahanth in https://github.com/deepfence/ThreatMapper/pull/553
    • Fix user-sent notifications by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/555
    • fix/538-add compliance menu for integration by @milan-deepfence in https://github.com/deepfence/ThreatMapper/pull/539
    • Fix api path for vulnerability db upload by @manV in https://github.com/deepfence/ThreatMapper/pull/558
    • Made changes to ecr registry by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/564
    • Cloudtrail logs processing by @jatin-baweja in https://github.com/deepfence/ThreatMapper/pull/561
    • Cloudtrail alerts UI by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/562
    • add compliance percentage for linux (fix: issue 1601) by @gnmahanth in https://github.com/deepfence/ThreatMapper/pull/568
    • Support custom file path for docker/containerd socket by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/572
    • Fix compliance scan summary issues by @manV in https://github.com/deepfence/ThreatMapper/pull/570
    • #565 Api and UI changes for KSPM by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/575
    • Update README.md by @Bentipe in https://github.com/deepfence/ThreatMapper/pull/576
    • #577 trigger scheduled scan action by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/578
    • #565 adding kspm dependency in helm chart by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/581
    • Kubernetes scanner - docs by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/583
    • Added cloudformation template for AWS cloud in posture page by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/580
    • #565 Kspm cis check type to nsa-cisa by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/584
    • fix:to have info icon for an error case by @milan-deepfence in https://github.com/deepfence/ThreatMapper/pull/586
    • Fixed UI masking and unmasking on compliance by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/588
    • Helm chart - add resources per pod in values.yaml by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/589
    • fix for fetching images from amazon public ECR deepfence/ThreatMapper… by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/559
    • fix threat graph not generated by @gnmahanth in https://github.com/deepfence/ThreatMapper/pull/595
    • FIxed empty xlsx report generation by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/596
    • changed the params which caused empty xlsx report generation by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/597
    • Version upgrade - v1.4.1 by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/598
    • fix:controls button misalignment on details pop up by @milan-deepfence in https://github.com/deepfence/ThreatMapper/pull/599
    • FIxed integration table data mismatch by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/600
    • add missing internal port on api pod by @gnmahanth in https://github.com/deepfence/ThreatMapper/pull/602
    • now we can assign the issue to assignee deepfence/ThreatMapper#445 by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/601
    • Upload vulnerability database issue #557 by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/605

    New Contributors

    • @MilanRajkumar made their first contribution in https://github.com/deepfence/ThreatMapper/pull/515
    • @fferrann made their first contribution in https://github.com/deepfence/ThreatMapper/pull/532
    • @Bentipe made their first contribution in https://github.com/deepfence/ThreatMapper/pull/576

    Full Changelog: https://github.com/deepfence/ThreatMapper/compare/v1.4.0...v1.4.1

    Source code(tar.gz)
    Source code(zip)

  • v1.4.0(Aug 10, 2022)

    What's Changed

    • Render custom dropdown in a portal to avoid overflow clipping by @manV in https://github.com/deepfence/ThreatMapper/pull/504
    • Cloud Security Posture Analysis and Threat Graph by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/518
    • 1.4 docs update by @ogarrett in https://github.com/deepfence/ThreatMapper/pull/517

    Full Changelog: https://github.com/deepfence/ThreatMapper/compare/v1.3.1...v1.4.0

    Source code(tar.gz)
    Source code(zip)

  • v1.3.1(Jul 29, 2022)

    What's Changed

    • #336 Mounting containerd directories in write mode by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/350
    • Sorting support for RBOM tables by @manV in https://github.com/deepfence/ThreatMapper/pull/349
    • show scan status beside the scan button by @pandyamarut in https://github.com/deepfence/ThreatMapper/pull/354
    • diagnosis timestamp change to local time by @pandyamarut in https://github.com/deepfence/ThreatMapper/pull/351
    • Ci/cd changes for v1.3 by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/352
    • donut modal popup severity sorting fix by @pandyamarut in https://github.com/deepfence/ThreatMapper/pull/357
    • add pagination to the runtime bom table by @pandyamarut in https://github.com/deepfence/ThreatMapper/pull/362
    • Add user menu to settings screen by @manV in https://github.com/deepfence/ThreatMapper/pull/360
    • Runtime bom query optimisation and pagination by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/364
    • Upgrade golang version by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/365
    • Add wait for secret scan process to restart by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/368
    • Enhance the vulnerability database by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/369
    • Containerd reporter in discovery pod by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/375
    • Make es index names, url scheme configurable by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/378
    • issue-376: Support setting a temporary password by @shahpratikr in https://github.com/deepfence/ThreatMapper/pull/379
    • Harbor Registry by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/383
    • Make console url domain resolution optional in probe by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/386
    • Fix interrupted secret scans status by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/388
    • Ignore management console port in the url if 443 by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/391
    • Excel and PDF report has been added for the Secret Scans' results by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/382
    • Issue-381: ES changes to support multi-tenancy by @shubhamjain32 in https://github.com/deepfence/ThreatMapper/pull/390
    • Add the secret scan report download by @pandyamarut in https://github.com/deepfence/ThreatMapper/pull/372
    • Modified notification related APIs #394 by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/395
    • Management Console diagnosis logs - limit kubernetes namespace by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/398
    • Temporary password change ui by @manV in https://github.com/deepfence/ThreatMapper/pull/401
    • Changes required in fetcher service by @shubhamjain32 in https://github.com/deepfence/ThreatMapper/pull/400
    • Xlpdf 2 by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/399
    • Added separate node type options for secret scan reports & changed re… by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/402
    • Upgrade dependencies by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/404
    • Fix minor issue where empty maps are created by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/407
    • Update fargate sensors to v1.3.0 by @jatin-baweja in https://github.com/deepfence/ThreatMapper/pull/392
    • add external-sources to enhance java results by @ibreakthecloud in https://github.com/deepfence/ThreatMapper/pull/408
    • Cache topology data in redis by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/409
    • Use pg_isready command to check if postgresql by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/413
    • Remove open-tracer by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/414
    • (feat). API to upload vulnerability db in airgapped env by @ibreakthecloud in https://github.com/deepfence/ThreatMapper/pull/412
    • Add nginx ingress controller as type for router service installation by @jatin-baweja in https://github.com/deepfence/ThreatMapper/pull/418
    • Add support to upload db files in airgapped enviornment by @pandyamarut in https://github.com/deepfence/ThreatMapper/pull/411
    • Add support for ui runtime env variables by @manV in https://github.com/deepfence/ThreatMapper/pull/410
    • Secret scanner added to agent supervisor by @saurabh2253 in https://github.com/deepfence/ThreatMapper/pull/416
    • add exploit poc url in cve scan report by @ibreakthecloud in https://github.com/deepfence/ThreatMapper/pull/422
    • Fixed styling of input and delete button in vuln. management page by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/427
    • Fix error in api container init script deepfence/ThreatMapper#424 by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/429
    • Fix registry table bulk actions by @manV in https://github.com/deepfence/ThreatMapper/pull/438
    • Fixed masked filter not being sent to the API when generating reports… by @saiprasanth1303 in https://github.com/deepfence/ThreatMapper/pull/440
    • [Iss1503] Filtering on Runtime BOM page yields 0 results by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/448
    • [Iss1510] Data under Sbom is not shown right by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/449
    • Reworked helm chart for ThreatMapper by @runitmisra in https://github.com/deepfence/ThreatMapper/pull/425
    • Issue275 severity type parameter cicd by @sidd0529 in https://github.com/deepfence/ThreatMapper/pull/452
    • Consider presence of exploit when sorting most exploitable vulnerabilities by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/444
    • Add exploit link column for cve table by @manV in https://github.com/deepfence/ThreatMapper/pull/454
    • add agent set up instructions to console by @manV in https://github.com/deepfence/ThreatMapper/pull/437
    • Dependency upgrade by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/455
    • Add secret scanner binary and config in separate folder by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/456
    • Made minor improovement in runtime_sbom API by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/459
    • Trimmed leading and trailing white spaces of a string in forms by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/460
    • Changes in package scanner build by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/464
    • minor change in resource filter api response deepfence/ThreatMapper#428 by @mukuldeepfence in https://github.com/deepfence/ThreatMapper/pull/435
    • Docker Hub Registry not listing any images #465 by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/466
    • Fix scroll issues with agent instructions pages by @manV in https://github.com/deepfence/ThreatMapper/pull/461
    • fix diagnosis dropdown issues by @manV in https://github.com/deepfence/ThreatMapper/pull/468
    • Upgrade dependency by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/470
    • Add option to update postgres configuration and add cluster domain fo… by @jatin-baweja in https://github.com/deepfence/ThreatMapper/pull/471
    • Disable vulnerability db validity check to support air-gapped environments by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/475
    • Update ci/cd instructions by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/477
    • Fix connections report by @noboruma in https://github.com/deepfence/ThreatMapper/pull/478
    • Modified haproxy config to update dns cache of ui pod by @usandeepc in https://github.com/deepfence/ThreatMapper/pull/485
    • Upgrade elasticsearch version by @sidd0529 in https://github.com/deepfence/ThreatMapper/pull/481
    • make changes to reaper_task to handle es scan status being idle issues by @deviprasad303 in https://github.com/deepfence/ThreatMapper/pull/486
    • Fixed issue-462: Console not available by @shahpratikr in https://github.com/deepfence/ThreatMapper/pull/488
    • Update dropdown overflows on pop ups by @manV in https://github.com/deepfence/ThreatMapper/pull/493
    • Fresh product documentation by @ogarrett in https://github.com/deepfence/ThreatMapper/pull/487
    • Fix error in case of missing container tag by @manV in https://github.com/deepfence/ThreatMapper/pull/501
    • Use codec.NewDecoder instead of json.Unmarshal for scope NodeSummaries by @ramanan-ravi in https://github.com/deepfence/ThreatMapper/pull/503

    New Contributors

    • @shahpratikr made their first contribution in https://github.com/deepfence/ThreatMapper/pull/379
    • @shubhamjain32 made their first contribution in https://github.com/deepfence/ThreatMapper/pull/390
    • @runitmisra made their first contribution in https://github.com/deepfence/ThreatMapper/pull/425
    • @sidd0529 made their first contribution in https://github.com/deepfence/ThreatMapper/pull/452
    • @noboruma made their first contribution in https://github.com/deepfence/ThreatMapper/pull/478
    • @usandeepc made their first contribution in https://github.com/deepfence/ThreatMapper/pull/485
    • @deviprasad303 made their first contribution in https://github.com/deepfence/ThreatMapper/pull/486

    Full Changelog: https://github.com/deepfence/ThreatMapper/compare/v1.3.0...v1.3.1

    Source code(tar.gz)
    Source code(zip)

  • v1.3.0(Mar 15, 2022)

    ThreatMapper 1.3.0 Release

    ThreatMapper 1.3.0 is a feature release, with a number of enhancements and fixes:

    New Features

    • Secret Scanning: Scan containers and host filesystems, looking for possible unprotected secrets such as access tokens, keys and passwords.
    • SBOM Generation: Generate and export runtime SBOMs (Software Bill of Materials) from running workloads and hosts.
    • Updated Vulnerability Scanning: using Anchore syft and grype.
    • Attack Path Visualization: improved visualization identifes and classifies more attack path types

    Upgrading to ThreatMapper 1.3

    Please note that versions of the sensor agent prior to the 1.3 release will not interoperate with the ThreatMapper 1.3 management console, due to the architectural changes in SBOM generation and vulnerability scanning. To upgrade from an earlier ThreatMapper release:

    • Update the Management Console to version 1.3.0
    • Update sensor deployments to version 1.3.0

    Please see the documentation for more information.

    Full Changelog: https://github.com/deepfence/ThreatMapper/commits/v1.3.0

    Source code(tar.gz)
    Source code(zip)

  • v1.2.0(Mar 8, 2022)

    ThreatMapper 1.2.0 Release

    ThreatMapper 1.2.0 is a feature release, with a number of enhancements and fixes:

    New Features

    • Attack Path visualization: using analysis of network traffic, the Attack Path visualisation identifies vulnerable workloads that are open to internet traffic, even when they are behind multiple layers of proxies.
    • Support for AWS Fargate workloads: ThreatMapper sensor agents may be deployed as sidecars to AWS Fargate workloads.
    • Integration with Google Chronicle: push events, alerts and scan results to Google Chronicle for archiving and analysis.

    Major Enhancements

    • Improved 'most exploitable vulnerability' calculation: applying more weight to proximity to the attack surface and to active network connections, to better prioritize workloads at greater risk.
    • Broader support for Kubernetes and containerd: a number of updates addresses issues where manual and automated scans of Kubernetes/containerd-hosted containers would fail.
    • Enhancements to registry scans: including support for AWS ECR target account role ARN, better feedback on progress, and support for tag-based filtering of artifacts.
    • Multiple UI and user experience improvements: the ability to invite users to the Management Console without the need to configure an email relay, and more metadata reported against containers and other workloads so you can more easily identify them.

    Full Changelog: https://github.com/deepfence/ThreatMapper/commits/v1.2.0

    Source code(tar.gz)
    Source code(zip)
Owner
null
GitHub https://www.deepfence.io
Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers Benchmark specification

lxd-probe Scan your Linux container runtime !! Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and outp

Chen Keinan 16 Dec 26, 2022
Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

Open Service Mesh (OSM) Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure,

Open Service Mesh 2.5k Jan 2, 2023
ip-masq-agent-v2 aims to solve more specific networking cases, allow for more configuration options, and improve observability compared to the original.

ip-masq-agent-v2 Based on the original ip-masq-agent, v2 aims to solve more specific networking cases, allow for more configuration options, and impro

Microsoft Azure 5 Aug 31, 2022
The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

AWS Service Enumeration Disclaimer The tool is in beta stage (testing in progress), no destructive API Calls used ( read only actions ). I hope, there

Pavel Shabarkin 121 Dec 23, 2022
provide api for cloud service like aliyun, aws, google cloud, tencent cloud, huawei cloud and so on

cloud-fitter 云适配 Communicate with public and private clouds conveniently by a set of apis. 用一套接口,便捷地访问各类公有云和私有云 对接计划 内部筹备中,后续开放,有需求欢迎联系。 开发者社区 开发者社区文档

null 24 Dec 20, 2022
The open source public cloud platform. An AWS alternative for the next generation of developers.

M3O M3O is an open source public cloud platform. We are building an AWS alternative for the next generation of developers. Overview AWS was a first ge

Micro Services 2.2k Jan 2, 2023
Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Network, Service & Security Observability for Kubernetes What is Hubble? Getting Started Features Service Dependency Graph Metrics & Monitoring Flow V

Cilium 2.4k Jan 2, 2023
K8s controller implementing Multi-Cluster Services API based on AWS Cloud Map.

AWS Cloud Map MCS Controller for K8s Introduction AWS Cloud Map multi-cluster service discovery for Kubernetes (K8s) is a controller that implements e

Amazon Web Services 69 Dec 17, 2022
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 80 Dec 6, 2022
Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification

OpenShift-Ordeal Scan your Openshift cluster !! OpenShift-Ordeal is an open source audit scanner who perform audit check on OpenShift Cluster and outp

chenk 5 Sep 6, 2022
Cloud-on-k8s- - Elastic Cloud on Kubernetes (ECK)

Elastic Cloud on Kubernetes (ECK) Elastic Cloud on Kubernetes automates the depl

null 1 Jan 29, 2022
Write controller-runtime based k8s controllers that read/write to git, not k8s

Git Backed Controller The basic idea is to write a k8s controller that runs against git and not k8s apiserver. So the controller is reading and writin

Darren Shepherd 50 Dec 10, 2021
K8s-cinder-csi-plugin - K8s Pod Use Openstack Cinder Volume

k8s-cinder-csi-plugin K8s Pod Use Openstack Cinder Volume openstack volume list

douyali 0 Jul 18, 2022
K8s-ingress-health-bot - A K8s Ingress Health Bot is a lightweight application to check the health of the ingress endpoints for a given kubernetes namespace.

k8s-ingress-health-bot A K8s Ingress Health Bot is a lightweight application to check the health of qualified ingress endpoints for a given kubernetes

Aaron Tam 0 Jan 2, 2022
K8s-go-structs - All k8s API Go structs

k8s-api go types Why? Its nice to have it all in a single package. . |-- pkg |

Aatman 3 Jul 17, 2022
Planet Scale Robotics - Offload computation-heavy robotic operations to GPU powered world's first cloud-native robotics platform.

robolaunch ?? Planet Scale Robotics - Offload computation-heavy robotic operations to GPU powered world's first cloud-native robotics platform. robola

robolaunch 27 Jan 1, 2023
Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers.

Cloud-Z Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers. Cloud type, instance id, and type CPU infor

CloudSnorkel 16 Jun 8, 2022
Hexa is the open-source, standards-based policy orchestration software for multi-cloud and hybrid businesses.

Hexa Policy Orchestrator Hexa is the open-source, standards-based policy orchestration software for multi-cloud and hybrid businesses. The Hexa projec

Hexa Policy Orchestration 57 Dec 22, 2022
TriggerMesh open source event-driven integration platform powered by Kubernetes and Knative.

TriggerMesh open source event-driven integration platform powered by Kubernetes and Knative. TriggerMesh allows you to declaratively define event flows between sources and targets as well as add even filter, splitting and processing using functions.

TriggerMesh 373 Dec 30, 2022