News, news analysis, and commentary on the latest trends in cybersecurity technology.

ThreatMapper Updated With New Scanning Tools

ThreatMapper 1.3.0 features secret scanning and the ability to enumerate a software bill of materials at runtime to help secure serverless, Kubernetes, container, and multicloud environments.

Dark Reading Staff, Dark Reading

March 17, 2022

1 Min Read
Man in suit looking in the distance while standing inside a cloud.
Source: Ivan Bliznetsov via iStock

The latest version of ThreatMapper, an open source security observability platform, now comes with a tool to scan for secrets in production workloads and maintain a runtime software bill of materials, says Deepfence, the company maintaining the tool.

ThreatMapper is a cloud-native tool security teams can use to scan, map, and rank vulnerabilities and other potential security issues in serverless, Kubernetes, container, and multicloud environments. Deepfence released ThreatMapper as an open source tool last October.

In the latest update, Deepfence added the popular SecretScanner tool to ThreatMapper to scan production workloads and container images in registries and report whether any sensitive secrets – such as API keys, passwords, encryption keys, authentication tokens, and other sensitive credentials – have been left behind. SecretScanner can look for over 140 different secret types, Deepfence says. With this capability, security teams get a complete list of all sensitive secrets exposed in the production environment. SecretScanner can be accessed through the ThreatMapper user interface as well as the API.

ThreatMapper 1.3.0 also now has the ability to enumerate a software bill of materials at runtime. By looking at what is actually running in production environments – packages, processes, and other activities – users would be able to detect whether anything new has been added without their awareness.

Read more about the new features in ThreatMapper 1.3.0 from Deepfence.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights