Deepfence ThreatMapper 1.3.0 allows users to scan workloads and hosts for sensitive secrets
Deepfence released ThreatMapper 1.3.0, the latest version of the open source project that provides users and companies with the ability to perform not only “shift left” scanning during development, but also vulnerability scanning in production environments at runtime.
The latest version of ThreatMapper extends scanning capabilities to include a highly effective security feature called SecretScanner. This popular open source tool is now available via the ThreatMapper UI and API and enables users to scan for and report sensitive secrets left inadvertently in production workloads and in container images in registries.
Finding and securing sensitive secrets before bad actors do is essential to preventing unauthorized access to enterprise keys that unlock access to databases and other critical infrastructure. The addition of secret scanning technology within ThreatMapper enables security teams to schedule scans for both vulnerabilities and secrets in production, assess the risks associated with each, and prioritize remediation accordingly.
“Secrets, such as encryption keys, authentication tokens, and passwords, are invaluable to an attacker looking to spread laterally through systems and compromise additional workloads,” said Chris Steffen, Research Director at Enterprise Management Associates. “By adding these new features to ThreatMapper, Deepfence has created a wide-ranging vulnerability scanning solution that protects workloads in development and in often-overlooked production environments. It’s a unique and effective approach for the times.”
ThreatMapper 1.3.0 also adds the ability for organizations to enumerate a software bill of materials (SBOM) at runtime. Maintaining SBOMs is now regarded as a must-have activity for all security professionals. ThreatMapper takes this one step further by applying runtime context about code, compute, and cloud data – along with live network traffic data – to understand what is running in production environments. A runtime SBOM provides leading edge threat detection. New packages, processes, or activities happening within your infrastructure that deviate from what was put into production are signs of attacks in progress that need to be reviewed and remediated immediately.
“Now with secret scanning and more SBOM capabilities, ThreatMapper continues to set the bar for open source solutions befitting the evolving needs of DevSecOps professionals and the modern applications they protect,” said Owen Garrett, Head of Products and Community at Deepfence. “As with all new additions to ThreatMapper, our mission is to create an industry-first security observability solution that helps users and organizations stay one step ahead of even the most sophisticated attackers, both when developing new products and services and running them in production.”
By adding even more features that can scan running operating systems, applications, containers, and serverless workloads for vulnerable software components and exploit attempts, ThreatMapper is quickly emerging as an open platform on which users and partners can build secure integrations and solutions.
Since Deepfence contributed the ThreatMapper project to the security community in October 2021, the 100% open source project has grown to more than 1,200 stars on GitHub and more than 500,000 pull requests from DockerHub. The project has been instrumental in helping users conduct the onerous task of identifying vulnerable components, such as Log4j instances, in their running applications and prioritize them based on their risk of exploit, so that efforts can be directed to fix those that matter the most.