With over 4,000 stars on Github, the ThreatMapper CNAPP hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. It uses a combination of agent-based inspection and agentless monitoring to provide the widest possible coverage to detect threats.
SecretScanner can find unprotected secrets in container images or file systems. SecretScanner is included in ThreatMapper and also as a standalone tool that retrieves and searches container and host file systems, matching the contents against a database of approximately 140 secret types.
PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis.
FlowMeter classifies packets and flows as benign or malicious with high true positives (TP) and low false positives (FP). Use the labeled data to reduce amount of traffic requiring deeper analysis. Additionally it categorizes packets into flows and shows a rich ensemble of flow data and statistics.
YaraHunter scans container images, running Docker containers, and file systems to find indicators of malware. It uses a YARA ruleset to identify resources that match known malware signatures, and may indicate that the container or filesystem has been compromised.
eBPFGuard is a library for managing Linux security policies. It is based on LSM hooks, but without necessity to write any kernel modules or eBPF programs directly. It allows to write policies in Rust (or YAML) in user space. It's based on eBPF and Aya library, but takes away the need to use them directly.