Deepfence open-sources ThreatMapper to find and rank software vulnerabilities>
News Ini
Deepfence, a cloud-native security observability platform used by companies such as Amyris, Flexport, and Harness, has open-sourced a tool that automatically finds, maps, and ranks application vulnerabilities across environments.

While Deepfence has always offered an enterprise edition and a community incarnation known as ThreatMapper, the latter of these is being released under an open source license from tomorrow (October 14).

The announcement comes as software supply chain attacks explode, with âupstreamâ open source components often in the firing line. Countless organizations, from government agencies to corporations, have been hit by targeted software supply chain attacks in the past year, leading President Biden to issue an executive order outlining measures to combat the threats, while âbig techâ has also upped their investments in protecting critical open source software.

ThreatMapper is built on top of dozens of community feeds that are used by other open source software security scanners out there, including the the National Vulnerability Database (NVD). It also funnels into databases from various vendors, operating system distributions, language maintainers, and GitHub repositories.

Deepfence initially launched ThreatMapper as a freemium, proprietary product last year, and in the intervening months the company has worked with âearly adoptersâ from the developer security operations (DevSecOps) community to refine the product and make it fully open source.
Link: https://newsini.com/news/deepfence-open-sources-threatmapper-to-find-and-rank-software-vulnerabilities?uid=143950