cartography VS fixinventory

Cartography (Python application) will get you part of the way there, in that it will discover the state of the environment, record node information and relationships in a graph database, and can be easily extended. You can also then easily write queries about the relationships of various resources to answer questions like “what can I reach from VPC X”. Drawing diagrams though is very hard to do well without extra input.

Build an asset inventory of the cloud environment. (using an OSS project called cartography)

The project is still early, so we’d love your feedback! We’ve based our cloud asset inventory on another great OSS project called cartography. So far, we’ve added misconfiguration checks and common identity-based attack paths. Up next on our roadmap are network/access graph visualizations, vulnerability scanning, and secret scanning!

The first step involved in threat modelling is to build an architecture diagram of the system you are protecting. This also involves building a list of assets in the system. You cannot protect something which you don’t have visibility over. We can use tools such as CloudMapper from the previous step for building an architecture diagram of an AWS cloud environment. There are similar tools for threat modeling for other cloud service providers like Cartography.

Lyft made a tool called Cartography, which scrapes your AWS Account(s) and inserts representations of many of your cloud resources into a Neo4j (graph) database. This makes it easy to query and discover how things are connected in your account.

Recently, we at Cloudanix made open source contributions to the Cartography project by Lyft. We contributed to the pre-existing AWS module by adding support for KMS and API gateway. Since the Cartography project did not have support for Microsoft Azure, we started from scratch to add that capability to Cartography. We added support for Azure services like CosmosDB, SQL, Storage, and Virtual Machines.

[2] https://github.com/lyft/cartography

The reasoning is explained in the very section of our Github org README you quoted this sentence from. Our main open source project is Fix Inventory (https://github.com/someengineering/fixinventory) and that is very well documented (https://inventory.fix.security) and uses no commercial 3rd party libraries.

The Fix SaaS frontend that you're referring to and that you find at https://fix.security builds upon Fix Inventory. We could have just made it closed-source like every other SaaS (think Grafana Cloud). But because I'm a big proponent of OSS we decided to open source our entire SaaS stack, frontend, backend as well as all internal tooling. The main intend here is transparency, not so you spin up your own SaaS environment.

Essentially we develop the SaaS for ourselves first and foremost, but saw no reason to make it closed source. So that is why it might be using any number of commercial 3rd party add-ons.

> I'm curious to know what Material UI provided that any other open-source UI library did not.

I believe it was some MUI X table features like multi row sorting that we didn't feel like re-implementing. I'm sure there's other open source libs that would do that, but we've settled on MUI and are not going to start mixing different UI libraries for different visual elements if we don't absolutely have to.

It is a good time for send the showreel of serious apps in Godot:

https://www.youtube.com/watch?v=9kKp0oguzr8

I know a free software monitoring tool made with Godot:

https://www.youtube.com/watch?v=AVAU2JjvHug

https://github.com/someengineering/resoto

Resoto: https://resoto.com/

It is a sub-project of our cloud resource management tool Resoto but runs standalone and stateless. It's meant for easy integration into your own data pipelines.

--> https://github.com/someengineering/resoto