I’m installing and testing Deepfence’s Threatmapper for the first time, an Open Source Cloud Native Application Protection Platform (CNAPP) - To test it against some use cases and understand it a bit better.

Modules tested

#

• Cloud Security Posture (CSPM) in AWS (CIS Benchmarks, NIST, etc. compliance scanning)
  • I found this module not too worthy: It sets up an ECS task for reasons I don’t understand, which cost money (I let it run for 4 days and it cost me around $15 USD), and we can simply run Prowler for the same exact purpose.
• Linux Security Posture - Configuration assessment
• Internal Vulnerability scans on Linux Hosts
• Secret Scanning (Great feature, but I’ve had issues making it work) - Very interesting feature
• Malware Scanning (Same issue happening) - Very interesting feature
• Public container registry security scan (I’m having a hard time understanding how to specify Docker images and namespaces) - Very interesting feature

Architecture & Deployment

#

• Platform: Proxmox
• Amazon Web Services: ECS task (As per Deepfence’s documentation for AWS cloud scanners )
• Networking: Cloudflare Tunnels | Tried Tailscale overlay network but didn’t have success running it in the same AWS ECS task so I weren’t able to establish communication privately between AWS ECS cloud scanner ↔ Deepfence Web Console
• Linux Agent Scanner: Another Debian 12 VM

Terraform Issues

#

Had to modify the Terraform template with an updated AWS version provider. Everything went smoothly from here:

provider "aws" {
    version = "~> 5.0"
  # AWS region: Example: us-east-1
  region = "us-east-1"
}

ERRORS & ISSUES

#

Secret Scanner in Copilot host always with errors. Inspecting the logs: