• Stars
    star
    2,949
  • Rank 15,358 (Top 0.4 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated about 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.

Cartography

Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.

Visualization of RDS nodes and AWS nodes

Why Cartography?

Cartography aims to enable a broad set of exploration and automation scenarios. It is particularly good at exposing otherwise hidden dependency relationships between your service's assets so that you may validate assumptions about security risks.

Service owners can generate asset reports, Red Teamers can discover attack paths, and Blue Teamers can identify areas for security improvement. All can benefit from using the graph for manual exploration through a web frontend interface, or in an automated fashion by calling the APIs.

Cartography is not the only security graph tool out there, but it differentiates itself by being fully-featured yet generic and extensible enough to help make anyone better understand their risk exposure, regardless of what platforms they use. Rather than being focused on one core scenario or attack vector like the other linked tools, Cartography focuses on flexibility and exploration.

You can learn more about the story behind Cartography in our presentation at BSidesSF 2019.

Install and configure

Start here.

Supported platforms

  • Amazon Web Services - API Gateway, Config, EC2, ECS, ECR, Elasticsearch, Elastic Kubernetes Service (EKS), DynamoDB, IAM, Inspector, KMS, Lambda, RDS, Redshift, Route53, S3, Secrets Manager, Security Hub, SQS, SSM, STS, Tags
  • Google Cloud Platform - Cloud Resource Manager, Compute, DNS, Storage, Google Kubernetes Engine
  • Google GSuite - users, groups
  • Duo CRXcavator - Chrome extensions, GSuite users
  • Oracle Cloud Infrastructure - IAM
  • Okta - users, groups, organizations, roles, applications, factors, trusted origins, reply URIs
  • Github - repos, branches, users, teams
  • DigitalOcean
  • Microsoft Azure - CosmosDB, SQL, Storage, Virtual Machine
  • Kubernetes - Cluster, Namespace, Service, Pod, Container
  • PagerDuty - Users, teams, services, schedules, escalation policies, integrations, vendors
  • Crowdstrike Falcon - Hosts, Spotlight vulnerabilites, CVEs
  • NIST CVE - Common Vulnerabilities and Exposures (CVE) data from NIST database
  • Lastpass - users
  • BigFix - Computers
  • Duo - Users, Groups, Endpoints

Usage

Start with our tutorial. Our data schema is a helpful reference when you get stuck.

Contact

Community Meeting

Talk to us and see what we're working on at our monthly community meeting.

  • Meeting minutes are here.
  • Recorded videos are posted here.
  • Our current project road map is here.

Contributing

Thank you for considering contributing to Cartography!

Code of conduct

Legal stuff: This project is governed by Lyft's code of conduct. All contributors and participants agree to abide by its terms.

Developing Cartography

Get started with our developer documentation.

Sign the Contributor License Agreement (CLA)

We require a CLA for code contributions, so before we can accept a pull request we need to have a signed CLA. Please visit our CLA service and follow the instructions to sign the CLA.

Who uses Cartography?

  1. Lyft
  2. Thought Machine
  3. MessageBird
  4. Cloudanix
  5. {Your company here} :-)

If your organization uses Cartography, please file a PR and update this list. Say hi on Slack too!

More Repositories

1

scissors

βœ‚ Android image cropping library
Java
1,841
star
2

confidant

Confidant: your secret keeper. https://lyft.github.io/confidant
Python
1,781
star
3

clutch

Extensible platform for infrastructure management
Go
1,670
star
4

react-javascript-to-typescript-transform

Convert React JavaScript code to TypeScript with proper typing
TypeScript
1,574
star
5

mapper

A JSON deserialization library for Swift
Swift
1,174
star
6

scoop

🍦 micro framework for building view based modular Android applications.
Java
1,036
star
7

Hammer

iOS touch synthesis library
Swift
642
star
8

protoc-gen-star

protoc plugin library for efficient proto-based code generation
Go
563
star
9

xiblint

A tool for linting storyboard and xib files
Python
522
star
10

flinkk8soperator

Kubernetes operator that provides control plane for managing Apache Flink applications
Go
508
star
11

domic

Reactive Virtual DOM for Android.
Kotlin
482
star
12

metadataproxy

A proxy for AWS's metadata service that gives out scoped IAM credentials from STS
Python
450
star
13

cni-ipvlan-vpc-k8s

AWS VPC Kubernetes CNI driver using IPvlan
Go
357
star
14

nuscenes-devkit

Devkit for the public 2019 Lyft Level 5 AV Dataset (fork of https://github.com/nutonomy/nuscenes-devkit)
Jupyter Notebook
352
star
15

presto-gateway

A load balancer / proxy / gateway for prestodb
JavaScript
337
star
16

toasted-marshmallow

S'More speed for Marshmallow
Python
297
star
17

Kronos-Android

An Open Source Kotlin SNTP library
Kotlin
239
star
18

coloralgorithm

Javacript function to produce color sets
JavaScript
225
star
19

awspricing

Python library for AWS pricing.
Python
201
star
20

discovery

This service provides a REST interface for querying for the list of hosts that belong to all microservices.
Python
185
star
21

linty_fresh

✨ Surface lint errors during code review
Python
183
star
22

universal-async-component

React Universal Async Component that works with server side rendering
TypeScript
180
star
23

python-blessclient

Python client for fetching BLESS certificates
Python
112
star
24

goruntime

Go client for Runtime application level feature flags and configuration
Go
84
star
25

omnibot

One slackbot to rule them all
Python
80
star
26

lyft-android-sdk

Public Lyft SDK for Android
Java
72
star
27

high-entropy-string

A library for classifying strings as potential secrets.
Python
60
star
28

gostats

Go client for Stats
Go
56
star
29

pynamodb-attributes

Common attributes for PynamoDB
Python
52
star
30

bandit-high-entropy-string

A high entropy string plugin for OpenStack's bandit project
Python
48
star
31

Lyft-iOS-sdk

Public Lyft SDK for iOS
Swift
43
star
32

python-kmsauth

A python library for reusing KMS for your own authentication and authorization
Python
38
star
33

opsreview

Compile a report of recent PagerDuty alerts for a single escalation policy.
Python
29
star
34

atlantis

Terraform automation for GitHub PRs (private fork of runatlantis/atlantis)
Go
18
star
35

lyft-node-sdk

Node SDK for the Lyft Public API
JavaScript
16
star
36

fake_sqs

An implementation of a local SQS service.
Ruby
15
star
37

lyft.github.io

This is code for oss.lyft.com website.
TypeScript
14
star
38

dockernetes

Run kubernetes inside a docker container.
Dockerfile
12
star
39

kustomizer

A container for running k8s kustomize
Shell
11
star
40

python-confidant-client

Client library and CLI for Confidant
Python
11
star
41

collectd-statsd

collectd plugin to write to statsd
Python
10
star
42

lyft-web-button

Build an actionable, Lyft-branded button for your website
JavaScript
9
star
43

dynamodb-hive-serde

Hive Deserializer for DynamoDB backup data format
Java
8
star
44

syx

Python 2 and 3 compatibility library from Lyft.
Python
7
star
45

lyft-node-samples

Sample applications using Node.js for the Lyft Public API
JavaScript
7
star
46

android-puzzlers

Android puzzles for Lyft Talks and more.
Java
6
star
47

lyft-go-sdk

Go SDK for the Lyft Public API
Go
6
star
48

lyft-django-sample

An API integration example using Django and social-auth.
Python
5
star
49

python-omnibot-receiver

Library for use by services that receive messages from omnibot.
Python
4
star
50

osscla

Open Source Contributor License Agreement service
Python
4
star
51

code-of-conduct

Code of Conduct for Lyft's open source projects
3
star
52

CLA

Contributor License Agreement (CLA) for Lyft's open source projects
3
star
53

awseipext

AWS Lambda that extends the EC2 Elastic IP API
Python
3
star
54

heroku-buildpack-php

Shell
2
star
55

lyft-go-samples

Sample applications in Go for the Lyft Public API
Go
1
star
56

flask-pystatsd

flask extension to simplify the use of the pystatsd library
Python
1
star
57

eventbot

A slackbot to help organize events
Python
1
star