Cartography
Lyft’s tool to sync AWS, GCP, Azure, GitHub, and more into a Neo4j graph for attack-path and permission analysis.
Why it is included
Open approach to ‘inventory as a graph’ used for cloud security reviews and blast-radius reasoning.
Best for
Teams that want graph queries (Cypher) over IAM, EC2, DNS, and cross-account edges.
Strengths
- Multi-asset sync
- Neo4j queries
- Extensible intel modules
Limitations
- Requires Neo4j ops; sync jobs need cloud API credentials scoped carefully
Good alternatives
Steampipe + external graph · commercial CSPM graphs
Related tools
Security & Privacy
Steampipe
SQL layer over cloud and SaaS APIs—compose compliance and inventory queries across AWS, Azure, GCP, GitHub, Okta, and hundreds of plugins.
Security & Privacy
BloodHound
Active Directory attack-path graphing: ingest collectors, map privilege chains, and plan remediations.
Security & Privacy
ScoutSuite
Multi-cloud security auditing: AWS, Azure, GCP, Alibaba—HTML reports highlighting misconfigurations and risky resources.
Security & Privacy
osquery
Expose OS state as SQL tables—processes, sockets, users, browser extensions—for fleet visibility and compliance.
Security & Privacy
OpenCTI
Open cyber threat intelligence platform with knowledge graph, connectors (MISP, STIX/TAXII), and investigation UI.
Security & Privacy
Prowler
Open cloud security assessment for AWS, Azure, GCP, and M365: CIS, PCI, HIPAA-style checks and compliance reports.