Cartography

Cartography is an open-source security and infrastructure visualization tool (security posture management) that builds a graph-based view of assets and their relationships across cloud and on-premises (on-prem) environments to support attack surface analysis and risk investigations.

• Aggregates security and infrastructure data from multiple systems into a single property graph (security analytics).
• Models cloud, on-prem, and Software-as-a-Service (SaaS) assets and their relationships using a graph database (asset and dependency mapping).
• Enables query-based analysis of attack paths, exposure, and misconfigurations via graph queries (threat modeling).
• Provides extensible data ingestion through plugins and integration modules for external services and APIs (integration framework).
• Supports recurring synchronization to keep the asset graph updated for security monitoring and auditing (continuous posture assessment).

More About Cartography

Cartography is an open-source tool focused on creating a unified, queryable graph of an organization’s infrastructure and security-relevant assets (security posture management). It ingests configuration and inventory data from multiple systems and normalizes that data into a property graph stored in a graph database. The project’s core goal is to help security and infrastructure teams understand asset relationships, identify attack paths, and support risk analysis workflows.

The project models infrastructure entities such as accounts, users, roles, networks, compute instances, containers, and various application or platform resources (asset and dependency mapping). These entities are represented as nodes, with edges expressing relationships like trust, permissions, network reachability, or ownership. By representing infrastructure as a graph, Cartography allows users to express security questions and investigative workflows as graph queries, such as finding exposed resources, over-privileged identities, or potential lateral movement paths (threat modeling).

Cartography includes ingestion modules that connect to external services and APIs to import data into the graph (integration framework). These modules support common cloud provider resources, identity and access management systems, and other infrastructure components, based on what is documented by the project. The ingestion process is designed to be idempotent and to synchronize state over time, so repeated runs update the graph to reflect current infrastructure without duplicating nodes (continuous posture assessment). This enables periodic or scheduled refreshes as part of regular Security Operations (SecOps).

The tool relies on a graph database backend where data is stored as labeled nodes and relationships (graph data management). Users interact with the data primarily through graph query languages supported by the chosen backend, enabling flexible analysis without predefined dashboards. Security teams can build custom queries to surface misconfigurations, unknown external exposures, or complex chains of access between identities and resources. This graph-centric approach can complement other security tools that operate on logs or metrics by providing a structural view of assets and their connections.

In enterprise environments, Cartography is typically integrated into SecOps, Cloud Security Posture Management (CSPM) practices, and compliance readiness workflows (security operations tooling). It can be run as part of scheduled jobs or Continuous Integration and Continuous Deployment (CI/CD) pipelines that keep the asset graph synchronized with evolving infrastructure. The extensible ingestion model allows organizations to add custom modules for in-house systems or additional SaaS platforms, aligning the graph with their specific environment. Within a broader tooling taxonomy, Cartography aligns with categories such as security asset inventory, attack path analysis, and graph-based infrastructure observability.