Python tool that maps infrastructure assets and relationships into a Neo4j graph database
- Stars3.9k
- Forks520
- Open Issues96
Apache-2.0
- Python
- Dockerfile
- Cypher
About Cartography
Cartography pulls infrastructure assets and their relationships into a Neo4j graph database. It helps you answer questions about identity access, internet-exposed compute, network paths, vulnerable software, and other security relationships across your cloud and SaaS platforms.
It connects data from modules such as AWS, GCP, Azure, Kubernetes, GitHub, Okta, Entra ID, CrowdStrike, and 30+ more platforms. You can then query the graph with Cypher to map out attack paths, or run security rules with cartography-rules run all to check an environment against common frameworks.
Cartography runs locally against your own Neo4j instance, so you keep the graph and findings in your environment. Install it with pip, point it at a local database such as bolt://localhost:7687, and sync your first data source to start exploring.
Key features
- Loads infrastructure assets and relationships into Neo4j
- Connects AWS, GCP, Azure, Kubernetes, GitHub, Okta, and more
- Answers access, exposure, and vulnerability relationship questions
- Runs security rules with cartography-rules run all
- Supports local Neo4j connections such as bolt://localhost:7687
Details
- First released
- 2019
- Platforms
- Web · CLI
- Self-hosting
- Local Neo4j instance
- Database
- Neo4j graph database
- Language
- Python
- Governance
- CNCF project