Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.

https://github.com/lyft/cartography

The main goal of Cartography is to provide a high-level overview of a software system, highlighting key components, dependencies, and connections. It does this by parsing various types of data sources, such as code repositories, configuration files, and build artifacts, and using this data to create a graphical representation of the system. This representation can then be used to identify and analyze potential security risks and vulnerabilities, as well as to understand how the system is constructed and how it functions.

One of the key features of Cartography is its ability to parse and visualize complex dependencies within a software system. This is important because dependencies can introduce security risks if they are not properly managed. By visualizing these dependencies, Cartography helps security professionals and developers identify and understand the potential risks and vulnerabilities that may be present within a system.

Another key feature of Cartography is its ability to parse and visualize build artifacts, such as Docker images and Kubernetes configuration files. This is important because these artifacts contain information about how a system is constructed and deployed, which can be used to identify potential security risks and vulnerabilities.

In addition to its visualization capabilities, Cartography also includes a number of other features that help security professionals and developers analyze and understand software systems. For example, it includes a number of algorithms and tools for identifying and analyzing potential security risks and vulnerabilities, as well as for tracking and monitoring changes to a system over time.

Overall, Cartography is a powerful tool for visualizing and understanding complex software systems, with a focus on security-related issues. By providing a high-level overview of a system’s components, dependencies, and connections, it helps security professionals and developers identify and mitigate potential security risks and vulnerabilities, and build more secure software systems.