Metadata-Version: 2.4
Name: cartography
Version: 0.136.0
Summary: Explore assets and their relationships across your technical infrastructure.
Maintainer: Cartography Contributors
License-Expression: Apache-2.0
Project-URL: Homepage, https://cartography-cncf.github.io/cartography
Project-URL: Documentation, https://cartography-cncf.github.io/cartography
Project-URL: Repository, https://github.com/cartography-cncf/cartography
Project-URL: Issues, https://github.com/cartography-cncf/cartography/issues
Project-URL: Changelog, https://github.com/cartography-cncf/cartography/releases
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Natural Language :: English
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: backoff>=2.1.2
Requires-Dist: boto3>=1.15.1
Requires-Dist: aioboto3>=15.0.0
Requires-Dist: httpx>=0.24.0
Requires-Dist: botocore>=1.18.1
Requires-Dist: dnspython>=2.0.0
Requires-Dist: neo4j>=6.0.0
Requires-Dist: policyuniverse>=1.1.0.0
Requires-Dist: google-api-python-client>=2.0.0
Requires-Dist: google-auth>=2.37.0
Requires-Dist: google-cloud-storage>=2.0.0
Requires-Dist: marshmallow>=4.0.0
Requires-Dist: oci>=2.71.0
Requires-Dist: okta<1.0.0
Requires-Dist: PyJWT[crypto]>=2.0.0
Requires-Dist: cryptography>=45.0.0
Requires-Dist: pyyaml>=5.3.1
Requires-Dist: requests>=2.22.0
Requires-Dist: statsd>=4.0.0
Requires-Dist: packaging>=26.0.0
Requires-Dist: packageurl-python>=0.17.0
Requires-Dist: python-digitalocean>=1.16.0
Requires-Dist: adal>=1.2.4
Requires-Dist: azure-cli-core>=2.26.0
Requires-Dist: azure-mgmt-compute>=5.0.0
Requires-Dist: azure-mgmt-containerinstance>=10.0.0
Requires-Dist: azure-mgmt-keyvault>=10.0.0
Requires-Dist: azure-mgmt-resource<25,>=24.0.0
Requires-Dist: azure-mgmt-cosmosdb>=6.0.0
Requires-Dist: azure-mgmt-web>=7.0.0
Requires-Dist: azure-mgmt-eventgrid>=10.0.0
Requires-Dist: azure-mgmt-logic>=10.0.0
Requires-Dist: azure-mgmt-eventhub>=10.1.0
Requires-Dist: azure-keyvault-secrets>=4.0.0
Requires-Dist: azure-keyvault-keys>=4.0.0
Requires-Dist: azure-keyvault-certificates>=4.0.0
Requires-Dist: azure-mgmt-datafactory>=8.0.0
Requires-Dist: azure-mgmt-containerservice>=30.0.0
Requires-Dist: azure-mgmt-network>=25.0.0
Requires-Dist: azure-mgmt-security>=5.0.0
Requires-Dist: azure-mgmt-monitor>=3.0.0
Requires-Dist: msrestazure>=0.6.4
Requires-Dist: azure-mgmt-storage>=16.0.0
Requires-Dist: azure-mgmt-sql>=3.0.1
Requires-Dist: azure-mgmt-authorization>=0.60.0
Requires-Dist: azure-identity>=1.5.0
Requires-Dist: azure-storage-blob>=12.0.0
Requires-Dist: msgraph-sdk>=1.53.0
Requires-Dist: kubernetes>=22.6.0
Requires-Dist: pagerduty>=4.0.1
Requires-Dist: crowdstrike-falconpy>=0.5.1
Requires-Dist: python-dateutil>=2.9.0
Requires-Dist: xmltodict>=1.0.0
Requires-Dist: duo-client>=5.5.0
Requires-Dist: cloudflare>=4.1.0
Requires-Dist: scaleway>=2.10.0
Requires-Dist: google-cloud-resource-manager>=1.14.2
Requires-Dist: google-cloud-asset>=1.0.0
Requires-Dist: google-cloud-artifact-registry>=1.21.0
Requires-Dist: google-cloud-aiplatform>=1.127.0
Requires-Dist: google-cloud-run>=0.13.0
Requires-Dist: types-aiobotocore-ecr>=3.1.0
Requires-Dist: typer>=0.9.0
Requires-Dist: azure-mgmt-synapse>=2.0.0
Requires-Dist: azure-synapse-artifacts>=0.17.0
Requires-Dist: slack-sdk>=3.37.0
Requires-Dist: workos>=6.0.5
Dynamic: license-file

![Cartography](docs/root/images/logo-horizontal.png)

<div align="center">

[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/cartography-cncf/cartography/badge)](https://scorecard.dev/viewer/?uri=github.com/cartography-cncf/cartography)
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9637/badge)](https://www.bestpractices.dev/projects/9637)
![build](https://github.com/cartography-cncf/cartography/actions/workflows/publish-to-ghcr-and-pypi.yml/badge.svg)

[Documentation](https://cartography-cncf.github.io/cartography/)
</div>

Cartography is a Python tool that pulls infrastructure assets and their relationships into a [Neo4j](https://www.neo4j.com) graph database.

**What it connects:** AWS, GCP, Azure, Kubernetes, GitHub, Okta, Entra ID, CrowdStrike, and [30+ more platforms](#supported-platforms).

**Questions it answers:**
- Which identities have access to which datastores? How about across multiple tenants, or providers?
- Am I affected by any critical vulnerabilities or compromised software packages?
- What are the network paths in and out of my environment?
- Which compute instances are exposed to the internet?
- What AI agents are running in production, and what permissions do they have?

![Visualization of RDS nodes and AWS nodes](docs/root/images/accountsandrds.png)

## Quick Start

### Install Cartography

```bash
pip install cartography
```

### Start Neo4j database

```bash
docker run -d --publish=7474:7474 --publish=7687:7687 -v data:/data --env=NEO4J_AUTH=none neo4j:5-community
```

Confirm that http://localhost:7474 is up.

### Sync your first data source (AWS example)

Ensure your AWS credentials and default region are configured (e.g. via `AWS_PROFILE`, `AWS_DEFAULT_REGION`, or `~/.aws/config`). See [AWS credentials docs](https://docs.aws.amazon.com/boto3/latest/guide/credentials.html#configuring-credentials) for reference.

Run Cartography:

```bash
cartography --neo4j-uri bolt://localhost:7687 --selected-modules aws
```

See the [full install guide](https://cartography-cncf.github.io/cartography/install.html) for other platforms.

### Query the graph

Open http://localhost:7474 and try:

```cypher
// Find unencrypted RDS instances by account
MATCH (a:AWSAccount)-[:RESOURCE]->(rds:RDSInstance{storage_encrypted:false})
RETURN a.name, rds.id
```

```cypher
// Find EC2 instances exposed to the internet
MATCH (instance:EC2Instance{exposed_internet: true})
RETURN instance.instanceid, instance.publicdnsname
```

See the [querying tutorial](https://cartography-cncf.github.io/cartography/usage/tutorial.html) and [data schema](https://cartography-cncf.github.io/cartography/usage/schema.html) for more use-cases.

### Run security rules

Check your environment against common security frameworks:

```bash
cartography-rules run all
```

See [the rules docs](https://cartography-cncf.github.io/cartography/usage/rules.html) for more detail.

## Supported platforms

<details>
<summary>Click to expand full list of 30+ supported platforms</summary>

- [Airbyte](https://cartography-cncf.github.io/cartography/modules/airbyte/index.html) - Organization, Workspace, User, Source, Destination, Connection, Tag, Stream
- [Amazon Web Services](https://cartography-cncf.github.io/cartography/modules/aws/index.html) - ACM, API Gateway, Bedrock, CloudWatch, CodeBuild, Config, Cognito, EC2, ECS, ECR (including multi-arch images, image layers, and attestations), EFS, Elasticsearch, Elastic Kubernetes Service (EKS), DynamoDB, Glue,  GuardDuty, IAM, Inspector, KMS, Lambda, RDS, Redshift, Route53, S3, SageMaker, Secrets Manager(Secret Versions), Security Hub, SNS, SQS, SSM, STS, Tags
- [AIBOM](https://cartography-cncf.github.io/cartography/modules/aibom/index.html) - AI component detections linked to ECR images
- [Anthropic](https://cartography-cncf.github.io/cartography/modules/anthropic/index.html) - Organization, ApiKey, User, Workspace
- [BigFix](https://cartography-cncf.github.io/cartography/modules/bigfix/index.html) - Computers
- [Cloudflare](https://cartography-cncf.github.io/cartography/modules/cloudflare/index.html) - Account, Role, Member, Zone, DNSRecord
- [Crowdstrike Falcon](https://cartography-cncf.github.io/cartography/modules/crowdstrike/index.html) - Hosts, Spotlight vulnerabilities, CVEs
- [DigitalOcean](https://cartography-cncf.github.io/cartography/modules/digitalocean/index.html)
- [Duo](https://cartography-cncf.github.io/cartography/modules/duo/index.html) - Users, Groups, Endpoints
- [GitHub](https://cartography-cncf.github.io/cartography/modules/github/index.html) - repos, branches, users, teams, dependency graph manifests, dependencies
- [Google Cloud Platform](https://cartography-cncf.github.io/cartography/modules/gcp/index.html) - Artifact Registry, Bigtable, Cloud Functions, Cloud Resource Manager, Cloud Run, Cloud SQL, Compute, DNS, IAM, KMS, Secret Manager, Storage, Google Kubernetes Engine, Vertex AI
- [Google Workspace](https://cartography-cncf.github.io/cartography/modules/googleworkspace/index.html) - users, groups, devices, OAuth apps
- [Jumpcloud](https://cartography-cncf.github.io/cartography/modules/jumpcloud/index.html)
- [Kandji](https://cartography-cncf.github.io/cartography/modules/kandji/index.html) - Devices
- [Keycloak](https://cartography-cncf.github.io/cartography/modules/keycloak/index.html) - Realms, Users, Groups, Roles, Scopes, Clients, IdentityProviders, Authentication Flows, Authentication Executions, Organizations, Organization Domains
- [Kubernetes](https://cartography-cncf.github.io/cartography/modules/kubernetes/index.html) - Cluster, Namespace, Service, Pod, Container, ServiceAccount, Role, RoleBinding, ClusterRole, ClusterRoleBinding, OIDCProvider
- [Lastpass](https://cartography-cncf.github.io/cartography/modules/lastpass/index.html) - users
- [Microsoft Azure](https://cartography-cncf.github.io/cartography/modules/azure/index.html) - App Service, Container Instance, CosmosDB, Data Factory, Event Grid, Firewall, Firewall Policy, Functions, Key Vault, Azure Kubernetes Service (AKS), Load Balancer, Logic Apps, Resource Group, SQL, Storage, Virtual Machine, Virtual Networks
- [Microsoft Entra ID](https://cartography-cncf.github.io/cartography/modules/entra/index.html) -  Users, Groups, Applications, OUs, App Roles, federation to AWS Identity Center, Intune Managed Devices, Intune Detected Apps, Intune Compliance Policies
- [CVE Metadata](https://cartography-cncf.github.io/cartography/modules/cve_metadata/index.html) - CVE enrichment with CVSS, EPSS scores, and CISA KEV data from NVD and FIRST.org
- [NIST CVE](https://cartography-cncf.github.io/cartography/modules/cve/index.html) - Common Vulnerabilities and Exposures (CVE) data from NIST database (deprecated - use CVE Metadata instead)
- [Okta](https://cartography-cncf.github.io/cartography/modules/okta/index.html) - users, groups, organizations, roles, applications, factors, trusted origins, reply URIs, federation to AWS roles, federation to AWS Identity Center
- [OpenAI](https://cartography-cncf.github.io/cartography/modules/openai/index.html) - Organization, AdminApiKey, User, Project, ServiceAccount, ApiKey
- [Oracle Cloud Infrastructure](https://cartography-cncf.github.io/cartography/modules/oci/index.html) - IAM
- [PagerDuty](https://cartography-cncf.github.io/cartography/modules/pagerduty/index.html) - Users, teams, services, schedules, escalation policies, integrations, vendors
- [Scaleway](https://cartography-cncf.github.io/cartography/modules/scaleway/index.html) - Projects, IAM, Local Storage, Instances
- [SentinelOne](https://cartography-cncf.github.io/cartography/modules/sentinelone/index.html) - Accounts, Agents, Applications, Application Versions, CVEs
- [Slack](https://cartography-cncf.github.io/cartography/modules/slack/index.html) - Teams, Users, UserGroups, Channels
- [SnipeIT](https://cartography-cncf.github.io/cartography/modules/snipeit/index.html) - Users, Assets
- [Socket.dev](https://cartography-cncf.github.io/cartography/modules/socketdev/index.html) - Organizations, Repositories, Dependencies, Security Alerts (CVE, malware, supply chain risks), Fixes
- [Spacelift](https://cartography-cncf.github.io/cartography/modules/spacelift/index.html) - Accounts, Spaces,Users, Stacks, WorkerPools, Workers, Runs, GitCommits
- [SubImage](https://cartography-cncf.github.io/cartography/modules/subimage/index.html) - Tenant, TeamMember, APIKey, Neo4jUser, Module, Framework
- [Tailscale](https://cartography-cncf.github.io/cartography/modules/tailscale/index.html) - Tailnet, Users, Devices, Groups, Tags, PostureIntegrations, DevicePostures, DevicePostureConditions, device posture compliance relationships
- [Trivy Scanner](https://cartography-cncf.github.io/cartography/modules/trivy/index.html) - AWS ECR Images

</details>


## Community

- Join us on Slack: [CNCF Slack](https://communityinviter.com/apps/cloud-native/cncf) in the `#cartography` channel.
- [Monthly community meeting](https://zoom-lfx.platform.linuxfoundation.org/meetings/cartography?view=week) — [minutes](https://docs.google.com/document/d/1VyRKmB0dpX185I15BmNJZpfAJ_Ooobwz0U1WIhjDxvw) · [past recordings](https://www.youtube.com/playlist?list=PLMga2YJvAGzidUWJB_fnG7EHI4wsDDsE1)


## Contributing

Thank you for considering contributing to Cartography!

All contributors and participants must follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).

Submit a GitHub issue to report a bug or request a new feature. Larger discussions happen in [GitHub Discussions](https://github.com/cartography-cncf/cartography/discussions).

Get started with our [developer documentation](https://cartography-cncf.github.io/cartography/dev/developer-guide.html).


## Who uses Cartography?

1. [Lyft](https://www.lyft.com)
1. [Thought Machine](https://thoughtmachine.net/)
1. [MessageBird](https://messagebird.com)
1. [Cloudanix](https://www.cloudanix.com/)
1. [Corelight](https://www.corelight.com/)
1. [SubImage](https://subimage.io)
1. [Superhuman](https://superhuman.com/)
1. {Your company here} :-)

If your organization uses Cartography, please file a PR and update this list. Say hi on Slack too!


## License

This project is licensed under the [Apache 2.0 License](LICENSE).

---

Cartography is a [Cloud Native Computing Foundation](https://www.cncf.io/) sandbox project.<br>
<div style="background-color: white; display: inline-block; padding: 10px;">
  <img src="docs/root/images/cncf-color.png" alt="CNCF Logo" width="200">
</div>
