Resoto vs. Cartography
Resoto can be used as an alternative to Cartography.
Cartography is a Python-based tool developed in-house at Lyft that consolidates technical assets and the relationships between them in a graph database.
The Lyft security team uses Cartography to visualize security problems and detect vulnerabilities.
Cartography Use Cases
Cartography is designed for:
- Understanding cloud permission relationships
- Locating vulnerabilities in container images
- Revealing parent-child relationships between images in the form of dependency trees
Similarities Between Resoto and Cartography
Both Resoto and Cartography:
- Are open-source
- Use a graph database
- Take point-in-time snapshots of your infrastructure
- Reveal parent-child relationships between assets through the graph
- Support AWS, Google Cloud, Kubernetes, and GitHub
Differences Between Resoto and Cartography
In general, Cartography was built for security use cases. Since Lyft is an "AWS shop," Cartography prioritizes functionality for AWS services in use at Lyft.
| Resoto | Cartography | |
|---|---|---|
| Remediation | Integrates analytics and governance into a single product to enforce policies and perform actions on resources. Offers commands and jobs to automate remediation. Can be used to write custom code and rules for any resource in a cloud-agnostic way. | Only an analytics tool; unable to modify to resources. |
| User Interface | Ships with both a command-line interface and dashboards. Dashboards consist of customizable widgets to view resources, metrics, and charts. | Uses Neo4j Browser, which is optimized for Neo4J and graph visualization only. |
| Resource Coverage | Supports over 200 AWS resource types, over 75 Google Cloud, and over 25 DigitalOcean resource types. | Only supports about 20 AWS, 5 Azure, 5 Google Cloud, and 3 DigitalOcean resource types. |
| Data Model | Uses a unified data model for all platforms and resources. Unifying base properties and common abstractions allows you to search, sort, aggregate, and act on a higher level of abstraction and query resources across clouds. | Has a unique schema for every cloud provider. Writing queries require a specialized understanding of the data model for each service. |
| Metrics | Calculates metrics for infrastructure resources and exports them to a time-series database (e.g., Prometheus). | Does not offer metrics. |
| Syntax | Provides an easy-to-learn search syntax developed specifically for infrastructure resources. Resoto's syntax was designed to keep all the benefits of graph traversal while remaining intuitive and versatile. | Uses Neo4j's Cypher query language and is optimized for general graph queries. Cypher is rather complex to learn. |
| Support | Users can contact us via the Some Engineering Discord server, and we offer commercial support packages to help install, run, and build with Resoto. | The Lyft open-source team answers questions in a public Slack channel. There is no commercial support. |
