Resoto vs. Cartography
Resoto can be used as an alternative to Cartography.
Cartography is a Python-based tool developed in-house at Lyft that consolidates technical assets and the relationships between them in a graph database.
The Lyft security team uses Cartography to visualize security problems and detect vulnerabilities.
Cartography Use Cases​
Cartography is designed for:
- Understanding cloud permission relationships
- Locating vulnerabilities in container images
- Revealing parent-child relationships between images in the form of dependency trees
Similarities Between Resoto and Cartography​
Both Resoto and Cartography:
- Are open-source (Apache 2.0 license)
- Use a graph database
- Take point-in-time snapshots of your infrastructure
- Reveal parent-child relationships between assets through the graph
- Support AWS, Google Cloud, Kubernetes, and GitHub
Differences Between Resoto and Cartography​
In general, Cartography was built for security use cases. Since Lyft is an "AWS shop," Cartography prioritizes functionality for AWS services in use at Lyft.
| Resoto | Cartography | |
|---|---|---|
| Remediation | Integrates analytics and governance into a single product to enforce policies and perform actions on resources. Offers commands and jobs to automate remediation. Can be used to write custom code and rules for any resource in a cloud-agnostic way. | Only an analytics tool; unable to modify to resources. |
| User Interface | Ships with both a command-line interface and dashboards. Dashboards consist of customizable widgets to view resources, metrics, and charts. | Uses Neo4j Browser, which is optimized for Neo4J and graph visualization only. |
| Resources | Supports over 200 AWS, 60 Google Cloud, and 50 DigitalOcean resource types. | Only supports about 20 AWS, 5 Azure, 5 Google Cloud, and 3 DigitalOcean resource types. |
| Data Model | Uses a unified data model for all platforms and resources. Unifying base properties and common abstractions allows you to search, sort, aggregate, and act on a higher level of abstraction and query resources across clouds. | Has a unique schema for every cloud provider. Writing queries require a specialized understanding of the data model for each service. |
| Metrics | Calculates metrics for infrastructure resources and exports them to a time-series database (e.g., Prometheus). | Does not offer metrics. |
| Syntax | Provides an easy-to-learn search syntax developed specifically for infrastructure resources. Resoto's syntax was designed to keep all the benefits of graph traversal while remaining intuitive and versatile. | Uses Neo4j's Cypher query language and is optimized for general graph queries. Cypher is rather complex to learn. |
| Support | Users can contact us via the Some Engineering Discord server, and we offer commercial support packages to help install, run, and build with Resoto. | The Lyft open-source team answers questions in a public Slack channel. There is no commercial support. |
