Comment on page

Getting Started

with Security Scanning, Mapping, Rating and Data Analysis.

Getting Started with Cyberfame

The Cyberfame WebApp is designed to provide a user-friendly interface to get started with asynchronous, parallel security reconnaissance and supply network analysis for technical and non-technical users.
This guide will help you get started with Cyberfame's WebApp and Advanced Features.

Step 0: Sign Up

To access Cyberfame's WebApp and Graph Database, you'll first need to create an account and subscribe to a plan here.
Open-Source projects and NGOs are elidgable for a free cyberfame license, get [email protected]
Use the email or SSO account for your subscription you intend to use with the application. We do not yet support account merging, If you accidentally subscribed with the wrong email, get [email protected]

Step 1: Log In

Next, visit the Cyberfame webapp and enter your email or login with SSO.
For Security reasons, you'll receive an email link every time you log into the platform and can not set a password.

Step 2: Submit a Domain or public Repository URL

Start by submitting one or more domains or repositories for supply chain security analysis.
Please note that Cyberfame treats any domain entered as a root domain. This means that if you enter, Cyberfame will analyze subdomains of, not
Cyberfame uses a growing set of security scanning tools to gather data on your assets and generate a dynamic graph, allowing you to explore and analyze your supply network.

Step 3: Security Scanning 101

Cyberfame's WebApp conducts security analysis of your supply chain through asynchronous and parallel scanning. The scanning methods automate the analysis on these key security risk areas:
  1. 1.
    Repository and Web Application Security Risks
    For GitHub Repositories and Web Assets:
    • Dynamic SBOMs: Combines SAST, DAST, and SBOM scanning to create dynamic Software Bill of Materials, identifying vulnerabilities, outdated components, and license compliance issues in real-time. SBOM Explained by Linux Foundation
    • Dependency Graph Analysis: Identifies and analyzes dependencies, detecting potential vulnerabilities and outdated components. Dependabot Security Updates by GitHub
    • Repository Security Checks: A series of tests that examine branch protection, code review practices, security policies, and more. GitGuardian on Securing Your GitHub Repositories
    • Vulnerability Detection: Cross-references dependencies with known vulnerability databases, such as OSV and NVD, to detect potential security risks. Google's OSV
  2. 2.
    Web Application Security Risks
    For Web Assets:

Step 4: Understand the Security Rating 101

Cyberfame's WebApp abstracts all collected data into a security rating for each analyzed asset based on the results of the security scans. This rating considers factors such as:
  1. 1.
    Severity of Vulnerabilities: Assets with more severe vulnerabilities receive a lower rating. CVSS Scoring System by FIRST
  2. 2.
    Security Best Practices: Adherence to industry-standard security practices impacts the rating positively. NIST Cybersecurity Framework
  3. 3.
    Security Automations: The implementation of security automations contributes to the rating. DevSecOps by GitLab
  4. 4.
    Outdated Dependencies: Projects with outdated or unmaintained dependencies with known security issues negatively impact the rating. Snyk on Outdated Dependencies
  5. 5.
    License Compliance: Non-compliant projects receive a lower rating. Compliance Basics with SPDX by the Linux Foundation

Step 5: Analyze the Results

After the analysis process is complete, you'll be notified. The supply graph will display various nodes and connections, highlighting potential vulnerabilities, dependencies, and the results of scanning, mapping and rating your supply graph. Take some time to navigate the graph and familiarize yourself with the visualizations.
Cyberfame graphs display nodes and connections, with color-coding security ratings, vulnerabilities, dependencies, and other key data points.

Step 6: Perform Graph Analysis

With the Unlimited Plan, you can perform graph theoretical data analysis on your supply network and more than 1 million open source repositories.
For example, you can use graph theoretical algorithms for path search, connectivity, centrality and the built-in query language to answer a combination of questions like:
"Which are our organizations most connected and least protected dependency?"
"Which of those dependencies have known vulnerabilities?"
The results can be visualized and shared with your team within the WebApp:
Want to learn more about our Unlimited Plan? See Graph Theory and Data Analysis.

Step 7: Dive Deeper into the Documentation

Now that you have a basic understanding of Cyberfame, you can explore the rest of the technical documentation to learn more about specific features, use cases, and best practices.