Spice Labs Debuts Application Analysis Tool for Cybersecurity Incident Responders and Software Modernizers

Startup is focused on software security and modernization solutions based on artifact dependency graphs

SOMERVILLE, MA, UNITED STATES, September 30, 2025 /EINPresswire.com/ -- Spice Labs announces immediate availability of the first software security solution based on Artifact Dependency Graphing technology: Spice Labs Surveyor and Topographer. Surveyor equips cybersecurity and software modernization teams with a “map” that provides an accurate guide for the identification of software artifacts and their dependency on open-source code. Drawing upon a database of more than 10 billion open source software artifacts, Spice Labs turns the chaos of understanding sprawling application software into mathematically powered confidence.

Knowing precisely what code was running at the time of a security incident is essential information for cybersecurity teams looking for answers. To assist them, Spice Labs has developed a powerful tool to answer the pressing question: “What code was on the impacted systems?”

Spice Labs Surveyor is designed for internal teams and outside consultants tasked with modernizing software and paying down technical debt.

Surveyor builds a mathematical representation of artifacts using the same algorithms as Git, the ubiquitous version control software system. The Topographer SaaS builds maps of the surveys providing teams with answers such as “Where is a particular open source package?” “What are the minor and major updates available to the open source packages across these applications?” “How has a particular module’s CVSS score improved over time?”

The complexity of systems, stacks, applications, and software have grown far beyond the ability for humans to understand the sprawl. The resulting uncertainty leads to “best guess” choices and hopes and prayers. Just as Git is used to manage the millions of source code files that go into an organization’s applications and software stacks, Spice Labs uses the same mathematical representations for mapping post-build artifacts. Whether it’s answering questions like, “If an adversary can breach the system by chaining exploits across these open source packages, where else in our stack are these packages running?” or “if we upgrade these 20 OSS packages, what systems will be impacted? What other systems can we make the same changes to in order to improve efficiency?” Topographer maps can be compared over time, giving organizations objective measures of update and upgrade progress so they can make data-driven decisions and ensure complex projects stay on track.

“Spice Labs was founded to bring knowledge and a data-driven approach to managing applications, software, and stacks, which have grown beyond human comprehension” said David Pollak, CEO and Founder of Spice Labs. “Mapping the connections across these complex systems gives incident responders clear visibility during high stress situations. Engineers and engineering leadership gain understanding of the impact of their decisions as clear visibility into the impact of those decisions evolve as plans are executed.”

"As the attack surface of modern infrastructure has extended from production front ends to the entire supply chain they’re built on, enterprises have been faced with security threats of unprecedented scale," said Stephen O'Grady, Principal Analyst with RedMonk. "Making matters worse is the speed at which even small vulnerabilities can be exploited. Clearly new approaches to accurately and efficiently identifying exploits are called for, and this was the exact problem Spice Labs Surveyor and Topographer were built to solve."

Spice Labs Surveyor and Topographer Availability

Spice Labs Surveyor is a series of open source packages that build mathematical representations of software: Artifact Dependency Graphs. Spice Labs Topographer is a SaaS solution available at spicelabs.io. Customers download Surveyor from Spice Labs and survey their code. The resulting artifact dependency graph is then encrypted and uploaded to Spice Labs where the graph is merged into other graphs to build a map of an organization’s systems. The map can be compared to Spice Labs’s database of billions of open source software artifacts. The results provide the most comprehensive view of how applications, stacks, and systems are composed.

About Spice Labs
Spice Labs maps deployment artifacts and systems with cryptographic fingerprints, anchoring them to our continuously updated 10 billion node OSS database and enrichment layers to drive confident, fact-based decisions.
With comprehensive maps of your stack, replace guesswork with hard data. This enables faster decisions, reduced risk, and measurable progress across projects.
Our technology surveys containers, virtual machines, and applications, identifying components and relationships even in legacy systems without Software Bill of Materials. This empowers users and consultancies to navigate technical debt, scope modernization projects, quantify progress, and rapidly respond to incidents, ultimately saving time, controlling costs, and strengthening trust.

David Churbuck
Spice Labs
+1 508-360-6147
dcc@spicelabs.io
Visit us on social media:
LinkedIn

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.