SOMERVILLE, MA, UNITED STATES, September 30, 2025 /EINPresswire.com/ -- Spice Labs today announced that it has secured $3 million in investments from several leading venture capital firms and angel investors. Spice Labs also announces immediate availability of the Spice Labs Surveyor and Topographer, the first software artifact dependency graphing solution for cybersecurity and software modernization teams. Spice Labs Surveyor and Topographer are generally available effective today.

“Spice Labs was founded to simplify the complexity of what lies within software, applications, and organization’s stacks,” said CEO and Founder David Pollak. “Spice Labs gives security teams and software modernization professionals an accurate and deep understanding of what their applications contain, what dependencies underlie that code, and, most importantly, the interconnections.”

Spice Labs is funded by BasisTech and Speedinvest.

“Spice Labs painlessly and instantly creates maps of legacy systems, including those built with tools that are ancient by today’s standards,” said Dr. Simson Garfinkel, Chief Scientist of BasisTech LLC, and a lecturer on cybersecurity at the Harvard Kennedy School of Government. “These systems are still in the field today, and with Spice Labs, they can be managed, updated, and migrated at significantly lower cost and with more precise project management than was previously possible.”

Surveyor builds a mathematical representation of artifacts using the same algorithms as Git. The Topographer SaaS builds maps of the surveys providing teams with answers such as “Where is a particular open source package?” “What are the minor and major updates available to the open source packages across these applications?” “How has a particular module’s CVSS score improved over time?”

Knowing precisely what code was running after a security incident is essential information for cybersecurity teams looking for answers. To help with this challenge, Spice Labs delivers a map to answer the question: “What was running on the impacted systems?” Maps provide heretofore unknowable information to threat hunters who can get the precise location, precise set of applications and systems, that contain any open source package, hash value, no matter how deeply nested. For developers and consultants tackling technical debt as they modernize legacy code, Spice Labs builds a comprehensive map of their systems to aid in prioritization for replacement or updates and allows managers to track project progress by showing the evolution of the maps over time and “distance” to project targets.

“Situational awareness is critical for cyber decision-making,” said Spice Labs’ advisor James Langevin, former U.S. Congressman and founding member and Co-Chair of the Congressional Cybersecurity Caucus. “Spice Labs’ approach of surveying and mapping IT and OT systems empowers decision makers with data resulting in more confidence and better outcomes.”

Spice Labs was founded in June 2024 to apply the same techniques that Git uses, but to post-build artifacts. Spice Labs mapped Java and Linux artifacts into a multi-billion node graph, the SaLAD (other OSS ecosystems coming soon.) Legends, Spice Labs’ database of open source package health, augments the SaLAD’s maps. Just as GitHub allows large teams to collaborate and navigate cloud-scale source code bases, Spice Labs’ Surveyor, Topographer, and Legends deliver visibility and understanding to incident responders and modernization teams so they can Chart their Course.

Spice Labs maps deployment artifacts and systems with cryptographic fingerprints, anchoring them to our continuously updated 10 billion node OSS database and enrichment layers to drive confident, fact-based decisions.

With comprehensive maps of your stack, replace guesswork with hard data. This enables faster decisions, reduced risk, and measurable progress across projects.

Our technology surveys containers, virtual machines, and applications, identifying components and relationships even in legacy systems without Software Bill of Materials. This empowers users and consultancies to navigate technical debt, scope modernization projects, quantify progress, and rapidly respond to incidents, ultimately saving time, controlling costs, and strengthening trust.



