top of page

Know. Analyze. Act.

Software Supply Chain Security for Cybersecurity Incident Response Teams

Screenshot 2025-06-07 at 16.10.17.png
Our Story

Spice Labs was founded in June 2024 with a clear mission: to create the definitive system of record for cloud and data center deployments. We recognized a critical gap for cybersecurity engineers and incident responders – the urgent need to quickly and accurately identify what code is running and has been deployed across their entire organizational estate. Our goal is to provide unparalleled visibility, empowering these crucial teams with the immediate intelligence they need to maintain robust security postures and respond effectively to incidents.

Our Vision

Spice Labs provides cybersecurity engineers and incident responders with a mathematically accurate view of their organization's cloud and data center environments. We help you visualize and manage daily changes in cluster vulnerabilities, accelerate compliance reporting, and quickly respond to incidents. For major events like Log4Shell, Spice Labs can give you the list of vulnerable packages, where they were deployed, and when- in minutes- and enables burn-down charts for remediation, allowing your team to focus on resolving issues rather than research.

Technology

Spice Labs’ technology is based upon a cutting-edge approach endorsed by the federal Cybersecurity and Infrastructure Security Agency (CISA)  – artifact dependency graphs – and follows the leading specification in the ADG space, OmniBOR. OmniBOR was created in 2021 by a group of security engineers from Cisco and Microsoft with the goal of developing a standard schema for generating unique and unambiguous identifiers for software artifacts and their dependencies.

Who are we

How it Works

Screenshot 2025-02-16 at 16.40.43.png

Artifact Dependency Graph Technology

Spice Labs has mapped 25 million open-source software artifacts resulting in a graph of more than 2.5 billion nodes – currently Java, Ubuntu, and Debian-  and computed a unique cryptographic hash identifier following the OmniBOR schema for generating  a software “bill of receipts.” 

Screenshot 2025-02-16 at 16.40.31.png

Cybersecurity engineers can deploy Spice Labs’ tools to map their organization’s software assets by generating an artifact dependency graph (ADG). The ADG combined with deploy events describing where and when a software asset was deployed allows Cybersecurity professionals to have a “General Ledger” or system of record for what was run where and when. 

 

Spice Labs is the first security product leveraging the CISA-endorsed ADG solution. We are the cryptographic system of record of what you have in your environment and its provenance – both at present and anytime in the past.

The Spice Labs Difference

  • Cryptographic composition & provenance

  • Provable & irrefutable

  • Identify what your current security tools miss

  • Time travel- know what was running, when, and where, at any point in the past

Screenshot 2025-02-16 at 16.42.06.png
How it works
Industry Recognition

"Revolutionizing cybersecurity standards"

-Jim Langevin, founder of the US House of Representatives Cybersecurity Caucus
Testimonials

Meet the Team

We bring together our unique industry backgrounds, experience in building and scaling tech startups, and our mutual passion for helping companies secure their digital fences, defend against ransomware, prevent data breaches, and maintain business continuity.

Screenshot 2025-02-16 at 14.22_edited.jpg

David "DPP" Pollak

Co-founder, CEO & CTO

IMG_9508 (1)_edited.jpg

Jennifer Kenyon

Co-founder, COO

IMG_1534.jpg

Aria Stewart

Engineer

IMG_0309.jpg

Brendan McAdams

Forever in our hearts 

Screenshot 2025-02-16 at 14.31_edited.jpg

Dani Pletter

Product Manager

Screenshot 2024-10-11 at 13.21_edited.jpg

David Churbuck

Public Relations

Screenshot 2025-02-16 at 14.36_edited.jpg

James (JT) Perry

Chief Customer Officer

Screenshot 2025-06-07 at 14.39_edited.jpg

Jim Holland

Engineering Manager

IMG_0310.jpg

Jim Langevin

Advisor

kat_edited.jpg

Kat Fey

Engineer

IMG_1533.jpg

Manjula-Jayne Kumar

Engineer

Screenshot 2025-06-07 at 14.35_edited.jpg

Mathew Lodge

Advisor

Request demo
Connect with Spice Labs

Fill in your details below to connect with Spice Labs!

bottom of page