SubImage | Software that maps your infrastructure

Scenarios Query Customize Story About

Book a Demo

Software that maps your infrastructure.
The open-core alternative to Wiz.Built by the team behind Cartography

Book a Demo Star on GitHub

Backed by

Scenarios

Know Exactly Who Can Access Sensitive Data

View our technical approach.

Understand Your Internet Exposure

So that you know which issues to prioritize.

Ingest from All Vendors, Clouds, and On-Prem

Bring all your data together and connect the dots across all supported providers.

Query with Natural Language

Preview

Ask questions like:

Which S3 buckets allow public read or write access?

Which credentials haven't been rotated in over 90 days?

Which servers are running an out-of-date OS?

Just use your words.

Enrich and Customize

Add your organization's data to your graph.

Which of your company's directors own the most security risk?

Who has admin access within each SaaS and Cloud platform, and who is their manager?

What are your company's storage buckets grouped by team?

SubImage allows you to extend the graph with your own data using a simple schema definition.

Here's a real example

schema.yaml

- node_label: TeamMember
  node_properties:
    - email
    - title
    - employee_id
    - id
  schema_version: 1
  relationships:
    - rel_label: MEMBER_OF_TEAM
      target_node_label: Team
      field: team_id
      target_field: id
      direction_inward: False
      rel_properties: null
  tenant_rel:
    rel_label: MANAGED_BY_ORG
    target_node_label: Organization
    field: org_id
    target_field: id
    direction_inward: True
  data_path: s3://my-bucket/team-members.json

Our Story

SubImage is a fully managed offering built around the Cartography open-source project, created at Lyft in 2019 and donated to The Linux Foundation in 2024. Founded by members of the original Cartography team, SubImage helps organizations focus limited resources on the risks that matter by mapping attack paths and weak points leading to sensitive data in the same way an attacker would.

About Us

Alex Chantavy

Co-founder & CEO

Co-creator of Cartography
13+ year infosec career, building capabilities years ahead of what was commercially available at Lyft, Microsoft, and the NSA
Architected and built Lyft's vulnerability management platform, led penetration tests for Microsoft's Red Team, developed tools and techniques for NSA's Computer Network Exploitation mission

Kunaal Sikka

Co-founder & President

Former Lyft Staff Engineer and Member of Technical Staff at Anthropic
Architected Lyft's next-generation SIEM, insider abuse program, and vulnerability management platform, reducing security risks and driving cross-organizational change
Won Microsoft's internal employee hackathon as a high school intern, delivering prototype for what became LinkedIn's QR feature

Get Started

Do you think in graphs?

Book a demo

ProductFeaturesIntegrationsPricingDocsDownload

CompanyAbout usBlogCareersCustomers

ResourcesCommunityContactPrivacy PolicyTerms of Service

DevelopersAPIStatusGithub