Today, almost every application relies on dozens (sometimes hundreds) of open source components. Many of these are updated quickly to introduce new features and address security issues (or the maintainers stop updating them, leaving security holes unfixed), but this also usually means they introduce breaking changes. Managing all these dependencies can be a nightmare for developers. Infield today launched a SaaS platform and announced $3 million in seed funding to bring open source dependency management to the forefront by analyzing change logs with human-assisted AI to provide developers with the data they need to confidently upgrade their dependencies. into the future.
The New York-based company was founded by Allison and Steve Pike, who first met at the alcohol e-commerce service SevenFifty. Allison previously worked in high-frequency trading, and Steve previously worked as an analyst at BlackRock before becoming SevenFifty’s first employee and later its CTO. The now husband-and-wife team then founded Syndetic through Y Combinator in 2019, which is, as Steve describes it, “a Shopify for datasets.”
But by early 2022, the team began to transform. Steve did some personal consulting to help other developers upgrade their software dependencies, so they decided to combine their expertise in data pipelines and dependency management to launch Infiield. Trying to build a company during the pandemic didn’t help, the pair explained.
“[Syndetic] Essentially becoming a lifestyle business for the two of us—it’s easier to have that when you’re married,” Allison explains. “So for the first few years, we kind of thought: OK, we’ve got money in the bank. We have the infrastructure here that really could do with trying again, so we decided based on the consulting that Steve was doing and the ideas around open source upgrades Make adjustments.”
Infield’s third co-founder is Andrew Lenehan, who previously served as product manager at AppNexus. He subsequently co-founded Roster (which later became Punchcard), a data exploration tool for revenue teams that gained support from Founders Fund, FJ Labs and FirstMinute Capital (a London-based fund that apparently preferred capital rather than capitalized) funds.
Infield promises that it can quickly scan all dependencies of a project and provide developers with a risk score based on the current version and the recommended target version. It also helps developers prioritize upgrade backlogs. All of this is possible because the system continuously scans repositories from changelogs and Github issues for potential issues, and teams then use their own (often undocumented) repositories to enforce incompatibilities. As the team noted, a lot of the work involved in doing these upgrades today is reading the change logs and performing risk assessments to ensure the upgrade won’t negatively impact the production environment.
Image Source: infield
Many similar tools I’ve seen focus almost entirely on security, but Steve points out that with Infield, that’s only one aspect of the tool’s capabilities.
“We intentionally don’t try to be a security scanning tool or a monitoring tool,” he said. “These systems give you a backlog of things that might be important for upgrading – but how do you actually get those things done? The best releases we’re doing will lead to a world where everything is always up to date, so when new stuff comes out When a security vulnerability exists, you simply install the patch. There is no need to prioritize whether this is a critical vulnerability or a low-severity vulnerability because all patches are available to you. If you are using the latest version of the package, then A fix that only fixes a security vulnerability is trivial.”
Allison also points out that today, everyone is doing pretty much the same job, but in isolation. Thousands of companies may be updating the same software packages, but they are doing so without benefiting from what other teams have learned. “By integrating data from the community, in addition to data generated by experts or formal data released by maintainers, there are clear efficiencies that can be achieved by doing so,” she said.
Infield currently supports Ruby, Javascript, Typescript and Python, with support for Java coming soon.
The company offers a basic free plan with a streamlined set of features for individual users, and a more full-featured team plan starting at $600 per month that can accommodate up to 25 teams and support up to 50 repositories.
Given its origins, it’s perhaps unsurprising that the company also continues to offer more white-glove upgrades to businesses that need more hands-on help.
Infield’s $3 million seed round was led by Foundation Capital. YCombinator and Firsthand Alliance are also involved, as are angel investors such as Adam Gross (former CEO of Heroku), Jonathan Siddarth (founder of Turing), and Austin Ogilvie (founder of Thoropass).
