Developer-Led Landscape: 2021 Trends Foretell New Approaches to DevOps

Let's discuss the rocket fuel propelling the next wave of developer-influenced businesses.

Last year, I met with 448 unique businesses shaping the developer-led landscape.

Their successes and failures reflect an industry undergoing change: the stage is being set to redefine how developers get things done.

Let’s look at 5 recent trends driving sentiment and momentum for developer businesses:

  1. Trend #1: Emergence of the Service Catalog? Potential $500M Market That Redefines the Foundational Nature of Development Infrastructure.

  2. Trend #2: Convergence of Continuous Delivery, GitOps, and Experimentation Vendors Are Creating the Potential for a $500M ARR Progressive Delivery Mega-Market.

  3. Trend #3: Observability of the Development Lifecycle is Necessary to Improving Cycle Times Spawning Creation of New Markets: Engineering Efficiency and Secure Software Supply Chain.

  4. Trend #4: Products That Dramatically Improve Developer Experience Are Growing Dramatically Faster.

  5. Trend #5: From New Code to Glue Code: The Industry’s Shift From Code Writing to Composition Drives Re-Imagination of DevOps and Underpins New Platforms.

Other Developer-Led Discussions:
  1. Sept. 2020: Developer-led landscape.

  2. Public database of companies and products.

  3. GitHub repo.

  4. Nov. 2020: Cloud-native development analysis.

  5. May 2021: Latency-optimized development.

Trend #1: Emergence of the Service Catalog? Potential $500M Market That Redefines the Foundational Nature of Development Infrastructure.

To Understand Service Governance Look First At Data Governance - a $2.1B 22% CAGR Market

As enterprises data platforms became increasingly more complex and diverse, organizations increased their attention on change control and data governance. What emerged was a category called Data Governance, and many organizations sought out data catalogs which would organize a company’s inventory of data assets in the organization.

In other words, data complexity drove the need for data metadata to be placed in its own database. Understanding what data is located where helps data professionals collect, organize, test, access, and enrich data as part of a data discovery and governance practice.

The data governance market is $2.1B, growing at 22.6% CAGR for the foreseeable future. The market is filled with over 20 vendors, and we (DTC) were fortunate to make an investment in one of the market’s leaders in Alation earlier this year.

Are we about to see the “re-”emergence of Service Discovery and Governance? Will organizations embrace the idea that a Service Catalog will help development teams collect, organize, test, access and enrich their services?

ITIL and CMDBs Are a Cautionary Tale & Party Chill Pill

I mention “re-”emergence, because this has been attempted previously. ITIL certification for the past 20 years advocated a bureaucratic approach to IT service management, and underpinning it was the need for a Configuration Management Database (CMDB). Many vendors chased this vision 15 years ago, and mentioning CMDB today would be the fastest way to chill the vibe at your year-end IT party (your author unfortunately has recurring nightmares from his ITIL certification experience in 2005).

CMDBs proved to be too onerous: managed by central IT governance functions, static entry of assets wasn’t organizationally scalable to move at the pace of IT, and the solution value of the data was narrowed to change management.

Service Metadata Is Meta, Of Course

A modern definition of a solution encompasses a wide range of potential metadata:

  • the runtime flow of data between users, microservices and data stores

  • the relationship, sentiment, and activity of team members who build the service, its code, and its artifacts

  • the value stream across the tooling used to create such a solution

  • the relationship between a system’s observability data and its SLA

A service catalog would have a way to discover, collect, store, and maintain this metadata. Given the world has increasing architectural dis-aggregation (and since Conway’s Law exists), any service catalog would depend upon automation and intelligence to sustain itself.

Service Catalogs Are Already Powering the Next Generation of Development Lifecycle Solutions

In the past year, we’ve seen more than a dozen companies publish a service catalog or, without necessarily realizing it, generate a pseudo-service catalog as part of a broader solution.

Collectively, these 14 early entrants have raised $30M from VC and generate less than $20M ARR cumulatively.

Selling a meta data database is harder than selling a solution that utilizes it.

Group 1: Service Models That Automate Test Automation — $7M ARR

By understanding the relationships between services and end user transactional flow, large swaths of test beds can be robotically generated and maintained. This enables new changes to be introduced faster by reducing the complexity and time for regression testing.

Startups include Meshdynamics, Speedscale (YC ‘20, $3.3M VC raised) - service models defined from network flows, Loadmill (Seed stage, early revenue leader) - service models defined by tapping into user gateways, Up9 ($6M VC raised, started by Blazemeter founder) - microservices test automation, and Curiosity Software (bootstrapped by Tricentis and Smartbear alums) - creates meta definitions that feed behavioral-driven development generators.

Group 2: Service Models for Site Reliability Engineering — <$10M ARR

While observability vendors - having raised significant VC and demonstrating solid traction and early growth revenues - focus on the transactional nature of service interactions, SRE teams need more.

SREs measure Service Level Objectives (SLOs) and work on incident resolution require a metadata model that connects transactional behavior with meta information about services: the code that operates it, the developers who understand the code, the behavior of users interacting with the service, and the tools used to make changes. Collectively, then SLOs and SLAs can be measured and incidents resolved faster.

Startups include Honeycomb ($27M VC raised) - uses transaction tracing to create service catalog, OpsLevel ($5M VC raised) - building a service catalog for incident resolution, effx ($3.9M VC raised) - leverages service meta data to create SRE-oriented service definitions, Cortex ($150K VC raised) - enables engineering teams to define and measure SLOs, Nobl9 ($7.5M VC raised) - integrates back end data sources to create rich service catalog for defining SLOs, and Mesh7 ($5.5M VC raised) - uses network visibility to create API-API service flows.

Group 3: Service Models for Development Dependency Analysis — Early ARR

As software systems become larger, they become costlier to refactor and maintain for software developers. Small changes can have large impacts upstream and downstream. Service metadata becomes a valuable source of information to aid developers in planning and implementing changes.

Startups include Aspecto ($??? VC raised) - dynamically generates service model during PR to create a developer dependency map, AppLand ($- VC raised) - creating architectural traces as JSON for diffs, linting, and architecture analysis, Layer9 ($- VC raised) - provides data visibility for microservices architecture, Init.me ($- VC raised) - generates documentation by analyzing architectural meta model, and Backstage ($- VC raised) - Spotify open source project that creates a service catalog to generate developer portals.

Trend #2: Convergence of Continuous Delivery, GitOps, and Experimentation Vendors Are Creating the Potential for a $500M ARR Progressive Delivery Mega-Market.

Progressive delivery - a potentially $1B annual revenue segment - is the convergence of different markets and products that delivery automation, workflow, deployment, configuration, feature flags, feature experimentation, and rollback.

The leading vendors in every segment are shipping features that are encroaching upon the other … marching towards an intelligent system that works fast, works for any kind of application or development team, and increasingly can independently make changes in order to better the end user experience.

Continuous Delivery, GitOps, and Experimentation Are Three Building Block Markets With Over $250M in ARR

Three segments have dominated recent media coverage and grabbed the majority of recent growth. It stands to reason that if companies view software as a competitive advantage, then reducing an organization’s cycle time from ideation to release improves competitiveness, user delight, and engineer satisfaction. Those vendors with products that deliver this vision more easily and thoroughly win more than those that do not.

Continuous Delivery (CD): 20 products, $148M ARR, from companies that have raised over $2.7B in VC. This doesn’t include the Continuous Integration (CI) products and vendors, which is significantly larger. The most intriguing startups include OpsMx (DTC investment, $10M raised), Armory ($42M VC raised), and Harness ($80M VC raised).

GitOps: <5 products, $5M ARR. GitOps is a way of implementing CD for cloud native applications. It focuses on a developer-centric experience when operating infrastructure, by using tools developers are already familiar with, including Git. It can be push- or pull-based. It is inclusive of both application and infrastructure updates. Weaveworks coined the term a few years ago and recently raised $36M from VCs (including the finicky AWS which isn’t the most active in funding startups). GitLab, Codefresh, and Cloudbees are also carving out territory leveraging GitOps as a solution narrative to drive sales of underlying CI/CD platforms.

Experimentation: 7 products, $116M ARR, $952M VC raised. Experimentation vendors combine code feature flagging, production release monitoring, end user behavioral analysis, AB testing, and feature experiments to create a PM- and developer-oriented mechanism to incrementally (and statistically) introduce changes from development into production. Launch Darkly - powered by the developer-driven GTM - raised a significant $54M round earlier in 2020 at a $800M valuation. This is in contrast to Split’s $34M round and PM and VPE-oriented approach to selling experimentation as an organizational practice and discipline. And also in 2020, Optimizely sold to private equity for a disappointing $600M, perhaps indicating that it’s marketing-oriented approach to AB-testing isn’t getting enough adoption by delivery teams.

Honorable Mention: What Happened to Configuration Management?

Deployment used (and in some ways continues) to be dominated by configuration management vendors such as Chef (recently acquired by Progress Software for a 3x multiple on revenues), SaltStack (recently acquired by VMware), Red Hat Ansible, and Puppet ($178M VC raised).

Increasingly configuration management (euphemism for automation and workflow systems) has been de-emphasized in favor of CD, GitOps, and Experimentation due to complexity of SaaS & cloud architectures driving need for dynamic, adaptable deployment systems; Infrastructure as Code and software defined networks / storage becoming part of deployment; adoption of Git as the record of truth for environmental changes; and the incorporation of end user behavior and observability data into deployment decision processes.

Progressive Delivery - The Logical $500M ARR Mega-Market Evolution To Deliver Incremental Value Continuously

It’s hard to imagine how an organization transitions from releasing periodically to continuously. Can you really go from once a week to dozens a day?

Progressive delivery is a more pragmatic approach that helps organizations become more continuous over time.

Progressive delivery independently and incrementally advances changes through gates on its way into production, then expose that change to users over time, and then use statistical experimentation to determine if that change should remain in production.

Progressive delivery incorporates CI, CD, configuration management, GitOps, and experimentation. Combined, there would be over 30 products generating $500M ARR growing >20% CAGR to create this mega market.

The roadmaps from these vendors are increasingly overlapping with one another.

Optimizely adding feature flags. Launch darkly adding experimentation to feature flags. Cloudbees acquiring and introducing feature flags with CD. Harness adding feature flags. The consolidation is real and an eventual mega-market with a mega-vendor should emerge that offers a) robust developer-adopted feature flags and AB testing, b) end user behavior analysis and experimentation controls for PMs and product teams, c) cultural and process transformation services to enable delivery transformations, d) a continuous deployment, automation, configuration and assurance engine that reliably moves changes from one environment to another.

As organizations demand to ship changes an increasingly faster pace, the propagation of those changes through their entire lifecycle, all the way until they are retired are a progressive supply chain, with protective gates, and systems that can advance and revert those elements. This new type of progressive supply chain is Progressive Delivery.

Trend #3: Observability of the Development Lifecycle is Necessary to Improving Cycle Times Spawning Creation of New Markets: Engineering Efficiency and Secure Software Supply Chain.

If software is every company’s competitive advantage, then their “velocity of engineering” - the speed at which safe code travels from cradle to grave - will determine which organizations can sustainably best their rivals.

Bottlenecks hidden throughout the software engineering process slow delivery and demoralize engineers.

Engineering Efficiency - A New $100M ARR Market, 35% CAGR, With 20 Competitors - Brings Observability and Understanding to the Hidden Complexities of Software Engineering

The complexity of developing software has increased - more tools, more stages, higher dis-aggregation, more modules, more repositories, more changes, and more team members.

Identifying the bottleneck requires insights from across the value stream. Engineering efficiency products integrate and source metrics from every tool in the value chain to to quickly and accurately diagnose where work gets stuck, who needs help, and where the greatest opportunities lie for continuous improvement.

Engineering efficiency is observability for the software engineering process.

The early winners in the Engineering Efficiency market are Gitprime (acquired by Pluralsight in 2017 for $170M, and then acquired by PE in 2020), Code Climate ($15M VC raised), Pinpoint ($17M VC raised from multi-time founder), Jellyfish ($12M VC raised), and Cast Software ($15M VC raised).

Value Stream Management - An Old(er) $200M ARR Market, 20% CAGR, With 11 Competitors - Brings Observability to the Hidden Complexities of Your DevOps Lifecycle

Everything new comes from everything old. If engineering efficiency measures the bottlenecks of software engineering, then value stream management solutions apply similar concepts to the processes, tools and resources that are integrated as part of any delivery lifecycle.

In other words - value stream mapping brings visibility to where value is created in a process.

If you are still confused (it’s OK, your author was too), think of engineering efficiency as an organization’s technical Service Level Objectives (SLOs) whereas value stream mapping is an organization’s business Service Level Agreements (SLAs).

Value Stream Management (VSM) products provide visualizations for management on how to identify bottlenecks in their processes along with integration backbones to make disparate lifecycle tools work better together.

Surprisingly, the vendors who provide VSM solutions are doing so at relatively high scale ($200M ARR) and have been in business for quite awhile, as these solutions are typically complex and require years of engineering to develop.

Leaders in VSM include Atlassian Jira Align, Blueprint ($62M VC raised), Digital.ai - previously CollabNet (acquired by PE in 2019), IBM Urbancode, ServiceNow ITBM, Tasktop ($32M VC raised), and TargetProcess.

Secure Software Supply Chain - The Not-Discussed-Enough Non-Market that Could Overwhelm CIOs in the Coming Decade

Engineering Efficiency and Value Stream Management vendors have strong moats because the cost to maintain integrations across an increasing number and complexity of observability points limits competitors to well funded and long-horizon parties.

Customers pay for maintained integrations across their entire value chain. That can be expensive, especially if an organization has uncommon or homegrown tooling.

Those same integrations reflect the threat surface area for attackers to exploit vulnerabilities in the software construction and management process. Every developer, developer tool, developer infrastructure, and developer process is a potential entry point for bad actors to compromise code, inject malware, copy IP, or disrupt automation.

The Solarwinds hack of 2020 is a prime example. An essential DLL had its code rewritten to allow remote execution of commands by an attacker. The Solarwinds code was clean within their version control repository. The vulnerability? It was within their CI/CD infrastructure where the code was inserted during the build after it was copied from version control while also recognizing that Solarwinds did not have a pre-release Build Of Materials verification control that could detect the presence of an unintended DLL.

The Secure Software Supply Chain secures software at each step in its construction from cradle to grave.

Most discussion of software security focuses on bugs, but the scope is broader:

  • Eliminate bad developer actors — your insiders can be bad actors. Startups like Cycode ($4.6M VC raised), Argon Security ($6M VC raised), and Blubracket ($14M VC raised).

  • Eliminate risky access to dev processes

  • Eliminate secrets (passwords) from within code — Git Guardian ($6.5M VC raised) and SpectralOps (??? VC raised).

  • Eliminate vulnerabilities from within software you write — this is the high growth $250M ARR Software Composition Analysis market with Snyk, FOSSA, Whitesource, and Synopsys.

  • Eliminate vulnerabilities from within software modules your developers import, and their transitive dependencies

  • Eliminate vulnerabilities from within systems your software depends upon

  • Verify software contains and behaves as expected — this is a continuous process as code injections can occur after software has shipped.

Opportunity — No vendor has articulated a comprehensive understanding of the Secure Software Supply Chain nor provided a complete suite of offerings.

Trend #4: Products That Dramatically Improve Developer Experience Are Growing Dramatically Faster.

Products that enable developers to complete broader portions of the lifecycle within a tool that is a) mandatory for their core engineering job, and b) beloved are adopted faster - and witnessing larger revenues, more venture capital, and higher valuations - versus alternatives.

The core dynamic underlying this trend is powered by the “Developer Experience Gap”, articulated by Stephen O’Grady:

“Developers are forced to borrow time from writing code and redirect it towards managing the issues associated with highly complex, multi-factor developer tool chains held together in places by duct tape and baling wire. This, then, is the developer experience gap. The same market that offers developers any infrastructure primitive they could possibly want is simultaneously telling them that piecing them together is a developer’s problem.”

Developer Experience Gap Fill #1 - IDEs Offer Marketplaces and Bazaars For Developer Tooling

A software engineer will spend the large majority of their time in their editor of choice, especially when working on making code modifications or testing. Having additional tools that enact portions of the development lifecycle that are outside of code editing from within the IDE allows developers to lower the bar of training on how those tools work since the interface is usually leveraging the concepts that the IDE promotes. This, essentially, lets developers get more done, especially when they are in flow.

Products that have created rich ecosystems of IDE plug-ins include Microsoft VS Code (108K GitHub stars), Jetbrains IntelliJ (probably the most profitable IDE ever whose parent company just reported $200M EBITDA), Sublime Text, Emacs, and VIM. No one entirely knows how many plugins exist, but will wager its in the tens of thousands.

Developer Experience Gap Fill #2 - Git / CLI Workflows Embed Developer Lifecycle Capabilities Within The (Very) Commonly Executed Push / Deploy / Commit / Terminal Experience

Heroku was founded in 2007 and struggled in their early years to build a PaaS offering. When they made a version that offered a workflow that deployed an application by leveraging the same Git command for pushing changes into a version control repository, their growth sky rocketed and was shortly acquired by Salesforce for over $200M at a time they had minimal revenues. By offering a limited technical consolidation into a command developers executed numerous times already, the experience impact lead to a revolution of vendors reusing existing Git / CLI flows to improve velocity.

Google bought and has steadily built Firebase to compete with Heroku, and it has a loyal following that leverage it as a back end for building mobile apps.

Netlify, Fly.io, Meli, Surge.sh, Cloudflare Pages (launched December 2020) and Vercel have done well by delivering a platform to host content-driven applications. With fewer moving parts than full applications, the optimizations sought by developers are related to providing a means to update frequently, incorporating security protocols, and then embedding and optimizing content caching to improve performance.

Netlify ($97M VC, $53M raised 3/20) optimizes deployments for Web applications. It’s unique approach is to combine hosting infrastructure, continuous integration, and deployment into a single automated workflow. Teams start by connecting an existing Git repository, drag-and-drop a folder, or leveraging a plug-in to their existing Web template. What was previously more than a dozen steps is narrowed down to a couple. Netlify handles the drudgery of propagating updates that are detected as developers iterate. Netlify then makes DNS, HTTP/S, routing, media, and serverless functions as configurable add-ons to give applications access to capabilities that would be normally available within a PaaS. As the first vendor to introduce this type of CDN simplification - they have gained nearly 1 million developer accounts.

Vercel ($61M VC, $40M raised 12/20) has a similar workflow, but is arguably easier to use and nicely positioned for teams. Vercel adds to Git flow by providing a staging URL on every commit, better optimized for starting from a Web framework template or headless CMS, and gets recognition for creating Next.js, a popular Web framework that powers Twilio and Airbnb. Net: devs stay in their IDE, stay within their Web framework, stay within Git … and they love the experience.

Hashicorp ($350M VC, $175M raised 3/20) has mastered CLI flow for infrastructure building blocks. While not a perfect match, Hashicorp’s obsession with creating small open source projects which solve one aspect of distributed systems development, has led them to creating downloadable projects with discreet, easy to learn, and minimal CLI interfaces. Their top 6 open source projects have nearly 100K GitHub stars and many IT organizations consider Hashicorp projects as essential glue for multi-cloud environments helping to propel their $5.1B valuation. Hashicorp is going to test the limits of their workflow simplification skills with the recent introduction of Waypoint, which is a metafication of the build / deploy / release workflow promising to integrate any application to any environment. Rather than a building block, Waypoint is an abstraction over a combination of many steps repeatedly executed.

Developer Experience Gap Fill #3: Pull Request Workflows Integrate Downstream Delivery, Cybersecurity, and Compliance Into Developer Code Reviews

The pull request (PR) has become the focal point for how developers incorporate changes to a software system. Applicable to applications and infrastructure, the PR coordinates the inputs of coders, product managers, doc specialists, security professionals against a change set.

The PR also acts as a gatekeeper, preventing changes from advancing to later stages in the delivery cycle. This has allowed for the introduction of PR workflow, with GitHub, GitLab, and Bitbucket enabling PR engines to trigger actions which in turn can execute other delivery lifecycle products to act on the change set while the PR is being reviewed.

There are now 1000s of plugins that can be incorporated. The vendors behind these plugins promise to help organizations Shift Left, by performing non-developer tasks transparently as part of the developer’s normal workflow.

PR workflow plugins pull linting, testing, continuous integration, application security, and compliance as micro tasks to be performed against a change set, further reducing the time, cost and complexity of maintaining downstream integration environments.

There are 100s of vendors in the developer landscape that are creating innovations powered by the PR workflow. However, Snyk ($454M VC raised, >$2B valuation), deserves special mention. They’ve created the perception that devs are able to finally execute on application security. Though, Snyk’s primary success is to provide an authentic integration of Software Composition Analysis into the PR workflow that it is now the template for how any organization who aspires to Shift Left can.

Developer Experience Gap Fill #4: ChatOps Bots Extend Developer Delivery Into “The Conversation” Allowing Dev Teams To Be Social While Always Shipping

ChatOps is a form of conversation-driven development.

As dev teams strive to improve their cycle time, the biggest bottlenecks are in communication between stakeholders on change:

  1. Discussing a specification, such as the form an issue should take or how a feature could be implemented.

  2. Discussing a Pull Request, whether it is properly formatted, meets the project’s standards, or could it otherwise be improved.

  3. Stressing over why the build system broke — again.

  4. Coordinating feedback during an incident response.

  5. Coordinating the next coffee break, coterminous with a long planned build cycle.

Slack (acquired by Salesforce for $28B) and Microsoft Teams (20M weekly active users) modernized chat by delivering it as a bot platform, where group members can interact with each other and with IT systems through bots.

ChatOps platforms eliminate the manual coordination overhead for essential discussions relating to software development:

  1. New issues that require discussion are posted in the chat window, and any discussions are synchronized between the issue system and the chat platform.

  2. Pull Request secondary conversations are automated within the ChatOps platform allowing the synthesized results to be posted for recorded history.

  3. Unusual alerts from APM, monitoring, and incident systems posted for immediate discussion or interrogation by SRE teams.

  4. Initiating development tasks through discussion such as opening an issue, checking status, querying systems, or tracking developers.

Nimbella ($4M VC raised) and CTO.ai ($8.3M VC raised) have delivered extensions to their DevOps automation and serverless platforms that make it simple for teams to create new ChatOps workflows — their growth and early fund raising success portends the potential for transforming popular application programming techniques into workflow automation.

When Developer Experience Doesn’t Matter: The Biggest, Baddest Collection of Building Blocks Attracts The Inner Child In Every Developer

The strongest counter point to the developer experience trend is AWS. Their Lego approach - to provide building blocks to everything, creates friction that limits teams from communicating and collaborating well. AWS enforces limits to how their own products interact so that their overall organization can create more products faster. If you view your business as legos, then you want to have blocks for every thing.

The inner kid in all of us are drawn to working with systems where we are granted nearly infinite controls. Developers have comfort in knowing they have no limits, at the cost of embracing higher forms of complexity.

Trend #5: From New Code to Glue Code: The Industry’s Shift From Code Writing to Composition Drives Re-Imagination of DevOps and Underpins New Platforms.

In 2000, it’s estimated that roughly 15% of a software application was sourced from a dependency - coming from a reusable package, library, module, or artifact.

Today, some estimate that it’s as high as 85%.

100 Billion Components and Artifacts — Matching Pace with APIs Towards 1 Trillion Programmable Endpoints

There now exists a large mainstream of software engineers who can build and maintain complex software systems through wiring together collections of pre-built software artifacts.

This isn’t surprising. There has been 300% growth in the types of package managers available over the past 20 years. Artifact repositories have become foundational infrastructure for a software development team (JFrog’s phenomenal 2020 IPO makes it valued over $5B). The breadth, scope, and variety of available modules is so broad that it’s virtually impossible to measure (NPM - now owned by GitHub surpassed 1M modules in 2019; Cisco had 5 million of their own packages in 2016 probably 4x that today; Maven central, the core public repository for Java packages maintained by Sonatype has 6 million artifacts; Rust, an emerging systems programming language, already has 52K modules downloaded over 5 billion times).

When contemplating the number of programming languages, most of which include a module system and central repository, along with most software organizations hosting their own system for components, it’s possible that there are more than 100 billion software modules globally - ready to facilitate developer reuse.

The Fight Over Developer Collaboration - And Ownership Over $20B in Value - Is Increasing Between Version Control and Artifact Repositories

While version control structures how developers collaborate over the construction of code (and vendors who promote those offerings control $14B in market value), increasingly artifact repositories is where development teams collaborate over shared building blocks.

How a module is versioned, advertised, distributed, and retired often times requires as much coordination among different development teams as a change to code. Module distribution creates downstream relationships for a single module with potentially millions of applications, which in turn may redistribute themselves. The coordination required to patch and update modules once they are “in the wild” is a global orchestration problem of immense complexity.

It’s no wonder that JFrog and Sonatype ($157M VC raised) have become essential infrastructure and we’ve seen the scrambled “catch up” by GitHub, Microsoft, GitLab, and Amazon each offering alternatives.

Componetization Extends “Up The Stack” Creating New “Vertical Module” Markets To Further Enable Collaboration Outside Code

The industry has long had GUI component vendors. Infragistics has been selling widgets for every type of interface for more than 20 years (and no VC funding!). Starting in the Java market, Vaadin ($11.4M VC raised) has created widgets for Web, mobile, and increasingly sophisticated application interfaces.

Extending further, the (very) innovative bit.dev (Israel, ??? VC raised) incorporates code collaboration concepts directly into GUIs. The GUI becomes the aggregation of GUI widgets, each of which benefit from issues, version control, change management, CI, and release management — all managed from within the GUI that consumes the widgets.

bit.dev stretches the definition of a module to something more than a shared library. It’s a reusable part of the visual experience. With an abstraction other than a file or module, the developer lifecycle for how a team is best suited to collaboration on a change evolves as well.

There are many different types of reusable assets within the development lifecycle, and we will see more “Vertical Module” stacks materialize. Startups exist stretching these definitions for building blocks relating to Infrastructure as Code, DevOps Platforms, and Vulnerability Remediation.

Glue Code World Raises Priority of Software Composition Analysis — Looking “Under the Hood” Creates Multiple Unicorns

When the world depends upon 100B shared modules and 1T programmable endpoints, the world can break itself when shared components break.

In 2016, Azer Koculu deleted an NPM module that contained 11 lines of code. His module had been reused 100s of 1000s of times by other modules, many of which were foundational to Web applications. When Azer unpublished his module, the Internet broke.

Thus emerged a new era in Software Composition Analysis, a now multi-billion dollar industry (staggeringly, seeing Snyk’s $2.6B valuation for a company whose revenues are less than $50M). Originally relegated to helping organizations identifying and remediating vulnerabilities within modules, understanding the lifecycle nuances for every dependency (their dependencies, and so on through every transitive connection) is a critical security concern for a mission critical application.

This is why Sudesh Vasudevan, MD @ Evercore, is now estimating the Application Security Testing market - once a sleepy, low growth yawner - to grow at increasingly faster rates (>30%) through 2024, an impressive feat for a $2.5B ARR market.

Low Code and No Code Offerings Give Thanks to Glue Code - Enabling $2.2B ARR For Systems Facilitating “StitchOps”

In the Developer-Led Landscape, we are tracking 106 low code / no code vendors. These vendors generate $2.2B ARR and growing >35% CAGR.

Similar offerings have been attempted for over 40 years, though they largely failed because the cost of application maintenance was close to the cost of building a custom application. Net - previous generations of rapid application development tools required advanced technology skill sets.

There has always been demand for “2nd tier” applications — a class of application that automates a portion of the business, but would not provide enough value to warrant the cost of funding a sustainable development team.

The rise of modules and APIs have lowered the volatility risk from technology change. The interfaces into modules and APIs change less frequently in order for them to attract more adopters. Low code systems can now make long term stability assumptions to these underlying building blocks and then design opinionated systems that can automate the boilerplate construction for applications.

Low code abstractions have improved so quickly, that individuals no longer need to learn about complex engineering constructs: versioning, compiling, debuging, deployment, and operations.

Companies Driving 2021 Developer Trends Have Collectively Raised $3.5B From VCs Generating $4.5B in ARR