Docker turns developer desktop into security
Scott Johnston, CEO of Docker, on growing from $11M to $135M ARR in 2 years
Docker is turning the developer desktop into a security checkpoint, which lets it move from a simple build tool to a higher value workflow product. Instead of finding problems after code is deployed, Docker can flag risky packages, weak container setups, and policy violations while a developer is still writing and testing locally. That matters because Docker already sits in the place where millions of developers build images and run code, so adding security there is a natural upsell path.
-
The practical shift is from delayed detection to in the moment correction. Older workflows often catch issues in CI 20 to 30 minutes later or in production weeks later, but Docker can check code and containers before merge, when the developer still remembers exactly what changed and can fix it fastest.
-
Docker is uniquely positioned because it already owns the local container workflow. After the 2019 pivot, it monetized Docker Desktop and Docker Hub directly with developers, grew from about $11M ARR in 2020 to $135M in 2022, and reached an estimated $207M in 2024, proving that desktop seat expansion can support new paid layers like security and policy controls.
-
This also explains why Docker is converging with companies like Snyk and Chainguard. Snyk built a large business by giving developers security feedback earlier in the development cycle, while Chainguard sells hardened container images that remove vulnerable components entirely. Docker is pushing into the same budget line from the developer entry point it already controls.
The next step is a broader developer safety suite that bundles local scanning, policy enforcement, approved base images, and collaboration into one paid desktop product. If Docker keeps moving security left into code creation, it can capture more of the app security budget without asking teams to adopt a separate tool first.