$40M/yr Vanta for containers
Jan-Erik Asplund
TL;DR: With the White House’s 2024 executive order cracking down on government vendors’ software supply chains, the market for secured container images has exploded—with startups like Chainguard now competing with incumbents like Docker (Hardened Images) and Wiz (WizOS). Sacra estimates Chainguard hit $40M in ARR at the end of January 2025, up from $37M in ARR at year-end 2024, growing 640% from $5M in 2023. For more, check out our full report and dataset on Chainguard.
Key points via Sacra AI:
- A 2021 vulnerability in the open source Java library Log4j exposed half of all enterprise networks and triggered 800,000 exploit attempts in 3 days, illustrating the extreme tail risk associated with the heavily open source-reliant modern software supply chain—and inspiring the launch of Chainguard (2021) as a highly-secured version of Docker’s container registry, where developers can download clean-room versions of key languages and frameworks like Python, Node, and Redis. While tools like Wiz or Snyk can scan OSS code for vulnerabilities, your developers still have to spend time fixing the problems—Chainguard strips all unnecessary binaries and rebuilds images from scratch (~1,300 in their catalog today) and offers continuous patching as new problems are discovered, charging enterprises $20–30K per image per year.
- After a 2024 White House executive order requiring all government software vendors to self-attest to the security of their software supply chain, Sacra estimates that Chainguard grew to $40M annual recurring revenue (ARR) as of January 2025, with $37M at the end of 2024, 640% from $5M in 2023, with ~33% of revenue from companies like Anduril and Canva going after the FedRAMP certification they need to sell into the government. Compare to software supply chain incumbent JFrog (NASDAQ: FROG) at $429M revenue in 2024, up 22% YoY, valued at $5.1B for a 11.9x multiple, and cybersecurity platforms Wiz at $500M ARR as of June 2024, up 103% YoY, acquired by Google for $32B for a 64x multiple, and Snyk at $300M ARR as of October 2024, up 20% YoY, as well as Docker at $207M ARR in 2024, up 25% YoY.
- Riding the wave of companies getting compliant with federal guidelines to sell into the government’s $22B of SaaS spending, cybersecurity and dev ops incumbents are bundling secured images as an upsell, with Docker launching Hardened Images—leveraging its distribution advantage as the default container registry for 20M+ developers—and Wiz launching WizOS, both in the last 3 weeks. With zero-vulnerability containers as its wedge, Chainguard is expanding into secure versions of individual software packages (Chainguard Libraries) and secure cloud virtual machines (Chainguard VMs), moving from the ~$1B container security space into the $4.5B language-package market (led by JFrog) and the $3B hardened VM layer led by Red Hat (NYSE: IBM).
For more, check out this other research from our platform:
- Chainguard (dataset)
- Docker (dataset)
- Snyk (dataset)
- Wiz (dataset)
- Wiz passes $500M ARR
- Snyk at $300M ARR
- Scott Johnston, CEO of Docker, on growing from $11M to $135M ARR in 2 years
- Anduril (dataset)
- Anduril at $1B/yr
- SpaceX (dataset)
- Anduril, SpaceX, and the American dynamism GTM playbook
- The biggest mistake defense startups make
- Ross Fubini, Managing Partner at XYZ Capital, on the defense tech opportunity
- Scott Sanders, chief growth officer at RRAI, on the defense tech startup playbook
Read more from
Chainguard revenue, growth, and valuation
Unlocked Report
Continue Reading
Read more from
Wiz passes $500M ARR
Free Report
Continue Reading
Snyk at $300M ARR
Free Report
Continue Reading
Read more from
Replit at $70M ARR
Free Report
Continue Reading
Read more from
Keep revenue, growth, and valuation
Unlocked Report
Continue Reading