A new report shines a light on the world of commercial open source software (COSS) startups, including which ones are growing fastest, which are raising cash and even which universities are most popular among COSS founders.
The report emanates from Runa Capital, a formerly Silicon Valley-based venture capital firm that recently moved its HQ to Luxembourg. Runa previously backed a number of companies with open source foundations such as Nginx, MariaDB and N8n.
Since 2020, Runa has operated what it calls the Runa Open Source Startup (ROSS) Index, ranking the top 20 fastest-growing open source startups. While the index is focused on quarterly growth, Runa just published its first annual report looking at COSS startup trends throughout the whole of 2022, as well as some broader trends dating back to the index’s inception nearly three years ago.
Fast growing
The ROSS Index Annual Report 2022 expands its focus to the top 50 startups rather than the top 20 as per Runa’s quarterly index, revealing that the top five fastest-growing open source companies last year were Builder.io, a no-code platform for digital storefronts; Novu, which is creating a notification infrastructure for developers; Refine, a framework for web app development; Safing, which is creating data privacy products including an application firewall; and Nhost, a backend-as-a-service provider that’s setting out to rival Firebase.
The top 50 fastest-growing open source startups in 2022. Image Credits: Runa Capital
Of the 50 fastest-growing open source companies in Runa Capital’s index, 44% have raised VC funding since the beginning of 2022 including low-code web app developer Appsmith, which landed $41 million, and another Firebase rival called Appwrite, which secured $27 million.
A little more than two-thirds (68%) of the 22 ROSS Index startups that attracted investment over the past year did so at the seed stage, while $169 million was raised in total across all rounds.
Methodology
It’s impossible to assess the validity of Runa’s report and data without considering the methodology behind it all. The company says that it tracks all GitHub repositories with at least 1,000 stars (stars are similar to a “like”) and then checks each one for an associated commercial startup. This means that it ignores side projects or projects that are associated with a tech giant such as Google, for example. It defines a startup as one that was founded within the past 10 years, has raised less than $100 million in (known) funding and has not exited (i.e., been acquired or gone public).
Runa then whittles down the remaining startups to a “top 20” list for its quarterly index and ranks them by annualized growth rate (AGR) of GitHub stars.
However, by Runa’s own admission, this methodology is not perfect.
For context, GitHub enables logged-in users to “star” or “watch” a project. Someone may star a project for any number of reasons. For example, to show their appreciation similar to how they might “like” a Facebook post. Or they may simply want to bookmark a project to revisit at a later stage. When someone chooses to “watch” a project, on the other hand, this usually means that they are taking a more proactive interest in the project, given that they will then receive notifications of any changes made to the project in question.
Put simply, the number of “stars” a project has is likely to be far higher than the number of watchers, given that people will only choose to “watch” a project for the duration of time that they’re actively interested in it. “Stars,” on the other hand, tend to accumulate over time, as there is little reason for someone to “un-star” a project.
There are other potential ways to measure a project’s popularity, too, such as by the number of contributors it has. But no single metric is perfect, according to Konstantin Vinogradov, the Runa Capital partner who spearheads the index and developed its inaugural annual report.
“User engagement in an open source project can be considered a funnel, where ‘stars’ are the lightest metric at the top and ‘contributors’ are the heaviest metric at the bottom of the funnel,” Vinogradov explained to TechCrunch by email. “It is way easier to ‘like’ a repository than to contribute code to it. However, both top and bottom metrics — and those between them, e.g. ‘watch,’ ‘issues,’ and so on — are not perfect and should ideally be examined altogether. We chose only one metric because we wanted a simple, reasonable and transparent base for the ROSS Index.”
Indeed, while a project’s star count is more accumulative than the watch count by nature, the ROSS Index is based on relative growth over a given period to establish the most popular newcomers, and therefore doesn’t include any historical numbers that might be in there. Vinogradov said that on balance, this is the best way of measuring project growth and popularity.
“‘Watch’ is an inappropriate metric because it only accounts for users who subscribed to all notifications on a repository,” he said. “Many contributors and repository fans don’t want to be notified about literally everything and may select events for which they wish to be notified, such as ‘custom watch,” thereby falling out of the ‘watch’ counter.”
Jumping-off point
Runa Capital’s report is by no means an exhaustive look at the state of VC funding or open source software. Plenty of COSS companies — large and small — gained traction and raised capital last year, spanning gaming, e-commerce, engineering analytics, community development, business intelligence, IoT and more, and which simply didn’t receive enough “stars” on GitHub to make it onto this one specific list.
However, it still serves as a useful jumping-off point to explore some interesting trends around where the COSS action is taking place and where the founders are coming from. The company says it mined data from third-party sources such as LinkedIn, Crunchbase, Y Combinator and more to highlight other semi-notable trends. For instance, Google was the most common previous employer for ROSS Index startups, though other companies such as IBM and Microsoft also feature fairly highly, so it’s perhaps not possible to draw too many conclusions from this.
Former employers of ROSS Index startups. Image Credits: Runa Capital
Similarly, France’s Epitech (Paris Graduate School of Digital Innovation) topped the list of universities attended by founders, followed by Canada’s University of Waterloo, though the usual suspects such as Harvard and Berkeley weren’t far behind.
Universities attended by startup founders in the ROSS Index. Image Credits: Runa Capital
Locationwise, 58% of the startups featured in the report are principally based outside the U.S., spanning 17 countries. However, the U.S., U.K., Germany and France collectively accounted for 79% of all ROSS Index startups that have received venture capital funding since it started in 2020.
By comparison, 57% of “typical” startups during that same period were based in those four countries, according to Crunchbase data cited in Runa Capital’s report.
HQs of startups that raised VC funding in 2020-2022. Image Credits: Runa Capital
The “open source” factor
A perennial bone of contention in the world of open source is to what extent a piece of software should be considered “open source” — and whether it’s actually open source at all.
There are dozens of different license types with myriad stipulations on what a user is — and isn’t — allowed to do with the corresponding piece of software. At one end of the spectrum, you have super-permissive licenses, such as the MIT License, which have few restrictions, while at the other end, you have so-called “copyleft” licenses, such as the GNU General Public Licenses (GPL), which require users to release all derivative projects under equivalent terms to the original GPL-licensed software. And you have licenses with varying degrees of deviations, such as the Apache License, which is permissive like the MIT License but is a little more complex in terms of the specifics of what isn’t allowed, particularly around patent and trademark protections.
ROSS Index data suggests that most commercial open source startups prefer slightly more protective licenses such as Apache and GPL when compared to typical numbers for GitHub projects on the whole, where the MIT License rules the roost.
License popularity among repositories — GitHub (in general) versus ROSS Index startups. Image Credits: Runa Capital
Purists might also take issue with some of the startups that have been included in Runa Capital’s report, given that some have fairly lightweight open source credentials. API integration platform Pipedream, for example, has released its core platform under a proprietary source available license, though some of its associated technology is available under an open source license.
Thus, Runa Capital has adopted a more liberal interpretation of what it means to be an “open source startup” for its report.
“We label startups as ‘open source’ when they open sourced a meaningful part of their codebase, which can be considered a software product relevant to their business,” Vinogradov said. “Companies can build both open source and closed source products. Some companies can have 80% of code open and others only 20%. It’s just various ways to develop and distribute software products. There is no good way to judge whether any non-zero share is good/bad enough for an ‘open source’ title.”