In issue #14 of Forkable, I look at the latest entrant to the unicorn club — an open source “backend-as-a-service” company called Supabase, which raised a hefty chunk of change at an even heftier $2 billion valuation. The company also reports a spike in users, with Supabase co-founder and CEO Paul Copplestone putting this down to the vibe-coding trend that allows anyone to create software with AI.

Elsewhere, Chainguard — which promises to secure the open source software supply chain more — tripled its valuation to $3.5 billion off the back of a huge fundraise.

And in case you missed it, this week I published the first in my new COSS Corner series, where I profile startups and key figures from the commercial open source software (COSS) space — more on that below.

As usual, feel free to reach out to me with any questions, tips, or suggestions: forkable[at]pm.me.

Paul

Open issue

A COSS unicorn is born

Two sizeable funding rounds to report from the open source realm this week. Supabase, a company building an open source alternative to Google’s “backend as a service” platform Firebase, raised $200 million at a $2 billion valuation — the first time (that I’m aware of) the company has revealed a valuation in its five-year history, confirming the San Francisco-based startup as a the latest entrant to the unicorn club.

Big-name backers for the Series D round included Coatue, Y Combinator, Craft Ventures, and Felicis.

Supabase, for the uninitated, spins up a full PostgreSQL database with built-in authentication, a real-time engine, storage, and more. If you don’t fancy self-hosting and managing all the infrastucture hassles, Supabase will sell you a managed cloud service.

Today, Supabase claims some two-million developer users, with its sign-up rate doubling in the past few months. The reason? Well, Supabase co-founder and CEO Paul Copplestone reckons a big part of this is down to vibe-coding, an emerging AI-driven programming technique that basically requires you to desribe what you want to an AI coding “assistant” which then builds it.

Apps, regardless of who or what built them, need a backend — which is where Supabase stands to benefit.

“I see our community, over the next decade, as something that will grow with us, and it’s for everyone from developers, all the way up to enterprise,” Copplestone told Fortune. “It’s more than just developers even now. Our sign-up rate just doubled in the past three months because of vibe coding…”.

Elsewhere, Chainguard — a company that promises to make the open source software supply chain more secure — raised $356 million at a $3.5 billion valuation. That’s more than triple its valuation at its Series C round just 10 months ago.

That’s not bad at all for a company founded less than four years ago, but it’s perhaps indicative of the growing awareness of the risks posed by software reliant on myriad components from third-party suppliers.

Chainguard basically rebuilds the open source components from source, rather than using pre-built binaries or container images which may contain vulnerabilities.

“When we started Chainguard three years ago, supply chain security had the curiosity of the industry,” Chainguard CEO Dan Lorenc said. “Today it has their attention. Whether it’s struggling to patch fleets of containerized systems to address the endless onslaught of new vulnerabilities, or holding endless postmortems to measure or mitigate supply chain breaches […] the industry and regulators are all realizing the old ways of building and using open source software don’t work anymore.”

COSS Corner

Recce wants to help developers 'ship working data faster'

The first story in my COSS Corner series went live this week, and in it I caught up with CL Kao, founder and CEO of Recce, an open source startup building “data native” code review tools to “solve a fundamental gap in how data systems are managed today.”

Recce, essentially, transposes the “preview, decide, deploy” ethos from the software realm, onto data systems, enabling data teams to move fast without breaking things -- which is vital in the age of AI.

“Data teams operate in the dark — making changes without being able to preview their impact, deciding without complete information, and deploying with crossed-fingers rather than confidence,” Kao said.

The startup has also just announced $4 million in funding, which will go toward the launch of a new commercial cloud product.

Read more: Recce wants to help developers 'ship working data faster'

Patch notes

• The votes are in, and the open source Terraform fork OpenTofu is officially going to be a Cloud Native Computing Foundation (CNCF) project.

• ​Whisky, the free and open source app built upon Wine to power Windows games on Macs, is no more — the teenage developer behind the project pulled the plug, saying that it was harming a paid alternative called CrossOver.

• Hopper launched out of stealth with $7.5 million in seed funding to “redefine open source security,” and challenge the incumbent software composition analysis (SCA) platforms.

• Dia is a new open source text-to-speech model designed to take on the likes of OpenAI and ElevenLabs, as per a VentureBeat report this week.