flox raised US $16.5 million in a series A funding round last month. Enterprise Times sat down with Ron Efroni, CEO and co-founder at flox, at the State of Open Source conference, to talk about the funding round. The round was led by New Enterprises Associates (NEA) and brings the total raised by the company to $27 million. The company also announced its new open-source flox platform as it seeks to make it easier for developers to take advantage of the open-source build tool Nix.
The open-source flox platform is the start of the company’s product launches this year. It is planning an enterprise version of the flox platform later this year. However, the company has given no date for that or indicated what it will cost. What is also not known is how aligned the open-source version will be with the enterprise version.
Ron Efroni, CEO and co-founder at flox, commented, “We created flox to give developers better collaboration and control over their development lifecycle, including improved automation over production releases, reduced operational risk and increased productivity.
“We recognized the vast power of Nix but knew there was a market need to take developer tools to the next level, providing versioned environments-as-code that could be consistently released, updated and maintained and that could offer improved security and efficiency. We couldn’t be more excited to offer this to developers and bring this to market now.”
What is the money for?
Enterprise Times asked Efroni how he intended to use the money and what else flox was up to.
Efroni replied, “our plans right now are very explicit. We’re launching open source today. What we’ve built over the last year is developer focused and is a gateway into the powers of Nix and all the magic of it. Everything from the 80,000 packages to reproducibility, to running environments, side by side. All of it was our main focus.
“To your question of what are we using the funding for? Our next 12 months is about doubling down on engineering with a huge focus on how we serve the open-source community. How do we cater to the needs of the individual developer, while also being very aware of what they need at the next stage, which is what do we do when Nix needs to operate within a team?
“The funding is pretty explicit in that area. It’s doubling down on engineering, but also heavily doubling on hiring and bringing in awesome talent to help us with user experience and developer experience as a whole. That’s something that we really need in Nix and flox.”
“Nix is amazing, and it’s huge. It can do so much. It’s an operating system, it’s a package manager, it can do builds, and it can do CI. But we are really coming in with a wedge with a very specific offering, initially around the environments, packages, and the portability, reproducibility and security of it.”
Hire or acquihire?
One of the challenges in the tech space is getting the right hires. At the same time, companies are acquiring companies to expand their offerings and plug gaps in their product lines. However, the latter is also a good way to get people who have the right and proven skills you need. In the case of flox, we asked Efroni, how much would be acquihired?
Efroni replied, “I know a lot of amazing teams where geniuses have been able to put together things that are a completely another level. For us, if we can find ways to bring them in, bring these teams in, and partner up with us, that’s what we’re doing.
“We’re trying to do something ambitious with Nix and flox. If I look down the line in five years, these principles that we’re able to introduce are disruptive to multiple facets of the current SDLC. Yes, we’re starting with environments. The fact that you can use this instead of homebrew and you can use this instead of your package manager, it’s universal, it’s inclusive.
“But we’re also getting into the sense of versus Docker, versus these huge, huge status quos in the industry. The only way to do that is with people who are the best. It doesn’t matter where they are currently at. I’d love to see how we can get the whole team rolling.”
Managing ecosystems isn’t easy
One of the challenges of building out an ecosystem marketplace is keeping it valid. In the open-source community, many companies have found that solutions built and contributed get used by the wider community. However, there is no guarantee of longevity, and sometimes solutions become orphaned. How do you curate the community, especially around integrations?
Efroni commented, “I’m gonna flip between two hats here, my Nix board hat focusing on community and also my flox hat. I’ll start off with the flox side. If we’re prioritising this as an integration that is needed by developers, by the community, and we invest in it, it’s going to come with the flox commitment. We’re going to be supporting this until the end, and hopefully beyond.
“There are all these concepts that I really strongly believe in where you don’t silo developers in the company, developers are horizontal, and multiple developers work across different projects together and collaborate. It is like open-source concepts but inside a company. Even if one developer leaves, there are three or four that have been highly involved and pick it up and run it. That’s just healthy.
“Nix hat on, we’re currently defining and structuring the community to empower it further. And you’re very right. Once the community says, ‘we have this integration that will help us bring it to more people, allow it to be more friendly,’ we will be injecting that into what we’re calling our team empowerment structure. It is where we’ve taken the different teams in the community, and we’ve decided are they critical, formal, or community?
“The difference is that the more formal that team is, the more funding and support they get from the board and the more responsibilities and accountability that they have. For instance, if we find out that there’s an integration that we are really prioritising, that will ideally be put into the responsibility or accountability of a critical-level team. Maybe in the future, we’ll actually have a full-on integration team.
“We just recently spun up the next team, which is the technical leadership team. That’s how I view making sure that we don’t stagnate and lose integration that’s important.”
Software bill of materials
You’ve talked about the software bill of materials (SBoM) recently. How do you make that work? In most organisations, there is a lack of integration between SBoM and their asset registers. Normal asset registers assume a fixed entity, a server, a printer, or a project. With the SBoM, it has to be a living thing. You have to constantly update when patches are applied, even when those patches are applied automatically. How do you make your software bill of materials dynamic?
Efroni responded, “the whole concept is we stand on the shoulder of giants, which is Nix. It’s the largest package repository in the world. built and maintained by over 5,000 contributors. On the GitHub top 10, we just came in at number seven. We’re the only non-corporate backed project. That’s a real metric. Nix gives us the capability to do those atomic and automatic updates.
“The packages are always getting maintained and upgraded and moved. Nix builds out the file path with a checksum. That checksum represents the dependencies one-to-one. We also have full visibility into the build time in runtime, because, again, the open-source package repository just has everything we expose.
“So for each package, you have fully exposed their dependencies, and that’s recursive, all the way down. Once anything changes, that checksum changes. Once I check some changes, it shows you that we’ve proactively regenerated the SBoM, but by construction instead of by scanning. It’s a bottoms-up motion to being always aware of what your software is dependent on.”
Enterprise Times: What does this mean?
What to do with money is always a question that should be asked of any company announcing a funding deal. Often, many will have generic answers such as increasing R&D spending, opening sales offices, and new hires. Few are willing to go into detail and explain how some of those processes will take place.
Efroni has a very clear vision of how the funds are to be spent and is focused on what he wants. More importantly, he also recognises there are challenges as you build out and become further embedded into open-source. That they are looking at acquihire and addressing the SBoM challenge is also good news for customers and investors.
It will be interesting to watch who Efroni acquires to get the right people and how the company curates its integration market. The latter will show if it is willing to adopt key packages as the creators move on to other things.
