查看購物車
  • Simplified Chinese
  • English
  • Japanese
  • Korean
封面
市場調查報告書
商品編碼
1927575

自動化測試、軟體成分分析和 SBOM 工具:AI 增強型分析已成為主流

Automated Testing, Software Composition Analysis & SBOM Tools: AI-Augmented Analysis Takes Hold
出版日期: | 出版商: VDC Strategy | 英文 46 Pages/459 Exhibits | 商品交期: 最快1-2個工作天內

價格
簡介目錄

人工智慧對軟體開發的影響正在重塑工程組織設計、建構和維護程式碼的方式。生成式人工智慧和 Copilot 等技術有效地加速了軟體開發,但也引入了新的漏洞和專案風險。因此,對能夠確保有效安全性和品質的自動化測試和分析工具的需求正在顯著增長。軟體成分分析 (SCA)、靜態分析和動態測試解決方案作為關鍵的保障措施,使工程組織能夠在不犧牲可靠性、安全性或合規性的前提下,安全地實現 AI 驅動的生產力提升。

對自動化測試工具的需求受多種因素驅動,供應商必須密切注意並了解所有這些因素。監管壓力、不斷發展的行業標準、不斷變化的軟體開發理念、人工智慧以及軟體在安全關鍵功能中日益重要的作用,都在以不同的方式影響著軟體驗證和確認 (V&V) 市場,因此需要進行適應性產品設計和研發投資。

本報告深入分析了與自動化軟體測試工具、安全測試工具和軟體核心分析 (SCA) 工具市場相關的工具、趨勢和策略考量。報告按工具類型(靜態分析、動態/基於模型的測試、SCA)、地區(美洲、歐洲、中東和非洲地區、亞太地區)、企業/嵌入式用例以及各個垂直市場,對 2024 年至 2029 年的市場規模進行了預測。為了更好地支持推動長期成長的策略決策,本報告還包含了基於 VDC "工程師之聲" 調查的最終用戶洞察,以及包含供應商市場佔有率的競爭格局分析。

本報告解答的關鍵問題

  • 哪些因素正在推動對 AI 加速的軟體測試和分析的需求?
  • AI 程式碼產生將如何改變軟體開發,它又會帶來哪些風險?
  • 哪些垂直市場最具工具成長潛力?
  • 主要的編碼標準何時會改變?
  • 工程組織如何根據人工智慧的使用調整其測試策略?
  • 哪些程式語言正在發展壯大? Rust 在嵌入式領域的實際採用率是多少?
  • 近期收購案如何影響了測試和系統控制分析 (SCA) 工具的競爭格局?

本報告中提到的組織

  • AdaCore
  • ANSYS
  • 電池創投公司
  • 黑鴨軟體
  • 檢查馬克思
  • 遊標
  • 深度程式碼人工智慧
  • DXC技術
  • 茄子
  • ESI集團
  • 有限狀態
  • GitHub
  • 亞搏體育app
  • Google
  • 擁抱臉
  • IBM
  • JFrog
  • 是德科技
  • LDRA
  • MathWorks
  • 修補
  • 合併函式庫
  • 微軟
  • 英偉達
  • 開啟文字
  • Parasoft
  • 必然
  • 品質檢查系統
  • Snyk
  • Sonatype
  • Tasking
  • TrustInSoft
  • Veracode
  • Windsurf
  • 其他

主要發現

  • 預計到 2029 年,全球軟體安全認證 (SCA) 和自動化軟體安全測試工具市場規模將超過 49 億美元。
  • 受全球國防開支大幅成長和歐洲汽車產業成長放緩的推動,航空航太和國防領域已超越汽車產業,成為最大的垂直市場。
  • 歐盟 "網路彈性法案" 的實施持續推動對 SCA 工具的需求,這些工具能夠為工程團隊提供軟體物料清單 (SBOM) 的生成和管理功能。
  • 隨著 DevOps 不斷變革軟體開發,對平台交付和與其他工具深度整合的需求日益增長。
  • 使用人工智慧產生程式碼的組織對其測試工具的安全功能評價顯著高於尚未考慮或整合人工智慧程式碼產生的組織。
  • 隨著軟體開發方法的演進,最終使用者的需求也不斷變化,供應商滿意度分數也隨之波動。

報告摘錄

目前在其專案中使用人工智慧程式碼產生的工程師對靜態分析工具的評估方式有所不同,他們更重視安全性和品質保證。由於人工智慧產生的程式碼可能會引入新的、複雜的漏洞,因此使用人工智慧程式碼產生的工程組織會優先考慮能夠有效驗證機器生成軟體的工具。同時,未使用人工智慧程式碼產生的工程組織與採用人工智慧的組織一樣重視成本,但他們更注重易用性、語言支援以及與其他工具的整合程度。雖然這些數據反映了一種更傳統的開發方式,即團隊依賴內部程式碼,工具鏈的自動化程度較低,但也顯示軟體開發組織對人工智慧產生的程式碼持謹慎態度。此外,使用人工智慧程式碼產生的組織非常重視供應商的品牌聲譽。為了抵​​消採用人工智慧帶來的風險,工程組織傾向於選擇那些擁有交付高品質工具良好記錄的成熟解決方案。 隨著人工智慧的普及,專注於安全性的工具將變得更加重要。專門用於在開發週期早期識別人工智慧產生的漏洞和風險的靜態分析工具將在預測期內獲得更大的市場佔有率。

目錄

本報告內容

本報告解答哪些問題?

本報告的目標讀者

本報告中提及的組織機構

摘要整理

  • 主要發現

全球市場概覽

  • 靜態分析工具
  • 動態/基於模型的測試
  • 以安全為中心的靜態分析
  • 軟體成分分析
  • 平台解決方案
  • 併購
  • 語言使用情況
  • 軟體測試的生成式人工智慧

區域趨勢與預測

垂直市場市場趨勢與預測

最終用戶洞察

  • 選擇靜態分析工具的最重要因素:基於程式碼生成中人工智慧的應用
  • 選擇動態測試工具的最重要因素:基於程式碼生成中人工智慧的應用
  • 靜態分析與動態測試工具的典型決策者
  • 雲端靜態分析、動態測試和靜態程式碼分析的應用
  • 靜態分析供應商效能評估
  • 動態/基於模型的測試供應商效能評估
  • 靜態程式碼分析供應商效能評估

競爭格局

供應商和技術提供者簡介

  • AdaCore
  • Black鴨子
  • 檢查馬克思
  • IBM
  • 是德科技
  • LDRA
  • MathWorks
  • 修補
  • 開啟文字
  • Parasoft
  • 必然
  • 品質保證系統
  • 斯尼克
  • 索納型
  • TrustInSoft

關於作者

VDC 研究

簡介目錄

Inside this Report

AI's impact on software development is reshaping how engineering organizations design, build, and maintain code. Generative AI and copilots effectively accelerate software development, but they also introduce novel sources of vulnerability and project risk. As a result, demand for automated testing and analysis tools with effective security and quality enforcement has grown significantly. Software composition analysis (SCA), static analysis, and dynamic testing solutions now function as critical guardrails that help engineering organizations safely access AI-enabled productivity gains without sacrificing reliability, safety, or standards compliance.

Several factors are shaping demand for automated test tools, all of which must be closely monitored and understood by tool vendors. Regulatory pressures, evolving industry standards, shifting software development philosophies, artificial intelligence, and software's growing role in safety-critical functions are all influencing the market for software verification and validation in different ways, necessitating adaptive product design and R&D investment.

This report includes an in-depth analysis of the tools, trends, and strategic considerations relevant to the market for both automated software and security testing tools as well as SCA tools. It includes market sizing and forecasts from 2024 to 2029 with segmentations by tool type (static analysis, dynamic and model-based testing, SCA), region (Americas, EMEA, APAC), enterprise versus embedded use, and individual vertical markets. To better inform strategic decisions that will yield long-term growth, this report also includes end-user insights from VDC's Voice of the Engineer survey and an analysis of the competitive landscape, which includes vendor market shares.

What Questions are Addressed?

  • What factors are driving demand for AI-accelerated software testing and analysis?
  • How has AI code generation changed software development and what risks does it introduce?
  • Which vertical markets present the best opportunity for tool growth?
  • When are changes to key coding standards taking place?
  • Why are engineering organizations changing their testing strategies based on their AI usage?
  • Which coding languages are growing and what is the true adoption rate of Rust in embedded?
  • How have recent acquisitions shaped the competitive landscape for test and SCA tools?

Who Should Read this Report?

This report should be read by individuals making strategic decisions for marketing, product development, or competitive tactics. It is intended for senior decision makers who influence the development, sales, and use of test automation tools, including:

  • CEO or other C-level executives
  • Corporate development and M&A teams
  • Marketing executives
  • Business development and sales leaders
  • Product development and product strategy leaders
  • Channel management and channel strategy leaders

Organizations Listed in this Report

  • AdaCore
  • ANSYS
  • Battery Ventures
  • Black Duck Software
  • Checkmarx
  • Cursor
  • DeepCode AI
  • DXC Technology
  • Eggplant
  • ESI Group
  • Finite State
  • GitHub
  • GitLab
  • Google
  • Hugging Face
  • IBM
  • JFrog
  • Keysight
  • LDRA
  • MathWorks
  • Mend
  • MergeBase
  • Microsoft
  • NVIDIA
  • OpenText
  • Parasoft
  • Perforce
  • Phylum
  • QA Systems
  • Snyk
  • Sonatype
  • Tasking
  • TrustInSoft
  • Veracode
  • Windsurf
  • and others

Executive Summary

AI is transforming the software development lifecycle (SDLC) and the tools that developers need throughout it. Engineering organizations across vertical markets have adopted copilot-style coding assistants to automate coding tasks and help developers accelerate releases. Automated software development introduces risk, however. AI code generation engineers use several different codebases (most of which are open source), creating code fragments that may introduce license compliance or security risk. In response, demand for security-focused SCA and automated testing solutions is rising. Engineering organizations are actively counterbalancing AI-generated risk with security-oriented software testing, making software analysis and testing key components of the AI-augmented SDLC.

Test and SCA vendors have also capitalized on AI-powered productivity gains. Automatic triaging, hotspot analysis, test case generation, and remediation are points of parity in the enterprise/IT software tooling market. Embedded systems engineers have historically resisted heavy AI augmentations within testing tools. As solution vendors increasingly add predictable AI features and functionality, however, demand for AI-augmented solutions has grown across organization types. Tool vendors must continue to invest in AI features that accelerate the testing process, going beyond the shift left paradigm.

AI-enabled solutions that are deeply integrated with other tool types and platforms will lead the SCA and automated software testing market throughout the duration of the forecast. Leading vendors have made significant investments in creating solutions behind a single pane of glass that combines static analysis, dynamic test, and SCA. As a result, the market is ripe for consolidation and partnership. Single-solution vendors must seek strong technical partners in SBOM management and static analysis to fill emerging gaps in regulatory compliance and security. The SCA and test market has evolved rapidly over the past three years, necessitating aggressive R&D and partnership efforts from solution vendors as they hope to capture a larger piece of the expanding market.

Key Findings

  • Global revenue for SCA and automated software and security testing tools will surpass $4.9B in 2029.
  • Aerospace and defense passed automotive as the largest vertical market due to significant increases in defense spending across the globe and a slowdown in the European automotive industry.
  • The EU Cyber Resilience Act enforcement will continue to drive demand for SCA tools that offer SBOM generation and management across engineering teams.
  • Demand for platform offerings and deep integrations with other tool types is growing as DevOps continues to reshape software development.
  • Organizations using AI-generated code place significantly higher value on security features in testing tools than organizations that have not yet considered or integrated AI code generation.
  • Vendor satisfaction ratings continue to change as end-user needs evolve alongside software development practices.

Report Excerpt

Engineers who are currently using AI to generate code in their projects evaluate static analysis tools through a different lens than their counterparts, placing proportionally higher value on security and quality assurance. Since AI-generated code can introduce new and potentially complex vulnerabilities, engineering organizations using AI to generate code prioritize tools that can effectively vet machine-generated software. Conversely, engineering organizations not using AI code generation agree with their AI-accelerated peers about cost but favored ease of use, language support, and level of integration with other tools. This data reflects a more conventional development approach where teams rely on in-house code and use less automation across the toolchain, but it also demonstrates the caution toward AI-generated code across software development organizations. Furthermore, organizations using AI code generation valued vendor brand reputation significantly more. To counterbalance AI-introduced risk, engineering organizations prefer proven solutions from organizations with a history of delivering high quality tools.

As AI adoption increases, security-focused tooling will hold greater importance. Static analysis tools specially designed to identify AI-generated vulnerabilities or risks early in the development cycle will gain market share over the forecast period.

Table of Contents

Inside this Report

What Questions are Addressed?

Who Should Read this Report?

Organizations Mentioned in this Report

Executive Summary

  • Key Findings

Global Market Overview

  • Static Analysis Tools
  • Dynamic/Model-based Testing
  • Security-focused Static Analysis
  • Software Composition Analysis
  • Platform Solutions
  • Mergers & Acquisitions
  • Language Usage
  • Generative AI for Software Testing

Regional Trends & Forecast

Vertical Market Trends & Forecast

End-User Insights

  • Most Important Factors in Selection of Static Analysis Tool Segmented by Use of AI to Generate Code
  • Most Important Factors in Selection of Dynamic Testing Tools Segmented by Use of AI to Generate Code
  • Typical Decision Maker for Purchase of Static Analysis & Dynamic Test Tools
  • Usage Rates of Static Analysis, Dynamic Test & SCA in the Cloud
  • Static Analysis Vendor Performance Ratings
  • Dynamic/Model-based Test Vendor Performance Ratings
  • SCA Vendor Performance Ratings

Competitive Landscape

Vendor & Technology Provider Profiles

  • AdaCore
  • Black Duck
  • Checkmarx
  • IBM
  • Keysight
  • LDRA
  • MathWorks
  • Mend
  • OpenText
  • Parasoft
  • Perforce
  • QA Systems
  • Snyk
  • Sonatype
  • TrustInSoft

About the

Authors About

VDC Research

List of Exhibits

  • Exhibit 1 Global Software and Security Testing Tools Revenue Segmented by Market Type
  • Exhibit 2 Global Static Analysis Tools Revenue Segmented by Market Type
  • Exhibit 3 Global Dynamic and Model-Based Test Tools Revenue Segmented by Market Type
  • Exhibit 4 Global Market for Security-focused Static Analysis Tools Segmented by Market
  • Exhibit 5 Global Revenue of Software Composition Analysis Tools & Related Services Segmented by Market Type
  • Exhibit 6 Current State of AI and Automation in the SCA Market
  • Exhibit 7 Usage of C, Ada, and Rust Code
  • Exhibit 8 Current AI/Automation Capabilities and Features of Leading Test Tool Vendors
  • Exhibit 9 Americas Market for SCA and Testing Tools Segmented by Tool Type
  • Exhibit 10 Europe, Middle East, and Africa Market for SCA and Testing Tools Segmented by Tool Type
  • Exhibit 11 Asia-Pacific Market for SCA and Testing Tools Segmented by Tool Type
  • Exhibit 12 Worldwide Shipments of Software and Security Testing Tools Segmented by Customer Type
  • Exhibit 13 IoT/Embedded Static Analysis Tools Market Segmented by Vertical
  • Exhibit 14 IoT/Embedded Dynamic and Model-Based Testing Tools Market Segmented by Vertical
  • Exhibit 15 IoT/Embedded SCA Tools Segmented by Vertical
  • Exhibit 16 IoT/Embedded Static Analysis Tools, 2024 Market Share
  • Exhibit 17 Enterprise/IT Static Analysis Tools, 2024 Market Share
  • Exhibit 18 IoT/Embedded Dynamic and Model-based Testing Tools, 2024 Market Share
  • Exhibit 19 Enterprise/IT Dynamic and Model-based Testing Tools, 2024 Market Share
  • Exhibit 20 IoT/Embedded SCA Tools, 2024 Market Share
  • Exhibit 21 Enterprise/IT SCA Tools, 2024 Market Share
  • Exhibit 22 Most Important Factors in Selection of Static Analysis Tool Segmented by AI-generated Code Usage
  • Exhibit 23 Most Important Factors in Selection of Dynamic Testing Tools Segmented by AI-generated Code Usage
  • Exhibit 24 Most Important Factors in Selection of SCA Tool Segmented by AI-generated Code Usage
  • Exhibit 25 Typical Decision Maker for Purchase of Static Analysis and Dynamic Test Tools
  • Exhibit 26 Usage Rates of Static Analysis, Dynamic Test, and SCA in the Cloud
  • Exhibit 27 Static Analysis Vendor Performance Ratings
  • Exhibit 28 Dynamic/Model-based Test Vendor Performance Ratings
  • Exhibit 29 SCA Vendor Performance Ratings

IoT & Embedded Engineering Survey

  • Exhibit 244 Types of Tools Used in Current/Most Recently Completed Project
  • Exhibit 254 Types of Static Analysis or SAST Being Used on Current Project
  • Exhibit 305 Perceived Investment Value of Dynamic Analysis or DAST Product Used
  • Exhibit 309 Perceived Difficulty to Learn the Use of Dynamic Analysis or DAST Product
  • Exhibit 340 Perceived Investment Value of Software Composition Analysis or IP Compliance Tool Used
  • Exhibit 341 Perceived Impact on the Quality of the End Product Being Engineered from SCA or IP Compliance Tool Used
  • Exhibit 343 Perceived Likeliness to Use the Same Brand of SCA or IP Compliance Tool For the Next Project of Similar Type
  • Exhibit 385 Consideration/Use of AI-generated Software/Code (e.g., Use of Copilot and/or Prompt-based Code Creation)
  • Exhibit 386 Expected Changes in Use of AI-generated Software in the Next Three years
  • Exhibit 387 Amount of Trust in AI-generated Software Code (Functionality, Security, IP, etc.)
  • Exhibit 388 Current Concerns About AI-generated Software Code
  • Exhibit 405 IoT Cloud Platforms-as-a-Service (PaaS) Being Used on Current or Most Recent Project