Black Duck named leader in Gartner Magic Quadrant for eighth year

Black Duck has been recognised as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing for the eighth year running.

Gartner evaluated 16 vendors in the application security testing (AST) space using criteria such as Completeness of Vision and Ability to Execute. Black Duck achieved the highest position for Ability to Execute for the sixth year in succession.

The annual Magic Quadrant report examines developments in application security as the market continues to expand in scope. The report's authors noted, "Artificial intelligence, modern application designs and increased software supply chain risks are expanding the AST market scope. Cybersecurity leaders can identify and manage risk within applications by integrating and automating AST throughout software life cycles."

Black Duck attributed its continuing recognition primarily to a blend of product development and enhanced AI capabilities. The company has recently introduced updates focused on automating vulnerability detection, triage, and remediation for developers, as well as improved assessment features for security teams to help manage risk profiles.

"We're honoured that Gartner has named Black Duck a Leader in the Magic Quadrant for Application Security Testing for the eighth time in a row. We believe this recognition reflects our team's relentless commitment to innovation and securing mission-critical software for our customers. As generative AI reshapes how software is built, tested, and deployed, it also introduces new layers of complexity and risk. Black Duck is proud to be at the forefront of helping developers and security professionals navigate this transformation with intelligent, scalable security solutions that evolve as fast as the code they protect," said Jason Schmitt, CEO of Black Duck. 

Since the last Magic Quadrant evaluation, Black Duck has launched a number of new tools and improvements which it cites as contributing factors to this year's positioning. These include enhancements to the Black Duck Assist application, its artificial intelligence-powered security assistant. The tool now supports automated security scanning of code generated by AI as well as AI-driven code fixes directly within integrated development environments, intended to ensure seamless protection of application code during development.

Another key release from the company is the Black Duck Security GitHub App, which enables integration and synchronisation between GitHub repositories and other Black Duck security solutions such as Polaris, SCA, and Coverity. This integration allows development and security teams to automate source code scanning at scale, supporting both SaaS and on-premises environments.

Additionally, the Polaris Platform-Black Duck's security testing hub-has seen enhancements aimed at assisting enterprise users. New updates include customisable application risk scoring, improved policy management options, and the ability to aggregate and normalise security testing results from over 50 third-party tools. These features are intended to help organisations assess their risk posture more comprehensively across diverse environments.

Black Duck's ongoing developments in artificial intelligence and platform integrations align with broader trends in the application security sector. According to the 2025 Magic Quadrant report, the evolving landscape driven by AI-powered development processes and growing supply chain risks continues to influence customer requirements in the sector.

The inclusion of new AI-driven features and expanding ecosystem integrations are central to Black Duck's recent growth as indicated by the company's leadership position in the Magic Quadrant.