Gartner defines the application security testing (AST) market as the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities. This market is highly dynamic and continues to experience rapid evolution in response to changing application architectures and enabling technologies. AST tools are offered either as software-as-a-service (SaaS)-based subscription offerings, or less often, as on-premises software. Many vendors offer both options.
Gartner defines DevOps platforms as those that provide fully integrated capabilities to enable continuous delivery of software using Agile and DevOps practices. The capabilities span the development and delivery life cycle built around the continuous integration/continuous delivery (CI/CD) pipeline and include aspects such as versioning, testing, security, documentation and compliance. DevOps platforms support team collaboration, consistency, tool simplification and measurement of software delivery metrics. DevOps platforms simplify the creation, maintenance and management of the components required for the delivery of modern software applications. Platforms create common workflows and data models, simplify user access, and provide a consistent user experience (UX) to reduce cognitive load. They lead to improved visibility, auditability and traceability into the software development value stream. This end-to-end view encourages a systems-thinking mindset and accelerates feedback loops.
Gartner defines Software Composition Analysis (SCA) as a technology that analyzes applications and related artifacts (containers, registries, etc.) to detect open-source and third-party software components known to have security and functional vulnerabilities, are out-of-date for security patches, or that pose licensing risks. SCA products and services help ensure the enterprise software supply chain includes only secure components and, therefore, supports secure application development and assembly