TMCnet News
Black Duck Named a Leader in the Inaugural 2026 Gartner® Magic Quadrant™ for Software Supply Chain SecurityRecognized for Completeness of Vision and Ability to Execute BURLINGTON, Mass., June 22, 2026 /PRNewswire/ -- Black Duck®, the leader in AI-powered application security, today announced it has been recognized as a Leader in the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security1. In the report, Gartner evaluated 18 vendors based on Completeness of Vision and Ability to Execute.
According to the authors of the report, "Software powers most critical infrastructure today. Therefore, a lack of understanding of who built the software, how it was built and what its ingredients are poses a danger not only to businesses but also to society at large. Software engineering teams can use SSCS tools to automate the enforcement of security and compliance policies and meet regulatory and government mandates."1 "Software supply chain security is now a board-level priority, driven by regulations like the EU Cyber Resilience Act and the transformative impact of AI on software development and vulnerability discovery," said Greg Hughes, CEO of Black Duck. "These forces are rapidly expanding the scale and complexity of risk. At Black Duck, we are embedding AI across our platform, combined with decades of domain expertise and deep contextual intelligence, to deliver the visibility and automation organizations need to stay ahead of attackers. We believe our recognition as a Leader reflects both our execution today and our vision for securing software at scale."/p>
AI Model Risk Insights: Detects embedded open source and hybrid AI models using signature-based analysis, expanding control over AI license and reputational risks, simplifying governance, and establishing the foundations for AI-BOM and policy workflows. Risk-Based Vulnerability Prioritization: Expands exploitability and reachability analysis across source code, binaries, and containers, helping teams focus on vulnerabilities that are truly exploitable and reduce remediation noise. AI-Driven Dependency Remediation: Uses LLMs and curated security intelligence to generate minimal patches for vulnerable dependencies, including cases with no upstream fix, accelerating remediation without disrupting application stability. SBOM & Vulnerability Disclosure Maturity: Enhances SBOM lifecycle management with richer vulnerability data, expanded VEX export (CSAF 2.0), and improved workflows, reinforcing Black Duck as a system of record for SBOM governance and regulatory alignment (e.g., EU CRA). Expanded Support for Hardened Container Images: Identifies hardened container images (e.g., Chainguard, Docker, Minimus) and ingests supplier-provided VEX data to reduce false positives, reduce manual triage effort, and improve confidence in upstream security posture. Download the 2026 Gartner Magic Quadrant for Software Supply Chain Security and read our blog post to learn more. 1.Gartner, Magic Quadrant for Software Supply Chain Security, Aaron Lord, Johnny Walters, Jason Gross, 17 June, 2026. Disclaimer: Gartner and Magic Quadrant are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner's business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose. About Black Duck
SOURCE Black Duck Software 
|
View original content to download multimedia: