查看购物车
  • Traditional Chinese
  • English
  • Japanese
  • Korean
封面
市场调查报告书
商品编码
1631576

软体配置分析 -市场占有率分析、产业趋势与统计、成长预测(2025-2030)

Software Composition Analysis - Market Share Analysis, Industry Trends & Statistics, Growth Forecasts (2025 - 2030)
出版日期: | 出版商: Mordor Intelligence | 英文 120 Pages | 商品交期: 2-3个工作天内

价格

本网页内容可能与最新版本有所差异。详细情况请与我们联繫。

简介目录

软体配置分析市场预计在预测期内复合年增长率为 21.7%

软体构成分析-市场-IMG1

主要亮点

  • 随着开放原始码程式码的使用越来越多,开放原始码漏洞和威胁的数量不断增加,软体配置分析正在被接受以成功应对风险。开放原始码软体(OSS)具有整合简单、元件广泛、零成本等优点,也存在OSS许可合规风险、OSS安全风险、OSS品质风险等缺点。这些开放原始码漏洞对骇客来说代表着巨大的潜在优势。根据 Sonatype 第六次年度软体供应链状况研究,直接针对开放原始码元件中的漏洞并感染软体供应链的下一代攻击增加了 430%。
  • 根据印度储备银行的数据,去年印度通用支付介面(UPI)中 PhonePe 的使用份额为 46%,其次是 Google Pay,为 34%。领先的金融科技公司是印度采用 UPI 的关键驱动力。随着行动支付的普及,这个研究市场可能会成长。
  • SCA 工具检查包装管理器、mani-Festo 檔案、原始码、二进位檔案、容器映像和其他物件。开放原始码被编译成材料清单(BOM),并与多个资料库(包括国家漏洞资料库)进行比较。这些资料库包含有关已知常见安全缺陷的资讯。国家漏洞资料库(NVD)是由美国政府维护的漏洞资料库。 Synopsys 的内部漏洞资料库Black Duck KnowledgeBase 是业界最完整的开放原始码计划、许可证和安全资讯集合。
  • 近年来,受疫情影响,企业更多地转向线上交易,迫使人们在网路上开展更多业务。数位转型的需求影响了公司的上市时间。公司可以更快地将产品推向市场,无论是链条、零件还是版本。另一方面,这些公司必须非常小心,以确保其资料不会洩漏或遭受漏洞或利用。出于安全原因,所有发布的产品版本都必须经过SCA程序。这种向数位化的转变似乎为先前在大流行期间探索的市场创造了机会。
  • 实施软体配置分析的最大障碍之一是缺乏技术纯熟劳工。由于缺乏培训和熟练的员工,每个维护人员都有自己的使用该程序的方式。结果,资料库变得复杂且无组织。付费节省时间的功能不适用于组织。因此,有能力的劳动力已成为软体配置分析产业最重要的问题之一。

软体配置分析的市场趋势

云端细分市场是推动市场的因素之一

  • 随着云端基础的软体和解决方案在各行业中获得认可,云端部署在预测期内将出现最快的成长速度。由于实施成本效益高,最常被中小企业采用。云端部署选项可让多个位置轻鬆协同工作,而无需安装软体或维护额外的硬体。
  • 云端运算占据了重要的市场占有率,预计将进一步加速成长。这种部署模式提供的成本和营运优势预计将在预测期内推动本地部署模式的转变。例如,根据 NTT Ltd. 的一项调查,超过一半 (52%) 的受访者表示云端将为他们组织的业务营运带来最重大的变化。
  • 云端允许各种规模的组织专注于其核心能力,同时将IT基础设施、连接和管理职责转移给擅长开发和提供这些服务的云端供应商,它已经证明了其在经济和营运方面的优势。此外,通讯业正在发生变化。这是由快速发展的技术、不断增长的需求、多元化的基本客群、对较低费率的最新产品和服务的需求以及卫星和有线等多个细分市场与现有通讯的整合所推动的。这样,企业整合软体的部署可以帮助CSP(云端服务供应商)透过实现不同独立应用系统之间的逻辑业务流程整合来管理和管理跨多个功能的各种系统和应用程式以支援营运。
  • 此外,Prisma Cloud 在其云端原生应用程式保护平台中新增了软体配置分析 (SCA),协助您实现与需要保护的应用程式紧密结合的程式码安全性。这项开发建立在我​​们行业领先的基础 IaC安全功能之上,并实现了第一个上下文感知 SCA 解决方案,该解决方案可以在应用程式安全中包含基础设施上下文。
  • 此外,公共云端支出已成为 IT 预算中的重要项目。公有云的使用不断增加,各种规模的组织的云端支出也随之增加。 Flexera 的一项研究显示,37% 的企业每年 IT 支出超过 1,200 万美元,80% 的企业每年云端支出超过 120 万美元。

北美预计将占据很大份额

  • 由于较早采用新技术、数位银行系统的使用不断增加以及网路威胁不断增加,北美预计将主导市场。严格的政府监管、网路购物的兴起以及大型市场参与企业的存在也在推动该行业的成长。
  • WhiteSource 宣布收购了开放原始码恶意软体安全和威胁侦测工具 Diffend。 White Source 现在能够提供一个尖端平台来降低软体供应链中的风险。
  • 此外,拜登总统鼓励公私部门透过要求供应商使用软体材料清单展示安全开发标准来保护美国软体供应链。 SBOM 使出售给政府的产品的软体组件以及可能存在的风险变得透明。预计此类做法将推动市场。
  • 去年9月,全球应用程式安全测试解决方案供应商Veracode与软体供应链风险与安全技术供应商Cybeats Technologies, Inc.宣布合作。此合作关係利用互补的技能,确保消费者获得最佳的网路安全解决方案。客户可以透过 Veracode Partners 购买 Cybeats 的软体供应链安全解决方案 SBOM Studio,两家公司将探讨合作开展业务。
  • 去年 2 月,由于 Log4 Shell 等备受瞩目的漏洞,开放原始码元件带来的危险变得更加突出,组织越来越多地寻求应用程式安全策略来管理这种风险。 Invicti Security 发布了一款软体配置分析产品,可协助企业监控、扫描和保护其应用程式的开放原始码部分。

软体配置分析产业概况

软体配置分析市场的竞争是温和的,并且由几个大型参与者组成。就市场占有率而言,其中一些参与企业目前占据市场主导地位。为了在竞争中生存并扩大其全球影响力,主要企业不仅进行产品创新,还进行併购。

2023 年 1 月,帮助企业和託管服务供应商(MSP) 管理资料并提高其取得专利的产品组合安全性的安全解决方案供应商 Apona Security 宣布,他们已发现包含程式码片段的程式库和程式码中的漏洞。 ,一种检测性别的软体组合分析(SCA) 工具。这种新的安全解决方案试图解决OSS復用所带来的安全问题。它使用高效的专有技术来密切分析安全漏洞并帮助企业保持合规性和安全性。

2022 年 9 月,Palo Alto Networks 发布了首款情境感知软体配置分析 (SCA) 工具,协助开发人员保护开放原始码软体元件的安全性。在 Prisma Cloud 中部署 SCA 进一步巩固了 Palo Alto Networks 作为云端原生安全产业领导者的地位。传统的 SCA 解决方案是独立的产品,可以发出许多警报,但缺乏运行时情境来帮助识别和解决问题。 SCA 使开发人员和安全团队能够发现影响 Prisma Cloud 平台应用程式生命週期的已知漏洞并确定其优先顺序。

其他好处

  • Excel 格式的市场预测 (ME) 表
  • 3 个月的分析师支持

目录

第一章简介

  • 研究假设和市场定义
  • 调查范围

第二章调查方法

第三章执行摘要

第四章市场洞察

  • 市场概况
  • 产业吸引力-波特五力分析
    • 买家/消费者的议价能力
    • 供应商的议价能力
    • 新进入者的威胁
    • 替代品的威胁
    • 竞争公司之间敌对关係的强度

第五章市场动态

  • 市场驱动因素
    • 商业和基于物联网的软体产品依赖开放原始码程式码
    • 开放原始码程式码中的严格监管以及不断增加的威胁和风险
  • 市场限制因素
    • 公司员工缺乏技术专长
    • DevOps 的流畅服务和敏捷性限制了成长
  • 产业价值链分析
  • 评估 COVID-19 对产业的影响

第六章 市场细分

  • 按成分
    • 解决方案
    • 按服务
  • 依部署方式
    • 本地
  • 按行业分类
    • 资讯科技/通讯
    • BFSI
    • 零售/电子商务
    • 政府机构
    • 其他行业(医疗、汽车)
  • 地区
    • 北美洲
    • 欧洲
    • 亚太地区
    • 拉丁美洲
    • 中东/非洲

第七章 竞争格局

  • 公司简介
    • Synopsys, Inc.
    • Sonatype Inc.
    • WhiteHat Security, Inc.
    • Veracode Inc.
    • WhiteSource Software Inc.
    • Flexera Inc.
    • Contrast Security, Inc.
    • NexB, Inc
    • Dahua Technology Co., Ltd.
    • SourceClear Inc.
    • Rogue Wave Software

第八章投资分析

第九章 市场机会及未来趋势

简介目录
Product Code: 71659

The Software Composition Analysis Market is expected to register a CAGR of 21.7% during the forecast period.

Software Composition Analysis - Market - IMG1

Key Highlights

  • With the increased use of open source codes, the number of open source vulnerabilities and threats is increasing, as is the acceptance of software composition analysis to successfully counter the risks. Open source software (OSS) has its advantages, such as simplicity of integration, a wide range of components, zero cost, and so on, as well as disadvantages, such as OSS license compliance risk, OSS security risk, OSS quality risk, and so on. These open-source vulnerabilities provide extraordinarily lucrative potential for hackers. According to Sonatype's sixth annual state of the software supply chain study, there has been a 430% increase in next-generation assaults that target open-source component vulnerabilities directly to infect software supply chains.
  • According to the Reserve Bank of India, PhonePe had a 46% share of universal payments interface (UPI) usage in India in the last fiscal year, followed by Google Pay with a 34% share. Leading fintech companies have been important drivers of UPI adoption in India. The study market could grow as a result of the widespread use of mobile payments.
  • SCA tools check package managers, manifest files, source code, binary files, container images, and other objects. The open source is assembled into a bill of materials (BOM), which is then compared against several databases, including the National Vulnerability Database. These databases contain information on known and prevalent security flaws. The National Vulnerability Database (NVD) is a vulnerability database maintained by the US government. Synopsys' internal vulnerability database, Black Duck KnowledgeBase, is the industry's most complete compilation of open-source project, licensing, and security information.
  • In the last few years, businesses have used online transactions more because of the pandemic.COVID-19 and the resulting constraints compelled people to conduct more business online. The necessity of digital transformation influenced firms' time to market. Businesses reduce the time it takes to bring things to market, whether in chains, pieces, or versions. On the other hand, these firms must exercise extreme caution to avoid leaking data or allowing room for vulnerabilities or exploits. For security reasons, every version of a product that is launched must go through the SCA procedure. Such a transition toward digitalization would have created opportunities for the previously researched market during the pandemic.
  • One of the most significant barriers to the adoption of software composition analysis is the scarcity of skilled workers. Due to a lack of training and skilled staff, each maintenance crew member devises their own methods for using the program. As a result, the database grows more complicated and disorganized. The organizations are unable to access the paid-for time-saving features. As a result, competent labor is one of the most significant issues in the software composition analysis industry.

Software Composition Analysis Market Trends

Cloud Segment is one of the Factor Driving the Market

  • Due to the growing acceptance of cloud-based software and solutions across industries, cloud deployment is seeing the fastest growth rate during the anticipated period. Due to the cost-efficiency of the deployment, small and medium-sized businesses (SMEs) are where adoption is most prevalent. The cloud deployment option makes it easy for multiple sites to work together without having to install software or keep up with extra hardware.
  • Cloud computing is expected to command a sizable market share and even accelerate growth. The cost and operational benefits offered by the deployment mode are expected to shift the trend away from the on-premise deployment model over the forecasted period. For instance, according to the study by NTT Ltd., over half of the respondents (52%) mentioned that the cloud would have the most transformational impact on their organization's business operations.
  • The cloud has proven itself economically and operationally by allowing organizations of all sizes to focus on their core competencies while transferring IT infrastructure, connectivity, and management responsibility to cloud providers who excel at developing and delivering these services. Further, the telecommunications industry is changing. This is due to rapidly expanding technology, increased demand, client base diversification, the need for current products and services at low rates, and the integration of several sectors, such as satellite and cable, with existing telecommunications. Thus, the implementation of enterprise-integrated software is anticipated to assist CSPs (cloud service providers) in managing and administering various systems and applications across multiple functions by enabling them to achieve logical business process integration across different independent application systems.
  • Further, Prisma Cloud has added Software Composition Analysis (SCA) to its cloud-native application protection platform to assist teams in obtaining code security that is as tightly linked as the apps they need to protect. This development builds on our industry-leading basic IaC security capabilities and makes possible the first context-aware SCA solution that can include the infrastructure context in application security.
  • Furthermore, public cloud spending is a significant line item in IT budgets. The increasing use of the public cloud is driving up cloud spending for organizations of all sizes. According to a survey conducted by Flexera, 37 percent of enterprises said their annual IT spend exceeded USD 12 million, and 80% reported that their cloud spending exceeds USD 1.2 million per year.

North America is Expected to Hold Major Share

  • North America is expected to dominate the market due to its early embrace of new technologies, growing use of digital banking systems, and rising cyber threats. In addition, the strict rules set by the government, the rise of online shopping, and the presence of major market players in the area are all helping the industry grow.
  • WhiteSource disclosed that it had acquired Diffend, an open-source malware security and threat detection tool. Differnd's commercial offerings will be free to use following the acquisition under the new brand WhiteSource Diffend.WhiteSource can now offer cutting-edge platforms to cut down on risk in the software supply chain.
  • Additionally, President Biden urged the public and private sectors to safeguard the US software supply chain by requesting vendors to show secure development standards utilizing a software bill of materials. The software components of goods sold to the government are transparent thanks to an SBOM, as are any possible dangers. Such practices are expected to drive the market.
  • In September last year, Veracode, a global provider of application security testing solutions, and Cybeats Technologies, Inc., a software supply chain risk and security technology provider, announced a collaborative relationship. The alliance will take advantage of complementary skills to guarantee that consumers obtain the best cybersecurity solutions. Customers can buy SBOM Studio, a software supply chain security solution from Cybeats, through Veracode Partners, and the two companies will look into doing business together.
  • In February last year, organizations increasingly required application security strategies that managed this risk as the hazards posed by open-source components became more prominent thanks to vulnerabilities making headlines like Log4 Shell. Invicti Security has released its software composition analysis product to help businesses monitor, scan, and secure the open-source parts of their applications.

Software Composition Analysis Industry Overview

The software composition analysis market is moderately competitive and consists of several major players. In terms of market share, a few of these players currently dominate the market. To stay ahead of the competition and expand their global reach, influential companies use mergers and acquisitions as well as product innovation.

In January 2023, Apona Security, a security solutions provider that helps enterprises and managed service providers (MSPs) manage data and improve security across their patented product suites, will launch Apona, a software composition analysis (SCA) tool that detects vulnerabilities in libraries and code, including code fragments. This new security solution tries to fix the security problems caused by OSS reuse. It does this by closely analyzing security holes with highly effective proprietary technologies and helping businesses stay compliant and safe.

In September 2022, Palo Alto Networks released the first context-aware software composition analysis (SCA) tool to help developers secure open-source software components. Palo Alto Networks' position as the industry leader in cloud-native security is reinforced by introducing SCA into Prisma Cloud. Traditional SCA solutions are stand-alone products that can create many alarms but lack the runtime context to aid in problem identification and resolution. SCA would let developers and security teams find and prioritize known vulnerabilities that affect the application lifecycle of the Prisma Cloud platform.

Additional Benefits:

  • The market estimate (ME) sheet in Excel format
  • 3 months of analyst support

TABLE OF CONTENTS

1 INTRODUCTION

  • 1.1 Study Assumptions and Market Definition
  • 1.2 Scope of the Study

2 RESEARCH METHODOLOGY

3 EXECUTIVE SUMMARY

4 MARKET INSIGHTS

  • 4.1 Market Overview
  • 4.2 Industry Attractiveness- Porter's Five Forces Analysis
    • 4.2.1 Bargaining Power of Buyers/Consumers
    • 4.2.2 Bargaining Power of Suppliers
    • 4.2.3 Threat of New Entrants
    • 4.2.4 Threat of Substitute Products
    • 4.2.5 Intensity of Competitive Rivalry

5 MARKET DYNAMICS

  • 5.1 Market Drivers
    • 5.1.1 Commercial and IoT-based Software Products' Dependence on Open-Source Codes
    • 5.1.2 Strict Laws & Regulations and Growing Levels of Threats and Risks in Open-Source Codes
  • 5.2 Market Restraints
    • 5.2.1 Shortage of Technical Expertise Amongst the Enterprise Workforce
    • 5.2.2 Smooth Services and Agility Due to Devops Repress the Growth
  • 5.3 Industry Value Chain Analysis
  • 5.4 Assessment of Impact of COVID-19 on the Industry

6 MARKET SEGMENTATION

  • 6.1 By Component
    • 6.1.1 Solution
    • 6.1.2 Services
  • 6.2 By Deployment Mode
    • 6.2.1 Cloud
    • 6.2.2 On-premises
  • 6.3 By Industry Vertical
    • 6.3.1 IT & Telecom
    • 6.3.2 BFSI
    • 6.3.3 Retail & E-Commerce
    • 6.3.4 Government
    • 6.3.5 Other Industry Verticals (Healthcare, Automotive)
  • 6.4 Geography
    • 6.4.1 North America
    • 6.4.2 Europe
    • 6.4.3 Asia-Pacific
    • 6.4.4 Latin America
    • 6.4.5 Middle East and Africa

7 COMPETITIVE LANDSCAPE

  • 7.1 Company Profiles
    • 7.1.1 Synopsys, Inc.
    • 7.1.2 Sonatype Inc.
    • 7.1.3 WhiteHat Security, Inc.
    • 7.1.4 Veracode Inc.
    • 7.1.5 WhiteSource Software Inc.
    • 7.1.6 Flexera Inc.
    • 7.1.7 Contrast Security, Inc.
    • 7.1.8 NexB, Inc
    • 7.1.9 Dahua Technology Co., Ltd.
    • 7.1.10 SourceClear Inc.
    • 7.1.11 Rogue Wave Software

8 INVESTMENT ANALYSIS

9 MARKET OPPORTUNITIES AND FUTURE TRENDS