自动化测试、软体成分分析和 SBOM 工具：AI 增强型分析已成为主流

人工智慧对软体开发的影响正在重塑工程组织设计、建构和维护程式码的方式。生成式人工智慧和 Copilot 等技术有效地加速了软体开发，但也引入了新的漏洞和专案风险。因此，对能够确保有效安全性和品质的自动化测试和分析工具的需求正在显着增长。软体成分分析 (SCA)、静态分析和动态测试解决方案作为关键的保障措施，使工程组织能够在不牺牲可靠性、安全性或合规性的前提下，安全地实现 AI 驱动的生产力提升。

对自动化测试工具的需求受多种因素驱动，供应商必须密切注意并了解所有这些因素。监管压力、不断发展的行业标准、不断变化的软体开发理念、人工智慧以及软体在安全关键功能中日益重要的作用，都在以不同的方式影响着软体验证和确认 (V&V) 市场，因此需要进行适应性产品设计和研发投资。

本报告深入分析了与自动化软体测试工具、安全测试工具和软体核心分析 (SCA) 工具市场相关的工具、趋势和策略考量。报告按工具类型（静态分析、动态/基于模型的测试、SCA）、地区（美洲、欧洲、中东和非洲地区、亚太地区）、企业/嵌入式用例以及各个垂直市场，对 2024 年至 2029 年的市场规模进行了预测。为了更好地支持推动长期成长的策略决策，本报告还包含了基于 VDC "工程师之声" 调查的最终用户洞察，以及包含供应商市场占有率的竞争格局分析。

本报告解答的关键问题

• 哪些因素正在推动对 AI 加速的软体测试和分析的需求？
• AI 程式码产生将如何改变软体开发，它又会带来哪些风险？
• 哪些垂直市场最具工具成长潜力？
• 主要的编码标准何时会改变？
• 工程组织如何根据人工智慧的使用调整其测试策略？
• 哪些程式语言正在发展壮大？ Rust 在嵌入式领域的实际采用率是多少？
• 近期收购案如何影响了测试和系统控制分析 (SCA) 工具的竞争格局？

本报告中提到的组织

• AdaCore
• ANSYS
• 电池创投公司
• 黑鸭软体
• 检查马克思
• 游标
• 深度程式码人工智慧
• DXC技术
• 茄子
• ESI集团
• 有限状态
• GitHub
• 亚搏体育app
• Google
• 拥抱脸
• IBM
• JFrog
• 是德科技
• LDRA
• MathWorks
• 修补
• 合併函式库
• 微软
• 英伟达
• 开启文字
• Parasoft
• 必然
• 门
• 品质检查系统
• Snyk
• Sonatype
• Tasking
• TrustInSoft
• Veracode
• Windsurf
• 其他

主要发现

• 预计到 2029 年，全球软体安全认证 (SCA) 和自动化软体安全测试工具市场规模将超过 49 亿美元。
• 受全球国防开支大幅成长和欧洲汽车产业成长放缓的推动，航空航太和国防领域已超越汽车产业，成为最大的垂直市场。
• 欧盟 "网路弹性法案" 的实施持续推动对 SCA 工具的需求，这些工具能够为工程团队提供软体物料清单 (SBOM) 的生成和管理功能。
• 随着 DevOps 不断变革软体开发，对平台交付和与其他工具深度整合的需求日益增长。
• 使用人工智慧产生程式码的组织对其测试工具的安全功能评价显着高于尚未考虑或整合人工智慧程式码产生的组织。
• 随着软体开发方法的演进，最终使用者的需求也不断变化，供应商满意度分数也随之波动。

报告摘录

目前在其专案中使用人工智慧程式码产生的工程师对静态分析工具的评估方式有所不同，他们更重视安全性和品质保证。由于人工智慧产生的程式码可能会引入新的、复杂的漏洞，因此使用人工智慧程式码产生的工程组织会优先考虑能够有效验证机器生成软体的工具。同时，未使用人工智慧程式码产生的工程组织与采用人工智慧的组织一样重视成本，但他们更注重易用性、语言支援以及与其他工具的整合程度。虽然这些数据反映了一种更传统的开发方式，即团队依赖内部程式码，工具链的自动化程度较低，但也显示软体开发组织对人工智慧产生的程式码持谨慎态度。此外，使用人工智慧程式码产生的组织非常重视供应商的品牌声誉。为了抵​​消采用人工智慧带来的风险，工程组织倾向于选择那些拥有交付高品质工具良好记录的成熟解决方案。 随着人工智慧的普及，专注于安全性的工具将变得更加重要。专门用于在开发週期早期识别人工智慧产生的漏洞和风险的静态分析工具将在预测期内获得更大的市场占有率。

目录

本报告内容

本报告解答哪些问题？

本报告的目标读者

本报告中提及的组织机构

摘要整理

• 主要发现

全球市场概览

• 静态分析工具
• 动态/基于模型的测试
• 以安全为中心的静态分析
• 软体成分分析
• 平台解决方案
• 併购
• 语言使用情况
• 软体测试的生成式人工智慧

区域趋势与预测

垂直市场市场趋势与预测

最终用户洞察

• 选择静态分析工具的最重要因素：基于程式码生成中人工智慧的应用
• 选择动态测试工具的最重要因素：基于程式码生成中人工智慧的应用
• 静态分析与动态测试工具的典型决策者
• 云端静态分析、动态测试和静态程式码分析的应用
• 静态分析供应商效能评估
• 动态/基于模型的测试供应商效能评估
• 静态程式码分析供应商效能评估

竞争格局

供应商和技术提供者简介

• AdaCore
• Black鸭子
• 检查马克思
• IBM
• 是德科技
• LDRA
• MathWorks
• 修补
• 开启文字
• Parasoft
• 必然
• 品质保证系统
• 斯尼克
• 索纳型
• TrustInSoft

关于作者

VDC 研究

Inside this Report

AI's impact on software development is reshaping how engineering organizations design, build, and maintain code. Generative AI and copilots effectively accelerate software development, but they also introduce novel sources of vulnerability and project risk. As a result, demand for automated testing and analysis tools with effective security and quality enforcement has grown significantly. Software composition analysis (SCA), static analysis, and dynamic testing solutions now function as critical guardrails that help engineering organizations safely access AI-enabled productivity gains without sacrificing reliability, safety, or standards compliance.

Several factors are shaping demand for automated test tools, all of which must be closely monitored and understood by tool vendors. Regulatory pressures, evolving industry standards, shifting software development philosophies, artificial intelligence, and software's growing role in safety-critical functions are all influencing the market for software verification and validation in different ways, necessitating adaptive product design and R&D investment.

This report includes an in-depth analysis of the tools, trends, and strategic considerations relevant to the market for both automated software and security testing tools as well as SCA tools. It includes market sizing and forecasts from 2024 to 2029 with segmentations by tool type (static analysis, dynamic and model-based testing, SCA), region (Americas, EMEA, APAC), enterprise versus embedded use, and individual vertical markets. To better inform strategic decisions that will yield long-term growth, this report also includes end-user insights from VDC's Voice of the Engineer survey and an analysis of the competitive landscape, which includes vendor market shares.

What Questions are Addressed?

• What factors are driving demand for AI-accelerated software testing and analysis?
• How has AI code generation changed software development and what risks does it introduce?
• Which vertical markets present the best opportunity for tool growth?
• When are changes to key coding standards taking place?
• Why are engineering organizations changing their testing strategies based on their AI usage?
• Which coding languages are growing and what is the true adoption rate of Rust in embedded?
• How have recent acquisitions shaped the competitive landscape for test and SCA tools?

Who Should Read this Report?

This report should be read by individuals making strategic decisions for marketing, product development, or competitive tactics. It is intended for senior decision makers who influence the development, sales, and use of test automation tools, including:

• CEO or other C-level executives
• Corporate development and M&A teams
• Marketing executives
• Business development and sales leaders
• Product development and product strategy leaders
• Channel management and channel strategy leaders

Organizations Listed in this Report

• AdaCore
• ANSYS
• Battery Ventures
• Black Duck Software
• Checkmarx
• Cursor
• DeepCode AI
• DXC Technology
• Eggplant
• ESI Group
• Finite State
• GitHub
• GitLab
• Google
• Hugging Face
• IBM
• JFrog
• Keysight
• LDRA
• MathWorks
• Mend
• MergeBase
• Microsoft
• NVIDIA
• OpenText
• Parasoft
• Perforce
• Phylum
• QA Systems
• Snyk
• Sonatype
• Tasking
• TrustInSoft
• Veracode
• Windsurf
• and others

Executive Summary

AI is transforming the software development lifecycle (SDLC) and the tools that developers need throughout it. Engineering organizations across vertical markets have adopted copilot-style coding assistants to automate coding tasks and help developers accelerate releases. Automated software development introduces risk, however. AI code generation engineers use several different codebases (most of which are open source), creating code fragments that may introduce license compliance or security risk. In response, demand for security-focused SCA and automated testing solutions is rising. Engineering organizations are actively counterbalancing AI-generated risk with security-oriented software testing, making software analysis and testing key components of the AI-augmented SDLC.

Test and SCA vendors have also capitalized on AI-powered productivity gains. Automatic triaging, hotspot analysis, test case generation, and remediation are points of parity in the enterprise/IT software tooling market. Embedded systems engineers have historically resisted heavy AI augmentations within testing tools. As solution vendors increasingly add predictable AI features and functionality, however, demand for AI-augmented solutions has grown across organization types. Tool vendors must continue to invest in AI features that accelerate the testing process, going beyond the shift left paradigm.

AI-enabled solutions that are deeply integrated with other tool types and platforms will lead the SCA and automated software testing market throughout the duration of the forecast. Leading vendors have made significant investments in creating solutions behind a single pane of glass that combines static analysis, dynamic test, and SCA. As a result, the market is ripe for consolidation and partnership. Single-solution vendors must seek strong technical partners in SBOM management and static analysis to fill emerging gaps in regulatory compliance and security. The SCA and test market has evolved rapidly over the past three years, necessitating aggressive R&D and partnership efforts from solution vendors as they hope to capture a larger piece of the expanding market.

Key Findings

• Global revenue for SCA and automated software and security testing tools will surpass $4.9B in 2029.
• Aerospace and defense passed automotive as the largest vertical market due to significant increases in defense spending across the globe and a slowdown in the European automotive industry.
• The EU Cyber Resilience Act enforcement will continue to drive demand for SCA tools that offer SBOM generation and management across engineering teams.
• Demand for platform offerings and deep integrations with other tool types is growing as DevOps continues to reshape software development.
• Organizations using AI-generated code place significantly higher value on security features in testing tools than organizations that have not yet considered or integrated AI code generation.
• Vendor satisfaction ratings continue to change as end-user needs evolve alongside software development practices.

Report Excerpt

Engineers who are currently using AI to generate code in their projects evaluate static analysis tools through a different lens than their counterparts, placing proportionally higher value on security and quality assurance. Since AI-generated code can introduce new and potentially complex vulnerabilities, engineering organizations using AI to generate code prioritize tools that can effectively vet machine-generated software. Conversely, engineering organizations not using AI code generation agree with their AI-accelerated peers about cost but favored ease of use, language support, and level of integration with other tools. This data reflects a more conventional development approach where teams rely on in-house code and use less automation across the toolchain, but it also demonstrates the caution toward AI-generated code across software development organizations. Furthermore, organizations using AI code generation valued vendor brand reputation significantly more. To counterbalance AI-introduced risk, engineering organizations prefer proven solutions from organizations with a history of delivering high quality tools.

As AI adoption increases, security-focused tooling will hold greater importance. Static analysis tools specially designed to identify AI-generated vulnerabilities or risks early in the development cycle will gain market share over the forecast period.

Table of Contents

Inside this Report

What Questions are Addressed?

Who Should Read this Report?

Organizations Mentioned in this Report

Executive Summary

• Key Findings

Global Market Overview

• Static Analysis Tools
• Dynamic/Model-based Testing
• Security-focused Static Analysis
• Software Composition Analysis
• Platform Solutions
• Mergers & Acquisitions
• Language Usage
• Generative AI for Software Testing

Regional Trends & Forecast

Vertical Market Trends & Forecast

End-User Insights

• Most Important Factors in Selection of Static Analysis Tool Segmented by Use of AI to Generate Code
• Most Important Factors in Selection of Dynamic Testing Tools Segmented by Use of AI to Generate Code
• Typical Decision Maker for Purchase of Static Analysis & Dynamic Test Tools
• Usage Rates of Static Analysis, Dynamic Test & SCA in the Cloud
• Static Analysis Vendor Performance Ratings
• Dynamic/Model-based Test Vendor Performance Ratings
• SCA Vendor Performance Ratings

Competitive Landscape

Vendor & Technology Provider Profiles

• AdaCore
• Black Duck
• Checkmarx
• IBM
• Keysight
• LDRA
• MathWorks
• Mend
• OpenText
• Parasoft
• Perforce
• QA Systems
• Snyk
• Sonatype
• TrustInSoft

About the

Authors About

VDC Research

List of Exhibits

• Exhibit 1 Global Software and Security Testing Tools Revenue Segmented by Market Type
• Exhibit 2 Global Static Analysis Tools Revenue Segmented by Market Type
• Exhibit 3 Global Dynamic and Model-Based Test Tools Revenue Segmented by Market Type
• Exhibit 4 Global Market for Security-focused Static Analysis Tools Segmented by Market
• Exhibit 5 Global Revenue of Software Composition Analysis Tools & Related Services Segmented by Market Type
• Exhibit 6 Current State of AI and Automation in the SCA Market
• Exhibit 7 Usage of C, Ada, and Rust Code
• Exhibit 8 Current AI/Automation Capabilities and Features of Leading Test Tool Vendors
• Exhibit 9 Americas Market for SCA and Testing Tools Segmented by Tool Type
• Exhibit 10 Europe, Middle East, and Africa Market for SCA and Testing Tools Segmented by Tool Type
• Exhibit 11 Asia-Pacific Market for SCA and Testing Tools Segmented by Tool Type
• Exhibit 12 Worldwide Shipments of Software and Security Testing Tools Segmented by Customer Type
• Exhibit 13 IoT/Embedded Static Analysis Tools Market Segmented by Vertical
• Exhibit 14 IoT/Embedded Dynamic and Model-Based Testing Tools Market Segmented by Vertical
• Exhibit 15 IoT/Embedded SCA Tools Segmented by Vertical
• Exhibit 16 IoT/Embedded Static Analysis Tools, 2024 Market Share
• Exhibit 17 Enterprise/IT Static Analysis Tools, 2024 Market Share
• Exhibit 18 IoT/Embedded Dynamic and Model-based Testing Tools, 2024 Market Share
• Exhibit 19 Enterprise/IT Dynamic and Model-based Testing Tools, 2024 Market Share
• Exhibit 20 IoT/Embedded SCA Tools, 2024 Market Share
• Exhibit 21 Enterprise/IT SCA Tools, 2024 Market Share
• Exhibit 22 Most Important Factors in Selection of Static Analysis Tool Segmented by AI-generated Code Usage
• Exhibit 23 Most Important Factors in Selection of Dynamic Testing Tools Segmented by AI-generated Code Usage
• Exhibit 24 Most Important Factors in Selection of SCA Tool Segmented by AI-generated Code Usage
• Exhibit 25 Typical Decision Maker for Purchase of Static Analysis and Dynamic Test Tools
• Exhibit 26 Usage Rates of Static Analysis, Dynamic Test, and SCA in the Cloud
• Exhibit 27 Static Analysis Vendor Performance Ratings
• Exhibit 28 Dynamic/Model-based Test Vendor Performance Ratings
• Exhibit 29 SCA Vendor Performance Ratings

IoT & Embedded Engineering Survey

• Exhibit 244 Types of Tools Used in Current/Most Recently Completed Project
• Exhibit 254 Types of Static Analysis or SAST Being Used on Current Project
• Exhibit 305 Perceived Investment Value of Dynamic Analysis or DAST Product Used
• Exhibit 309 Perceived Difficulty to Learn the Use of Dynamic Analysis or DAST Product
• Exhibit 340 Perceived Investment Value of Software Composition Analysis or IP Compliance Tool Used
• Exhibit 341 Perceived Impact on the Quality of the End Product Being Engineered from SCA or IP Compliance Tool Used
• Exhibit 343 Perceived Likeliness to Use the Same Brand of SCA or IP Compliance Tool For the Next Project of Similar Type
• Exhibit 385 Consideration/Use of AI-generated Software/Code (e.g., Use of Copilot and/or Prompt-based Code Creation)
• Exhibit 386 Expected Changes in Use of AI-generated Software in the Next Three years
• Exhibit 387 Amount of Trust in AI-generated Software Code (Functionality, Security, IP, etc.)
• Exhibit 388 Current Concerns About AI-generated Software Code
• Exhibit 405 IoT Cloud Platforms-as-a-Service (PaaS) Being Used on Current or Most Recent Project