Recognized for Completeness of Vision and Ability to Execute
BURLINGTON, Mass., June 22, 2026 /PRNewswire/ — Black Duck®, the leader in AI-powered application security, today announced it has been recognized as a Leader in the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security1. In the report, Gartner evaluated 18 vendors based on Completeness of Vision and Ability to Execute.
According to the authors of the report, “Software powers most critical infrastructure today. Therefore, a lack of understanding of who built the software, how it was built and what its ingredients are poses a danger not only to businesses but also to society at large. Software engineering teams can use SSCS tools to automate the enforcement of security and compliance policies and meet regulatory and government mandates.”1
“Software supply chain security is now a board-level priority, driven by regulations like the EU Cyber Resilience Act and the transformative impact of AI on software development and vulnerability discovery,” said Greg Hughes, CEO of Black Duck. “These forces are rapidly expanding the scale and complexity of risk. At Black Duck, we are embedding AI across our platform, combined with decades of domain expertise and deep contextual intelligence, to deliver the visibility and automation organizations need to stay ahead of attackers. We believe our recognition as a Leader reflects both our execution today and our vision for securing software at scale.”
Over the past year, Black Duck has introduced several innovations to address rapidly evolving software supply chain risks:
AI Model Risk Insights: Detects embedded open source and hybrid AI models using signature-based analysis, expanding control over AI license and reputational risks, simplifying governance, and establishing the foundations for AI-BOM and policy workflows.
Risk-Based Vulnerability Prioritization: Expands exploitability and reachability analysis across source code, binaries, and containers, helping teams focus on vulnerabilities that are truly exploitable and reduce remediation noise.
AI-Driven Dependency Remediation: Uses LLMs and curated security intelligence to generate minimal patches for vulnerable dependencies, including cases with no upstream fix, accelerating remediation without disrupting application stability.
SBOM & Vulnerability Disclosure Maturity: Enhances SBOM lifecycle management with richer vulnerability data, expanded VEX export (CSAF 2.0), and improved workflows, reinforcing Black Duck as a system of record for SBOM governance and regulatory alignment (e.g., EU CRA).
Expanded Support for Hardened Container Images: Identifies hardened container images (e.g., Chainguard, Docker, Minimus) and ingests supplier-provided VEX data to reduce false positives, reduce manual triage effort, and improve confidence in upstream security posture.
Download the 2026 Gartner Magic Quadrant for Software Supply Chain Security and read our blog post to learn more.
1.Gartner, Magic Quadrant for Software Supply Chain Security, Aaron Lord, Johnny Walters, Jason Gross, 17 June, 2026.
Disclaimer: Gartner and Magic Quadrant are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.
About Black Duck
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence. Learn more at www.blackduck.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/black-duck-named-a-leader-in-the-inaugural-2026-gartner-magic-quadrant-for-software-supply-chain-security-302806514.html
SOURCE Black Duck Software
