There are a number of industry analyst reports on application security.  Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market.  For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, and the Gigoam Radar focuses on Kubernetes and DevSecOps tools.  All of these provide useful insights and research, but how do you find what is relevant to you across these various reports?

While most look for the pretty graphs ranking each of the vendors, there are valuable insights that can be used to help educate security buyers and influencers.  Each of these reports share common components, including:

  • Market Trends – What are the current trends for the market segment?  Are solutions shifting left or right?  How are solutions being integrated?  What’s the impact of cloud?
  • Customer Challenges – What problems are customers trying to solve?  Are they migrating legacy applications to the cloud?  Are they building cloud native applications?  Are they just maintain legacy applications?
  • Critical Capabilities – What are the key criteria used to evaluate each vendor in each market segment?

We recently interviewed Taylor McCaslin, Senior Product Manager at GitLab, on Application Security Weekly to discuss how to interpret these analyst reports.  Taylor describes how to use the three common report components above to identify the right solutions for your organization.  By aligning your specific challenges to the current trends, you can identify which capabilities are most important to you, thus allowing you to evaluate the right vendors.

To learn how to analyze application security vendors or how GitLab can solve your challenges, watch the interview on Application Security Weekly here or visit for more information.