Software Supply Chain Security Market Analysis: GigaOm Radar Report

Software Supply Chain Security Market Analysis: GigaOm Radar Report 

In October 2025, the analytical company GigaOm released an updated Radar report for the Software Supply Chain Security (SSCS) segment. The study emphasizes that against the backdrop of complex 2025 attacks, such as the introduction of backdoors into the XZ Utils library, supply chain protection solutions have become critical to any organization's cybersecurity strategy.

Analysis Methodology and Evaluation Criteria

The report is based on an assessment of 25 leading solutions across a range of technical and business parameters. GigaOm uses a matrix that categorizes vendors along the axes of "Maturity vs. Innovation" and "Feature Play vs. Platform Play."

Functionality Evaluation Criteria

To form the rating, analysts used three levels of characteristics:

• Table Stakes: Capabilities possessed by all report participants, including Software Composition Analysis (SCA), SBOM generation, CI/CD integration, and policy management.
• Key Features: Parameters that differentiate solutions, such as IaC and container scanning, code risk scoring, automated testing (SAST, DAST, IAST), and open-source management.
• Emerging Features: Functions that will define the market in the next 12-18 months, specifically AI-driven remediation, software exposure analysis, and artifact integrity.

Business Criteria

In addition to technical features, scalability for the Enterprise segment, deployment flexibility, pricing transparency, and the maturity of the integration ecosystem were considered.

Detailed Overview of Softprom Portfolio Vendors

Vendors represented by Softprom consistently hold positions in the leader and challenger quadrants, focusing on the creation of comprehensive platforms.

Veracode: Application Risk Management Platform

Veracode is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant.

Strengths:

• The platform provides a full range of testing: SAST, DAST, and IAST, allowing for vulnerability detection at early stages and in real-time.
• The solution includes advanced risk scoring tools, cross-risk analytics, and audited threat remediation workflows.
• Veracode Container Security integrates multiple scanners to detect secrets and configuration errors.
• In January 2025, the company acquired Phylum to strengthen protection against malicious code in open-source libraries.

Specifics: The solution is provided exclusively via the SaaS model, ensuring rapid scaling for large enterprises.

GitLab: GitLab Ultimate

GitLab is identified as a Challenger and Outperformer in the Maturity/Platform Play quadrant.

Strengths:

• Offers a single platform for the entire DevSecOps lifecycle, ensuring the integrity of development and security processes.
• Outperformer status was achieved through deep integration of AI capabilities (GitLab Duo), including automated test generation, vulnerability explanation, and root cause analysis.
• Powerful dependency management with automated updates and detailed reporting.

Specifics: The availability of various deployment models (SaaS, Self-managed, Dedicated) allows it to meet the needs of companies with strict data isolation requirements.

Analyst Conclusions

The SSCS market in 2025–2026 is characterized by a shift from individual scanners to Posture-driven platforms. Vendors Veracode and GitLab align with the main trend—integrating security directly into development tools, ensuring protection at every stage of the SDLC.