Acknowledged for Completeness of Imaginative and prescient and Skill to Execute
BURLINGTON, Mass., June 22, 2026 /PRNewswire/ — Black Duck®, the chief in AI-powered software safety, immediately introduced it has been acknowledged as a Chief within the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security1. Within the report, Gartner evaluated 18 distributors primarily based on Completeness of Imaginative and prescient and Skill to Execute.
In response to the authors of the report, “Software program powers most important infrastructure immediately. Subsequently, a lack of expertise of who constructed the software program, the way it was constructed and what its substances are poses a hazard not solely to companies but additionally to society at massive. Software program engineering groups can use SSCS instruments to automate the enforcement of safety and compliance insurance policies and meet regulatory and authorities mandates.”1
“Software program provide chain safety is now a board-level precedence, pushed by rules just like the EU Cyber Resilience Act and the transformative affect of AI on software program growth and vulnerability discovery,” mentioned Greg Hughes, CEO of Black Duck. “These forces are quickly increasing the size and complexity of danger. At Black Duck, we’re embedding AI throughout our platform, mixed with many years of area experience and deep contextual intelligence, to ship the visibility and automation organizations want to remain forward of attackers. We consider our recognition as a Chief displays each our execution immediately and our imaginative and prescient for securing software program at scale.”
Over the previous 12 months, Black Duck has launched a number of improvements to handle quickly evolving software program provide chain dangers:
AI Mannequin Danger Insights: Detects embedded open supply and hybrid AI fashions utilizing signature-based evaluation, increasing management over AI license and reputational dangers, simplifying governance, and establishing the foundations for AI-BOM and coverage workflows.
Danger-Based mostly Vulnerability Prioritization: Expands exploitability and reachability evaluation throughout supply code, binaries, and containers, serving to groups deal with vulnerabilities which can be really exploitable and scale back remediation noise.
AI-Pushed Dependency Remediation: Makes use of LLMs and curated safety intelligence to generate minimal patches for weak dependencies, together with circumstances with no upstream repair, accelerating remediation with out disrupting software stability.
SBOM & Vulnerability Disclosure Maturity: Enhances SBOM lifecycle administration with richer vulnerability information, expanded VEX export (CSAF 2.0), and improved workflows, reinforcing Black Duck as a system of report for SBOM governance and regulatory alignment (e.g., EU CRA).
Expanded Assist for Hardened Container Photographs: Identifies hardened container photographs (e.g., Chainguard, Docker, Minimus) and ingests supplier-provided VEX information to scale back false positives, scale back handbook triage effort, and enhance confidence in upstream safety posture.
Obtain the 2026 Gartner Magic Quadrant for Software Supply Chain Security and browse our blog post to study extra.
1.Gartner, Magic Quadrant for Software program Provide Chain Safety, Aaron Lord, Johnny Walters, Jason Gross, 17 June, 2026.
Disclaimer: Gartner and Magic Quadrant are emblems of Gartner, Inc. and/or its associates. Gartner doesn’t endorse any firm, vendor, services or products depicted in its publications, and doesn’t advise expertise customers to pick out solely these distributors with the best scores or different designation. Gartner publications encompass the opinions of Gartner’s enterprise and expertise insights group and shouldn’t be construed as statements of truth. Gartner disclaims all warranties, expressed or implied, with respect to this publication, together with any warranties of merchantability or health for a specific function.
About Black Duck
Black Duck® meets the board-level dangers of recent software program with True Scale Software Safety, guaranteeing uncompromised belief in software program for the regulated, AI-powered world. Solely Black Duck options free organizations from tradeoffs between velocity, accuracy, and compliance at scale whereas eliminating safety, regulatory, and licensing dangers. Whether or not within the cloud or on premises, Black Duck is the one selection for securing mission-critical software program in all places code occurs. With Black Duck, safety leaders could make smarter choices and unleash enterprise innovation with confidence. Study extra at www.blackduck.com.
SOURCE Black Duck Software program
