Automated Testing, Software Composition Analysis & SBOM Tools: AI-Augmented Analysis Takes Hold

Inside this Report

AI's impact on software development is reshaping how engineering organizations design, build, and maintain code. Generative AI and copilots effectively accelerate software development, but they also introduce novel sources of vulnerability and project risk. As a result, demand for automated testing and analysis tools with effective security and quality enforcement has grown significantly. Software composition analysis (SCA), static analysis, and dynamic testing solutions now function as critical guardrails that help engineering organizations safely access AI-enabled productivity gains without sacrificing reliability, safety, or standards compliance.

Several factors are shaping demand for automated test tools, all of which must be closely monitored and understood by tool vendors. Regulatory pressures, evolving industry standards, shifting software development philosophies, artificial intelligence, and software's growing role in safety-critical functions are all influencing the market for software verification and validation in different ways, necessitating adaptive product design and R&D investment.

This report includes an in-depth analysis of the tools, trends, and strategic considerations relevant to the market for both automated software and security testing tools as well as SCA tools. It includes market sizing and forecasts from 2024 to 2029 with segmentations by tool type (static analysis, dynamic and model-based testing, SCA), region (Americas, EMEA, APAC), enterprise versus embedded use, and individual vertical markets. To better inform strategic decisions that will yield long-term growth, this report also includes end-user insights from VDC's Voice of the Engineer survey and an analysis of the competitive landscape, which includes vendor market shares.

What Questions are Addressed?

• What factors are driving demand for AI-accelerated software testing and analysis?
• How has AI code generation changed software development and what risks does it introduce?
• Which vertical markets present the best opportunity for tool growth?
• When are changes to key coding standards taking place?
• Why are engineering organizations changing their testing strategies based on their AI usage?
• Which coding languages are growing and what is the true adoption rate of Rust in embedded?
• How have recent acquisitions shaped the competitive landscape for test and SCA tools?

Who Should Read this Report?

This report should be read by individuals making strategic decisions for marketing, product development, or competitive tactics. It is intended for senior decision makers who influence the development, sales, and use of test automation tools, including:

• CEO or other C-level executives
• Corporate development and M&A teams
• Marketing executives
• Business development and sales leaders
• Product development and product strategy leaders
• Channel management and channel strategy leaders

Organizations Listed in this Report

• AdaCore
• ANSYS
• Battery Ventures
• Black Duck Software
• Checkmarx
• Cursor
• DeepCode AI
• DXC Technology
• Eggplant
• ESI Group
• Finite State
• GitHub
• GitLab
• Google
• Hugging Face
• IBM
• JFrog
• Keysight
• LDRA
• MathWorks
• Mend
• MergeBase
• Microsoft
• NVIDIA
• OpenText
• Parasoft
• Perforce
• Phylum
• QA Systems
• Snyk
• Sonatype
• Tasking
• TrustInSoft
• Veracode
• Windsurf
• and others

Executive Summary

AI is transforming the software development lifecycle (SDLC) and the tools that developers need throughout it. Engineering organizations across vertical markets have adopted copilot-style coding assistants to automate coding tasks and help developers accelerate releases. Automated software development introduces risk, however. AI code generation engineers use several different codebases (most of which are open source), creating code fragments that may introduce license compliance or security risk. In response, demand for security-focused SCA and automated testing solutions is rising. Engineering organizations are actively counterbalancing AI-generated risk with security-oriented software testing, making software analysis and testing key components of the AI-augmented SDLC.

Test and SCA vendors have also capitalized on AI-powered productivity gains. Automatic triaging, hotspot analysis, test case generation, and remediation are points of parity in the enterprise/IT software tooling market. Embedded systems engineers have historically resisted heavy AI augmentations within testing tools. As solution vendors increasingly add predictable AI features and functionality, however, demand for AI-augmented solutions has grown across organization types. Tool vendors must continue to invest in AI features that accelerate the testing process, going beyond the shift left paradigm.

AI-enabled solutions that are deeply integrated with other tool types and platforms will lead the SCA and automated software testing market throughout the duration of the forecast. Leading vendors have made significant investments in creating solutions behind a single pane of glass that combines static analysis, dynamic test, and SCA. As a result, the market is ripe for consolidation and partnership. Single-solution vendors must seek strong technical partners in SBOM management and static analysis to fill emerging gaps in regulatory compliance and security. The SCA and test market has evolved rapidly over the past three years, necessitating aggressive R&D and partnership efforts from solution vendors as they hope to capture a larger piece of the expanding market.

Key Findings

• Global revenue for SCA and automated software and security testing tools will surpass $4.9B in 2029.
• Aerospace and defense passed automotive as the largest vertical market due to significant increases in defense spending across the globe and a slowdown in the European automotive industry.
• The EU Cyber Resilience Act enforcement will continue to drive demand for SCA tools that offer SBOM generation and management across engineering teams.
• Demand for platform offerings and deep integrations with other tool types is growing as DevOps continues to reshape software development.
• Organizations using AI-generated code place significantly higher value on security features in testing tools than organizations that have not yet considered or integrated AI code generation.
• Vendor satisfaction ratings continue to change as end-user needs evolve alongside software development practices.

Report Excerpt

Engineers who are currently using AI to generate code in their projects evaluate static analysis tools through a different lens than their counterparts, placing proportionally higher value on security and quality assurance. Since AI-generated code can introduce new and potentially complex vulnerabilities, engineering organizations using AI to generate code prioritize tools that can effectively vet machine-generated software. Conversely, engineering organizations not using AI code generation agree with their AI-accelerated peers about cost but favored ease of use, language support, and level of integration with other tools. This data reflects a more conventional development approach where teams rely on in-house code and use less automation across the toolchain, but it also demonstrates the caution toward AI-generated code across software development organizations. Furthermore, organizations using AI code generation valued vendor brand reputation significantly more. To counterbalance AI-introduced risk, engineering organizations prefer proven solutions from organizations with a history of delivering high quality tools.

As AI adoption increases, security-focused tooling will hold greater importance. Static analysis tools specially designed to identify AI-generated vulnerabilities or risks early in the development cycle will gain market share over the forecast period.