Back
Cookies Notice
This site uses cookies to deliver services and to analyze traffic.
Apiiro Blog
﹥ Gartner® Publishes First-Ever Market Guide for…
Research
Gartner® Publishes First-Ever Market Guide for Software Supply Chain Security—Here’s Why ASPM is Included
Timothy Jung
Marketing
Published April 25 2025 ·
2 min. read
In a major milestone for the AppSec industry, Gartner® has released its first-ever Market Guide for Software Supply Chain Security (SSCS).
This inaugural report defines the SSCS market, outlines core capabilities buyers should prioritize, and names representative vendors across key adjacent categories, including Apiiro as a recognized ASPM vendor with SSCS capabilities.
The release of this guide is a signal that software supply chain security has evolved from a niche concern to a foundational component of modern software development.
Why This Report Matters
Software today isn’t just what developers write. It’s an ecosystem of open source libraries, third-party services, CI/CD pipelines, AI models, and developer actions.
Each of these introduces potential risk, and attackers are actively exploiting the gaps between them.
According to Gartner, software engineering teams are taking on greater responsibility for supply chain security as part of shift-left initiatives. Along with that effort, they are adopting SSCS tools at a rapid pace:
“By 2028, 85% of software engineering teams in large enterprises will have deployed software supply chain security tools—up from 60% in 2025.”
— 2025 Gartner® Market Guide for SSCS
Security, platform, and engineering teams must now work together to secure not just the code, but everything surrounding it without slowing down innovation. SSCS tools help.
Gartner’s Definition of SSCS—and What Tools Must Do
Gartner defines SSCS tools as those that protect software from compromises during development and delivery. This includes internal components like source code, pipelines, and developer identities, as well as external ones like open-source libraries, vendors, and APIs.
To be effective, SSCS tools must support three key outcomes across the SDLC:
- Improve visibility into all software artifacts, identities, and dependencies
- Protect software integrity through signing, verification, and provenance tracking
- Enhance security posture by automating policy enforcement and detecting misconfigurations
These are not lightweight checkboxes. They require deep context, cross-functional coordination, and real-time adaptability.
Apiiro: A Recognized ASPM Vendor with SSCS Capabilities
Apiiro is proud to be named in this inaugural report as a representative ASPM vendor with software supply chain security capabilities, one of only nine vendors in this category.
Our platform delivers on the core SSCS capabilities Gartner outlines, including:
- Live visibility into code, APIs, components, and developer actions
- Artifact integrity and provenance, enabled by Deep Code Analysis and change attribution
- Policy enforcement across pipelines, SBOMs, and developer workflows
- OSS risk context, including reachability, exploitability, and upgrade impact
- AI usage detection and control, including LLM and model provenance scanning
These capabilities are deeply embedded in how Apiiro helps teams manage application and supply chain risk in real time.
What’s in the Report
The 2025 Market Guide is packed with value for AppSec, platform, and engineering leaders, including:
- A formal definition of SSCS and how it complements ASPM, CNAPP, and SCA
- The mandatory and optional capabilities organizations should evaluate
- A vendor landscape spanning ASPM, DevOps, cloud security, and more
- Market trends including AI adoption, SBOM mandates, and regulatory pressures
- A use-case-driven framework to evaluate solution fit across your SDLC
Overall, the guide serves as a roadmap for maturing your approach to software supply chain security.
The Bottom Line
Gartner’s first Market Guide for SSCS is a signal that the industry is evolving quickly.
Securing your software means securing everything it touches: from the first commit to the final artifact, across every tool, identity, and dependency in the chain.
Download your complimentary copy of the 2025 Gartner® Market Guide for Software Supply Chain Security and see why Apiiro is trusted by global enterprises to reduce risk across the SDLC.