Magic Quadrant™ for Application Security Testing, 2023 Gartner® report
 
We’re proud to announce that Mend.io has been recognized as a Visionary in the 2023 Gartner Magic Quadrant for Application Security Testing (authors Mark Horvath, Dale Gardner, Manjunath Bhat, Angela Zhao, Ravisha Chugh); (May 17, 2023).
According to Gartner, “Magic Quadrant reports are a culmination of rigorous, fact-based research in specific markets, providing a wide-angle view of the relative positions of the providers in markets where growth is high and provider differentiation is distinct.”
A Gartner Magic Quadrant is a culmination of research in a specific market, giving you a wide-angle view of the relative positions of the market’s competitors. By applying a graphical treatment and a uniform set of evaluation criteria, a Magic Quadrant helps you quickly ascertain how well technology providers are executing their stated visions and how well they are performing against Gartner’s market view.
Appsec Trends
Gartner’s 2023 AST Magic Quadrant highlights a broadening in both scope and capability. As applications continue shifting to cloud-native architectures and DevSecOps models, AST tools are adapting. In addition to the core SAST, DAST, IAST, and SCA testing approaches, Gartner points to new requirements such as API testing, infrastructure as code validation, container scanning, and application security posture management (ASPM), which brings findings together across the software development lifecycle and prioritizes them for more strategic remediation.
The software supply chain has also become a central focus. AST solutions are now expected to go beyond identifying vulnerabilities in code to address risks from dependencies, supply chain compromises, and open-source components. Gartner emphasizes that modern AST must integrate directly into developer workflows, supporting automated and continuous testing while keeping development speed intact.
The Mend.io difference: Providing true confidence in risk reduction
Our goal is to enable our customers to deliver secure applications and meaningful risk reduction to the enterprise. To do that, we believe that application security must be as unobtrusive as possible. Pushing developers to focus on security has proven to be a losing battle. Instead, we use automation to build trust and reduce risk by automating the prioritization of cloud-native application risk and its mitigation across the entire software supply chain. We believe this is the most impactful way to reduce the attack surface and deliver a secure application.
Mend.io is focused on building a new AppSec reality by 2027, where applications arrive into production free of meaningful security risk — and stay that way — without requiring manual labor or effort from engineering teams. Here’s our strategy:
#1 Automation
Mend.io is focused on providing complete automated remediation workflows for both open source and custom code, conveniently shown to the developer in their normal work environment (the source code repository). This includes high-value Merge Confidence data sourced from the real-world experience of millions of Mend Renovate users, allowing developers to avoid adding unexpected functional risk.
#2 Protection
We deliver 360-degree protection for malicious packages — blocking them before they can be download and identifying them within existing code bases — powered by the world’s fastest and most accurate malicious package detection engine, which achieved a 100 percent detection rate on Rubygems and a 99.8 percent detection rate on npm over the past two years.
#3 Trust
Building trust with developers and security teams through Renovate, our crowd-sourced data platform with more than one billion downloads to date. Our automated recommendations to upgrade versions and fix security flaws can be deployed without manual interaction, within native development workflows, and will not break code. We have hundreds of enterprise customers today relying on our automated fix suggestions. We will continue to leverage our expertise and telemetry on vulnerable methods within both our SCA and SAST cloud platform to extend into custom code and provide remediation advice via “auto-correct” for common secure coding mistakes.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
