Industry Analyst Research

Driving thought leadership - proposing a new category

At GitLab, we believe we can help drive the industry forward with our insight and knowledge. Our ambition is to challenge conventional thinking and help define a new category covering the end to end software development lifecycle. (the complete DevOps lifecycle toolchain).

The complete DevOps toolchain:

What it is

We are on the forefront of the emergence of a new category addresses at the entire DevOps toolchain that includes everything from planning to monitoring, including analytics and security. At GitLab, we are exploring what to call this new category. Ideas include:

• All-in-One DevOps
• DevOps Toolchain
• Complete DevOps
• etc.

There are several companies we believe could be included in this space such as:

• GitLab
• Microsoft Azure DevOps
• Atlassian
• CodeStar

Why this is the right thing to do

• Toolchain Crisis The main point is that there is an enormous management and developer overhead maintaining tool integrations. While some teams want best of breed tools, they often pay for the overhead of keeping it all running. Having one tool greatly simplifies and streamlines what it takes to manage the software delivery process. It's easier to onboard new developers, easier to respond audits and compliance, and it means that developers can focus on building new features, not maintaining a toolcahin.
• Developer productivity This second argument looks at the average amount of work involved for a developer in having to work with and train with multiple tools.
• Data Value Stream This third argument discusses the value to the organization of the data being connected and what it can tell the organization.

GitLab evaluated in recent reports

Here are links to recent analyst reports where GitLab the company and/or the product has been covered or evaluated. GitLab may have rights to distribute these reports. If we have rights, you can click the link which will direct you to a page where you may download the report. Otherwise, it will direct you to the analyst page to download the report from them.

Forrester reports mentioning GitLab

• Now Tech: Static Application Security Testing, Q3 2020, August 6, 2020
• The Forrester Wave™: Value Stream Management Solutions, Q3 2020, July 15, 2020
• The State Of Remote Work, 2020, July 6, 2020
• Now Tech: Zero Trust Solution Providers, Q2 2020, Updated May 27, 2020
• Now Tech: Value Stream Management Tools, Q2 2020, April 29, 2020
• Now Tech: Continuous Delivery And Release Automation, Q2 2020, April 9, 2020
• It's Go Time For Application And Infrastructure Dependency Mapping (AIDM), February 7, 2020
• Predictions 2020: Automation, October 30, 2019
• The Forrester Tech Tide: Continuous Software Delivery, Q4 2019, October 30, 2019
• The Forrester Wave: Cloud-Native Continuous Integration Tools, Q3 2019, September 20, 2019
• Now Tech: Continuous Integration Tools, Q3 2019, September 16, 2019
• Now Tech: Strategic Portfolio Management For Agile Organizations, Q3 2019, August 23, 2019
• Update Your I&O Operating Model With Product Team Principles, August 20, 2019
• The 12 Must-Dos For Achieving Continuous Software Testing, August 14, 2019
• Digital Bonding: Expand Your API Strategy Beyond REST APIs, July 25, 2019
• Cloud CI Tools Mature To Meet Enterprise Challenges, June 26, 2019
• Master The Gamut Of Software Development Automation, June 24, 2019
• The Forrester Wave™: Software Composition Analysis, Q2 2019, April 8, 2019
• Now Tech: Software Composition Analysis, Q1 2019, January 24, 2019

Areas for expanded coverage

Analyst reports such as Magic Quadrants and Waves demonstrate leadership in industry segments. GitLab is proud to appear in those reports and work to provide our customers the best experience possible. As GitLab grows and our product capabilities expand, we are engaging with more analysts in more companies, on a wider array of topics. The following is a list of topics and analyst companies that demonstrate areas where GitLab means to excel. We are watching these reports with an eye to appear in each of them where GitLab has a strong offering for the space. We will engage analysts in this space both to learn more and to keep them abreast of where we are and where we are headed.

Forrester

New Wave: ChatOps, Q2, 2019

ChatOps, the extension of a messaging platform to enable collaboration and decision making within one virtual environment, merges human conversation with automation through custom configurations, integrations, and operational bots. ChatOps includes communication and triggering of operational actions via chat, reducing cognitive overhead of tool switching to identify and resolve problems faster with complete auditability.

• Last report: N/A new report

• Leaders: not published yet

• Link to 2017 Tech Tide: Continuous Deployment Technologies

• Inclusion Criteria: Little information on this yet.

• Stage: Configure

Wave: Cloud-Hosted Continuous Integration Tools Providers, Q3 2019

Little information on this yet.

• Last report: new report

• Leaders: not published yet

• Inclusion Criteria: Little information on this yet.

• Stage: Verify

Wave: Cloud-Hosted Development Tools, Q3 2019

There is no description, but in past research Chris has looked at what the Cloud vendors are doing, as well as the classic DevOps tools vendors in this space.

• Last report: new report

• Leaders: not published yet

• Inclusion Criteria: According to Forrester, DevOps connects the software product development cycle all the way through to the operational cycle.

• Stage: Verify, Configure

Wave: Cognitive Operations - Intelligent Application and Service Monitoring, Q1, 2019

Machine learning makes IT Ops predictive and eliminates the need for a data scientist. It also makes prediction a priority.

• Last report: new report

• Inclusion Criteria: (from Vendor Landscape) Forrester breaks out cognitive operations into four categories: reduce the effort of owners of performance and availability, react and resolve problems faster, prevent problems before they affect the customer, and give meaning relative to the business impact.

• Stage: Monitor

Wave: Collaborative Work Management Tools for the Enterprise, Q4 2018

According to Forrester, Companies don’t have a single vendor solution to support an operational system of record. However, CWM’s flexible use cases and consumer-grade usability create common workspaces that act as an execution-level system of record.

• Last report: October, 2018

• Leaders: Smartsheet, Asana, Wrike

• Inclusion Criteria: Annual collaborative work management tool revenue of at least $30 million. Five or more implementation and integration partners. Global presence - data centers in two separate regions, and sales and support in three or more countries.

• Stage: Plan, Create

Wave: Configuration Management Software for Infrastructure Automation, Q4 2018

Think of the overarching space as three separate but interweaving domains: service, software, and element. The ‘service’ domain is platform-independent and integrative, and it overlaps with enterprise architecture at the upper end. The ‘software’ domain consists of design, build, and deployment technologies. It’s more platform-aware and can span multiple platforms, such as on-premises and cloud. The ‘element’ domain is where operations typically occur. It’s platform-bound, can be imperative- or declarative-focused, and is often supplied by a vendor or third party. The element domain is where the provisioning and control subdomains live. Within these subdomains are the tools to discover, provision, and control configuration elements. These latter subdomains form the basis for this Forrester Wave.

• Last report: November, 2018

• Leaders: Puppet Enterprise, Chef Automate

• Inclusion Criteria: Evaluated solutions had to be generally available on or before July 1, 2018. Vendor had established self as key configuration management vendor. Supplied links to product feature documentation. Demonstrated ability to support configuration management such as deployment, configuration, modeling, monitoring and governance, and community support.

• Stage: Configure

Wave: Container Platform on Public Cloud, Q2, 2019

You can use enterprise container platforms (ECPs) to speed, simplify, and automate container development and deployment. Vendors should be chosen based on size and functionality, and should align with your cloud-native skills and goals.

• Last report: new report

• Leaders: not published yet

• Inclusion Criteria:

• Stage: Configure, Package, Release

Wave: Digital Process Automation For Wide Deployments, Q1, 2019

The DPA space is a significant expansion from traditional BPM, set apart by an emphasis on low-code development, consumer-grade user experiences, and AI-based innovation.

• Last report: new report

• Leaders: AgileCraft, CA, ServiceNow

• Inclusion Criteria: (from 2017 Wave) The DPA space is a significant expansion from traditional BPM, set apart by an emphasis on low-code development, consumer-grade user experiences, and AI-based innovation.

• Stage: Cross GitLab

Wave: Enterprise Insight Platforms, Q1, 2019

Forrester defines an enterprise insight platform as an integrated set of data management, analytics, and development tools that provide a general, enterprise-class platform for building systems of insight.

• Last report: January, 2019

• Leaders: IBM, Microsoft, and SAS

• Inclusion Criteria: Each vendor chosen had data management tools or services, multiple analytical tools or services, insight application development tools or services, unified platform management tools or services, experience with enterprise-size firms, and a strategic focus on insight platform enablement.

• Stage: Monitor, Meltano

New Wave: GDPR and Privacy Management Software, Q4, 2018

GDPR and privacy management software helps privacy, security, and other risk pros manage customers’ and employees’ privacy touchpoints and demonstrate accountability for their data-handling practices to a variety of stakeholders, including customers and regulators.

• Last report: November, 2018

• Leaders: One Trust, RSA

• Inclusion Criteria: Reporting on GDPR requirements, reporting on privacy use cases, modules and visualization, ongoing data ingestion, risk assessment framework and DPIA, feedback loop, deployment and ease-of-use, enforcement of security controls and integration

• Stage: Manage, Protect

Wave: Omnichannel Functional Test Automation Tools, Q3 2018

Functional testing tools are becoming more important in the eyes of AD&D professionals. Now the question is how vendors will respond to these growing expectations and how much innovation clients will expect from their OFTA providers.

• Last report: July, 2018

• Leaders: Eggplant, Parasoft, Tricentis

• Inclusion Criteria: All of the tools enable functional automation testing across at least three of the four most popular browsers: Chrome, Firefox, Internet Explorer, and Safari. Vendors have at least one of three capabilities: UI automated testing, the ability to automate design, and the ability to create and execute API and web services tests. The tool also had to address at least one of the three testing personas identified: business, technical, and developer.

• Stage: Verify

Wave: Software Composition Analysis February 23, 2017

SCA fundamentals are key differentiators. SCA providers come from backgrounds in either license risk management or vulnerability identification, and those capabilities determine their value, along with supporting functionality such as policy management and integration with software development tools.

• Last report: February, 2017

• Leaders: Black Duck and WhiteSource led the 2017 Wave

• Inclusion Criteria: A comprehensive, enterprise-class SCA tool, including license risk management, vulnerability identification, policy management, and software delivery life cycle integration.

• Stage: Secure

Wave: Static Application Security Testing, Q4 2017

Much as a preflight checklist helps ensure a safe airplane flight, using static application security testing (SAST) as part of prerelease application testing can remove vulnerabilities so attackers can’t exploit them in production. SAST remains the best prerelease testing tool for catching tricky data flow issues and issues such as cross-site request forgery (CSRF) that tools such as dynamic application security testing (DAST) have trouble finding.

• Last report: December, 2017

• Leaders: Synopsys, CA Veracode

• Inclusion Criteria: A comprehensive, enterprise-class SAST tool, interest from Forrester clients. Language support and depth of results are key differentiators. Companies traditionally used SAST tools late in the software development lifecycle (SDLC) to scan products for vulnerabilities in proprietary code. Now developers need early remediation advice throughout the SDLC.

• Stage: Secure

Wave: Strategic iPaaS and Hybrid Integration Platforms, Q1, 2019

iPAAS and HIP are strategic elements of digital transformation. They manage data in motion in a faster landscape using software-as-a-service, and they improve the automation of IT and the business.

• Last report: January, 2019

• Leaders: TIBCO Software, Workato, and Dell Boomi

• Inclusion Criteria: Each vendor provides a breadth of integration functionality, including application and data integration, B2B integration, and API management capabilities (or connection to such capabilities), currently markets integration products (available before July 31, 2018), and meets revenue minimums by category.

Wave: Strategic Portfolio Management (SPM) Tools, Q3 2017

Planning disciplines are transitioning from annual to continuous. Organizational structures change to maximize throughput via data-driven, action-oriented feedback. In a world of digital transformation, the concept of project portfolio management (PPM) provides too narrow of a focus. SPM tools support planning at a unified level. Organizations can view investments through various lenses that leverage features, integration, and implementation best practices to create traceability from corporate strategic planning. SPM underpins organizations’ embrace of Agile planning. Seventy-one percent of organizations use Agile techniques to deliver at least some of the time.

• Last report: September, 2017

• Leaders: AgileCraft, CA, ServiceNow

• Inclusion Criteria: Integration of strategic planning capabilities, including goals, assessment, decision support, validation, gap analysis, and collaboration; portfolio management capabilities such as alignment, integrated operational alignment, portfolio analytics and data security; usability capabilities. Planning disciplines are transitioning from annual to continuous; PPM is too narrow of a focus. SPM tools support planning at a unified level. SPM underpins organizations' embrace of Agile planning.

• Stage: Plan

Gartner

Magic Quadrant for Application Performance Monitoring Suites

While AIOps for applications functionality is considered to be an essential component of a Magic Quadrant-qualifying APM suite, vendors whose offerings are focused on general AIOps capabilities are increasingly seen by users as viable alternatives to classical APM vendors. IT operations and other organizations are already awash with data, and this situation will likely only become more challenging with the growth of cloud, microservices, IoT and so on. Hence, Gartner sees companies such as Splunk, Sumo Logic and even the open-source Elastic Stack (combining Elasticsearch, Logstash and Kibana) as leveraging their current repository capabilities to act as the system of -truth- for APM data.

• Last report: March, 2018

• Leaders: Cisco, Dynatrace, New Relic, CA Technologies

• Link to report

• Inclusion Criteria: Vendors must offer an APM on-premises or Saas-based suite that includes all the following functions and characteristics: digital experience monitoring, application discovery, tracing and diagnostics, and AIOps for applications. Providers must be among the top 12 vendors in the APM market suite market in terms of revenue. Smaller revenue vendors moved up the listing for any technical limitations that disqualified a larger technology provider.

• Stage: Monitor

Critical Capabilities for Application Release Orchestration

ARO solutions are used to improve the speed and quality of application releases that are critical to enabling improved business performance. Gartner has identified three capabilities critical to the success of the three different types of stakeholders - release managers, application/product owners, and DevOps/application operations team members - commonly involved in this endeavor: deployment automation, pipeline and environment management, and release orchestration.

• Last report: September, 2018
• Link to report

Magic Quadrant for Application Security Testing

Although not strictly a security testing solution, SCA solutions have become critical components of application security programs. SCA products analyze application composition to detect components known to have security and/or functionality vulnerabilities or that require proper licensing. It helps ensure that the enterprise software supply chain includes only components that have undergone security testing and, therefore, supports secure application development and assembly. Gartner clients are increasingly seeking these capabilities from AST vendors. As such, vendors in this Magic Quadrant deliver SCA through homegrown solutions or partnerships with leading SCA vendors to supply analysis and governance capabilities to their clients.

• Last report: March, 2018

• Leaders: Micro Focus, CA Technologies (Veracode), Checkmarx, Synopsys, IBM

• Link to report

• Inclusion Criteria: To qualify for inclusion in this research, AST vendors need to: Provide a dedicated AST solution (product, service or both, with SAST, DAST or IAST capabilities); Provide an offering that identifies open-source components and known vulnerabilities in those components; Have generated at least $20 million of AST revenue during the last four quarters (4Q16 and first three quarters of 2017), of which at least $16 million is from North America and/or Europe, the Middle East and Africa; Provide a repeatable, consistent subscription-based engagement model (if the vendor provides AST as a service) using mainly its own testing tools to enable its testing capabilities; Have a product or service that was generally available before 15 September 2017; Be determined by Gartner to be significant players in the market because of their market presence or technology innovation

Critical Capabilities for Application Security Testing

The research outlines the critical capabilities of AST technologies and ranks providers against five essential use cases: AST for commercial, mainstream enterprises, AST for enterprises in regulated industries, AST for enterprises that need customizable solutions, AST for DevOps, and AST for mobile applications.

• Last report: March, 2018
• Link to report

Magic Quadrant for Cloud Management Platforms, 7 January 2019

Cloud management platforms provide automation, governance, life cycle management and brokering across multicloud resources.

• Last report: January, 2019

• Leaders: Flexera, Scalr, Embotics, and Morpheus Data

• Link to report

• Inclusion Criteria: To qualify, vendors must satisfy more than half of all required capabilities for at least four of the following seven cloud management functions. In addition, an offering should address the majority of these functions in a unified manner: provisioning and orchestration, service request, monitoring and analytics, inventory and classification, cost management and resource optimization, cloud migration, backup and disaster recovery, and identity, security and compliance. Provide more than half of the required packaging and delivery capabilities. The above must be provided by no more than three distinct products, delivered directly by the vendor. Products must have integrated identity, requre single sign-on among products and should share the same data store. Required functionality must be provided for (at a minimum) AWS, Azure and on-premises deployments. Revenue achievement of at least $3mn from previous calendar year, excluding all service or implementation-related revenue, or a minimum of $25mn in funding during the preceding 12 months. Revenue must come from enterprise customers, not service providers. Must have at least 50 currntly paying customers that use the solution in a production environment. At least half of this 50 must use the CMP for public cloud management and spend at least $25mn, collectively, with a public cloud provider. Direct vendor-provide sales and support offices on at least three coninents including North America and Europe.

Critical Capabilities for Cloud Management Platforms

See description above for MQ for Cloud Management Platforms

• Last report: January, 2019
• Link to report

Critical Capabilities for Cloud-based IT Project and Portfolio Management,

Program and portfolio management leaders often find that, given the complexity of their organizations’ project, program, resource and portfolio environments, they require software solutions to readily plan, organize and control it all. PPM tools can often address these needs.

• Last report: August, 2018
• Link to older report - Critical Capabilities for Project Portfolio Management, Worldwide

Market Guide for Container Management Software

Container management software covers on-premises and/or hybrid systems that provide the automation and abstraction of containers along with infrastructure capabilities. Deploying containers at scale requires capabilities that enable agility for application developers, while also providing reliability and simplicity for I&O teams. Container management software systems provide not only abstraction of infrastructure details and application life cycle pipeline enablement for developers, but also an underlying infrastructure foundation that scales and is secured. In many cases, these solutions are allowing enterprises to use containers as a replacement for application servers.

• Last report: August, 2018

• Leaders: Companies included: Alibaba Cloud, Cisco, DH2i, Diamanti, Docker, Google, HashiCorp, Heptio, IBM

• Link to report

• Inclusion Criteria: Vendors included in this research represent a broad section of the technology providers that offer all or a portion of the major components described in this document. Some vendors have a longer track record in the marketplace, while others have emerged using new technologies. Vendors were identified by analyst interactions in the market, as well as through external research of publications and other public sources.

Magic Quadrant for Content Collaboration Platforms

The Content Collaboration Platform (CCP) market covers a range of products and services that enable content productivity and collaboration. CCPs are aimed at individuals and teams, inside or outside an organization. Additionally, CCPs increasingly support lightweight content management and workflow use cases.

• Last report: July, 2018

• Leaders: Microsoft, Box

• Link to report

• Inclusion Criteria: To qualify for inclusion in this Magic Quadrant, vendors had to meet the following criteria: For the offering itself: The vendor had to have a stand-alone CCP offering for business, based on core file syncing and sharing capabilities. The CCP product had to have been generally available since 1 September 2017. The CCP product had to be available as a separately billed, stand-alone product. CCP capabilities alone, bundled with a different product from the same vendor, were considered extensions and were insufficient for inclusion. The vendor's CCP-related product and service revenue for 2017 had to be more than $20 million. Alternatively, it must have had at least a 40% growth rate from 2016 to 2017. This had to be demonstrated and certified by a company financial officer. Each vendor had to have at least 500,000 active users among all the organizations licensed to use its product. The total number of customer organizations had to be higher than 150. Twenty percent of deployments had to be demonstrated to be of over 1,000 seats and at least one deployment had to have 10,000 users. Each vendor had to demonstrate an installed base and presence outside its home geographic region, along with localized support provided through its own offices and resources or those of third parties. Five reference customers must have deployed the service or product for a minimum of six months, and have at least 1,000 paid users. Two of the reference customers must have had at least 5,000 paid users. In addition, vendors' CCP offerings must support a range of functionality, including: file synchronization, file sharing, file access, user productivity, mobility, synchronization on Windows PCs and macOS computers, security, management, integration, a service-led Platform, a cloud services in public or private cloud model, and file synchronization.

• Stage: Create

Critical Capabilities for Content Collaboration Platforms

Content collaboration platforms provide a comprehensive set of capabilities that support use cases from productivity and collaboration to content protection and infrastructure modernization. Application leaders should consider CCP as a key component of the digital workplace.

• Last report: July, 2018
• Link to report

Magic Quadrant for Content Services Platforms

Content Services Platforms (CSPs) is a set of services and microservices, embodied as an integrated product suite and applications that share common APIs and repositories, to exploit diverse content types and to serve multiple constituencies and numerous use cases across an organization.

• Last report: October, 2018

• Leaders:

• Link to report

• Inclusion Criteria: To be included, a vendor has a generally available enterprise CSP offering that is offered as a separately billed, stand-alone product. The product must be generally available before 1 April 2018. Vendor must have had at least $20 million in total revenue derived from CSP sales in 2017, or have a demonstrated revenue growth rate of 40% from 2016 to 2017. Total CSP revenue derives from sales of: Licenses — The right to use the software based upon contract type (perpetual or term license); Cloud-based services — Revenue for cloud services including business process as a service (BPaaS), IaaS, PaaS and SaaS; Subscriptions — Annual fees for licensed, on-premises software, as well as license revenue for single-tenant managed services (such as hosting); Technical support and maintenance fees — Contract fees for support services (not including training), new versions, updates and upgrades. Total CSP revenue excludes revenue from professional services and the sale of products manufactured by other vendors. There must be at least 200,000 active paid users among all the organizations that are licensed to use the product. The current installed base as of 1 April 2018 must meet the following criteria: The total number of customer organizations must be greater than 200. 20% of the deployments must have more than 1,000 seats. The vendor actively markets its products and has an established customer base with localized support (direct or via partners) in at least two major regions. For example, North America and Europe, the Middle East and Africa (EMEA), or Asia/Pacific (APAC) and Latin America.

Critical Capabilities for Content Services Platforms

Content Services Platforms (CSPs) is a set of services and microservices, embodied as an integrated product suite and applications that share common APIs and repositories, to exploit diverse content types and to serve multiple constituencies and numerous use cases across an organization.

• Last report: October, 2018
• Link to report

Market Guide for Continuous Configuration Automation Tools

CCA tools are a programmable framework on which configuration and provisioning tasks can be codified, versioned and managed like any other piece of application code. Many of the tools in the market provide a repository to store and manage configuration content, but can be integrated with or use code revision control systems in use by application development teams.

• Last report: 8 January 2018

• Leaders: Chef, CFEngine, Inedo, Orca, Puppet, Red Hat, SaltStack

• Link to report

• Inclusion Criteria: Most CCA vendors come from an open-source background, while some have a more traditional commercial approach. Over the past year, CCA vendors have been emphasizing their configuration management capabilities less, instead highlighting their 'orchestration' capabilities. Thus, organizations that are looking for configuration-management-specific improvements in a particular CCA tool should review the vendor's roadmap to ensure these improvements are a priority.

Magic Quadrant for Data Science and Machine-Learning Platforms

A cohesive software application that offers a mixture of basic building blocks essential for creating all kinds of data science solutions, and for incorporating those solutions into business processes, surrounding infrastructure and products.

• Last report: February, 2018

• Leaders: KNIME, H20.ai, RapidMiner, SAS, Alteryx

• Link to report

• Inclusion Criteria: Three gates include revenue and number of paying customers, reference customer counts, and product capability scoring. Critical capabilities include data access, data preparation, data exploratio and visualization, automation and augmentation, user interface, machine learning, other advanced analytics, flexibility, extensibiliyt and openness, performance and scalability, delivery, platform/project management, model management, precanned solutions, collaboration, and coherence.

Critical Capabilities for Data Science and Machine-Learning Platforms

A cohesive software application that offers a mixture of basic building blocks essential for creating all kinds of data science solutions, and for incorporating those solutions into business processes, surrounding infrastructure and products.

• Last report: April, 2018
• Link to report

Magic Quadrant for Digital Experience Platforms

A DXP is an integrated set of technologies, based on a common platform, that provides a broad range of audiences with consistent, secure and personalized access to information and applications across many digital touchpoints.

• Last report: January, 2018

• Leaders: IBM, Adobe, Sitecore, Liferay

• Link to report

• Inclusion Criteria: There are business and market criteria related to revenue and number of customers, there is a geographical coverage component, there is a requirement for cross-industry coverage, and there are functional inclusion criteria for content management, search and navigation, collaboration, personalization, end-user customization, analytics and optimization, security administration, integration and aggregation, and development.

Critical Capabilities for Digital Experience Platforms

A DXP is an integrated set of technologies, based on a common platform, that provides a broad range of audiences with consistent, secure and personalized access to information and applications across many digital touchpoints.

• Last report: April, 2018
• Link to report

Magic Quadrant for Enterprise Agile Planning Tools

The enterprise agile planning (EAP) market is experiencing a disruption as mergers and acquisitions (M&As) occur and visionary new players enter. Vendors that rely upon legacy product strategies are becoming less relevant. Organizations are maturing in their use of enterprise agile and are demanding more functionality from their tools. Meanwhile, advances in machine learning promise new insights into the effectiveness of enterprise agile development. We expect that M&A activities will continue as providers seek to position more-complete DevOps toolchains in support of digital business and cloud platforms. Toolchain-based DevOps practices are the norm, and EAP tools are becoming a part of that toolchain. This places emphasis on the ability of EAP tools to integrate with and consume data from other tools in the chain for planning, reporting and analysis.

• Last report: April, 2018

• Leaders: CA, Atlassian, Microsoft, CollabNet

• Link to report

• Inclusion Criteria: There are vendor revenue and customer requirements. The products must have been generally available to customers (i.e., not in 'beta' or other limited release) and actively marketed during the entire period from 1 September 2013 to 31 August 2017, without any significant company, product or service disruptions to the products' marketing and availability. The vendor must spport at least two of the defined use cases. The products must support the following functions: management of multiteam projects, cross-project and portfolio dependency tracking and reporting, and portfolio-level backlogs. Product must be available in the cloud and on premises. The product must include a RESTful integration API.

Critical Capabilities for Enterprise Agile Planning Tools

The enterprise agile planning (EAP) market is experiencing a disruption as mergers and acquisitions (M&As) occur and visionary new players enter. Vendors that rely upon legacy product strategies are becoming less relevant. Organizations are maturing in their use of enterprise agile and are demanding more functionality from their tools. Meanwhile, advances in machine learning promise new insights into the effectiveness of enterprise agile development. We expect that M&A activities will continue as providers seek to position more-complete DevOps toolchains in support of digital business and cloud platforms. Toolchain-based DevOps practices are the norm, and EAP tools are becoming a part of that toolchain. This places emphasis on the ability of EAP tools to integrate with and consume data from other tools in the chain for planning, reporting and analysis.

• Last report: June, 2018
• Link to report

Magic Quadrant for Enterprise High-Productivity Application Platform as a Service

The long-term, sustained leadership in the market remains open to new players. New vendors continue to appear: Gartner counted 75 hpaPaaS vendors at the start of this research; now 85 and rising. Platform convergence through hpaPaaS vendors starting to support more-sophisticated business logic, business process and user experience capabilities, and competing against specialist vendors for these areas. Some of the vendors in the bpmPaaS market (such as AgilePoint, Appian and Pegasystems) and the RMAD market (such as Progress and Kony) are increasingly seeing themselves as competing with other hpaPaaS vendors for application development platforms. Some of these specialists are merging with hpaPaaS vendors through acquisition (for example, ServiceNow acquiring SkyGiraffe), while others find themselves competing for common hpaPaaS use cases.

• Last report: April, 2018

• Leaders: Salesforce, OutSystems, Mendix, ServiceNow

• Link to report

• Inclusion Criteria: Vendors were required to provide at least 7 reference customers. Eleven characteristics of the product were evaluated, including platform-as-a-service, enterprise worthiness, mobile and multichannel support, data, process and business logic functionality, citizen developer experience, back-end integration development, automation of software development life cycle, integration with external DevOps, collaboration for developers, composite applications, and other hpaPaaS characteristics.

Magic Quadrant for Enterprise Integration Platform as a Service, Worldwide

The integration-platform-as-a-service has bifurcated into: vendors with a broad go-to-market strategy that tackle a wide range of enterprise integration scenarios; vendors that focus on the more specific use cases. This Magic Quadrant focuses on the first category, enterprise iPaaS.

• Last report: April, 2018

• Leaders: Informatica, Dell Boomi, Workato

• Link to report

• Inclusion Criteria: It has to be a cloud service, it has to be a PaaS solution, it has to provide iPaaS capabilities including features targeting data integration, features targeting application integration, and connectivity to different endpoints for on-premises and cloud. It has to have multiple data/message delivery styles, it has to be enterprise-grade and aimed at enterprise-class projects, it has to be marketed for a broad range of use ases, verticals and industries, and it has to be provided as a standalone service directly usable by the subscriber.

Critical Capabilities for Enterprise Integration Platform as a Service, Worldwide

The integration-platform-as-a-service has bifurcated into: vendors with a broad go-to-market strategy that tackle a wide range of enterprise integration scenarios; vendors that focus on the more specific use cases. This Magic Quadrant focuses on the first category, enterprise iPaaS.

• Last report: new report
• Link to latest MQ for Enterprise Integration Platform as a Service Worldwide

Magic Quadrant for Full Life Cycle API Management

Full life cycle application programming interface (API) management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and retirement of APIs. It involves use of a developers’ portal to target, market to and govern communities of developers who embed the APIs, as well as runtime management, estimation of API value and analytics.

• Last report: April, 2018

• Leaders: Google, CA Technologies, IBM, MuleSoft

• Link to report

• Inclusion Criteria: Vendor must market any subset of full life cycle API management capability, as defined under 'Product or Service', both in the cloud and on-premises, or in the cloud only. Have been marketing offerings as of January 2017, have a comprehensive, general-purpose offering for full life cycle API management that covers at least two API life cycle stages. Generate revenue of at least $12 million per year from full life ycle API management, and have grown in terms of full life cycle API management revenue or total number of full life cycle API management customers by at least 20% in the last year.

• Stage: Release or Configure??

Critical Capabilities for Full Life Cycle API Management

Full life cycle application programming interface (API) management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and retirement of APIs. It involves use of a developers’ portal to target, market to and govern communities of developers who embed the APIs, as well as runtime management, estimation of API value and analytics.

• Last report: May, 2018
• Link to report

Magic Quadrant for Integrated IT Portfolio Analysis Applications

The integrated IT portfolio analysis (IIPA) market provides technology solutions that can present the interrelated perspectives, views and considerations needed to make strategic decisions, as more enterprises shift from initiating to scaling digital business. IIPA vendors offer versatile and dynamic portfolio analysis and management, enabling users to create, connect and share portfolios.

• Last report: November, 2018

• Leaders: Software AG, EOS Software, Planview, CA Technologies

• Link to report

• Inclusion Criteria: Vendors must provide a top-down, stand-alone and dynamic IT portfolio analysis system. The products they offer must allow users to natively create and amnage at least three IT domain-specific portfolios; combine and cross-reference many types of objects and portfolios; include the ability to incorporate unstructured data such as survey results; support the identification, cataloging and analysis of risk factors; support the ability to graqphically depict, value and analyze application inventories; and allow users to buiild emergent digital product portfolios; support the creation and management of role-specific views for both IT and business managers, with material to support portfolio analysis and management; provide native portfolio management features and functions; import or otherwise include the potential operational costs and service impacts related to decision making affecting any IT portfolio, as well as import, manage and correlate data from other systems; support IIPA without requiring the use of outside bolt-on software; be generally available and have multiple customers using the product in production.

Magic Quadrant for Intrusion Detection and Prevention Systems

This Magic Quadrant focuses on the market for stand-alone IDPS appliances; however, IDPS capabilities are also delivered as functionality in other network security products.

• Last report: January, 2018

• Leaders: Cisco, McAfee, Trend Micro

• Link to report

• Inclusion Criteria: Only products that meet the following criteria will be included: Operate as a network appliance; apply policy based on several detection methodologies to network traffic; perform packet normalization, assembly and inspection to support these detection and prevention use cases; provide the ability to identify and respond to malicious and/or unwanted sessions with multiple methods; adapt the policy based on correlation with vulnerability assessment tolls to dynamically apply protections to protect internal and external asets found to be vulnerable; have achieved network IDPS product sales and maintenance revenue of over $10 million; sell the product as primarily meeting stand-alone network intrusion detection and prevention use cases.

Magic Quadrant for IT Service Management Tools

• Last report: August, 2018

• Leaders:

• Link to report

Critical Capabilities for IT Service Management Tools

• Last report: August, 2018
• Link to report

Magic Quadrant for Managed Security Services, Worldwide

• Last report: February, 2018

• Leaders:

• Link to report

Critical Capabilities for Managed Security Services

• Last report: new report
• Link to MQ for Managed Security Services

Magic Quadrant for Mobile App Development Platforms

• Last report: July, 2018

• Leaders:

• Link to report

Critical Capabilities for Mobile App Development Platforms

• Last report: September, 2018
• Link to report

Magic Quadrant for Network Performance Monitoring and Diagnostics

• Last report: February, 2018

• Leaders:

• Link to report

Critical Capabilities for Network Performance Monitoring and Diagnostics

• Last report: February, 2018
• Link to report

Magic Quadrant for Project Portfolio Management, Worldwide

Providers in this Magic Quadrant include those focused on general-purpose or enterprisewide PPM, as well as IT PPM, as long as the providers meet all of the required inclusion criteria. When evaluating and positioning the vendors included in this research, emphasis is placed on the importance of vendors offering multiple PPM products supporting different PPM use cases.

• Last report: May, 2018

• Leaders: Planview, CA Technologies, Changepoint, Planisware

• Link to report

Magic Quadrant for Security Information and Event Management

• Last report: October, 2018

• Leaders:

• Link to report

Critical Capabilities for Security Information and Event Management

• Last report: October, 2018
• Link to report

Magic Quadrant for Software Test Automation

By 2021, 30% of application development organizations will use AI-enabled test automation that supports the different stages of the DevOps life cycle.

• Last report: November, 2018

• Leaders: SmartBear, Tricentis

• Link to report

Critical Capabilities for Software Test Automation

The Gartner Critical Capabilities focuses on functional software test automation tools that can run automated functional tests by driving the user interface of an application (UI test automation) or interact with the application through an application programming interface (API test automation).

• Last report: February, 2018
• Link to report

Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls)

• Last report: September, 2018

• Leaders:

• Link to report

Magic Quadrant for Web Application Firewalls

• Last report: August, 2018

• Leaders:

• Link to report