Professional Documents
Culture Documents
FIGURE 1
DevSecOps is a subset of the larger DevOps competitive market and is a methodology that asserts
that security needs to be prioritized at the beginning of the DevOps delivery pipeline (i.e., shifted left).
Embracing of DevSecOps enables DevOps teams to act as primary stakeholders in defining and
implementing security policies endeavoring to integrate security across the DevOps pipeline.
The implementation of DevSecOps includes more than just adding security tools to the development
and operations team's arsenal, and much like DevOps, there is an important cultural aspect required.
Organizations must successfully encourage the security and DevOps teams to work together.
DevSecOps includes several specialized use cases of DevOps that involve the automation of security
best practices across the DevOps life cycle. It is frequently described as "security as code" as it
embraces the use of programmatic, code-based approaches to ensure software security and quality.
DevSecOps use cases typically include automation and analytics for security scanning of code,
software quality, and configuration compliance. In containerized environments, registries are also
critical elements of the DevSecOps life cycle. Representative tools include static application security
testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA),
secrets management, runtime application self-protection (RASP), and container security.
Although IDC has been tracking DevSecOps revenue for a couple of years within the DevOps forecast,
this year represents the first publication of a DevSecOps competitive market forecast. For this forecast,
IDC started with the functional markets used to define the DevOps competitive market and then
dropped functional markets that had no products offering DevSecOps attributes. For the markets that
include products having DevSecOps functionality, we included the revenue that was specifically
associated with DevSecOps implementations.
To define this new competitive market, IDC published a new DevOps software tools market taxonomy
(see IDC's Worldwide DevOps and DevSecOps Software Tools Taxonomy, 2021, IDC #US48033621,
forthcoming).
Overall, the market for products that support DevSecOps practices is a high-growth market, with a
2020-2025 compound annual growth rate (CAGR) of 24%. Underlying this five-year CAGR is individual
functional market growth rates that have 2020-2025 CAGRs of as much as 42%, with the slowest
growing market still showing a five-year CAGR of 12.2%. On an annual basis, the growth rates are
more than 20% for every year of the forecast period except for 2025, which dips below that bar to
17.1%.
Like the larger DevOps market, the DevSecOps competitive market did not experience an off year in
2020. Despite pandemic-related pressures, parts of the industry experienced, tools that applied to
empowering and aligning a remote, distributed workforce, in general, had a very good year in CY20.
This five-year forecast was based on the assumptions represented in the June 2021 Worldwide Black
Book: Live Edition. These forecasts include the post-pandemic market behaviors and other recent
macroeconomic inputs from the last week of June 2021. We will continue to monitor changes in
macroeconomic conditions and reflect these changes in future forecasts.
This IDC study provides an updated market forecast for 2021–2025 based on June 2021 conditions as
described in IDC's Black Book Live Edition: June 2021. It also reflects updates made to the IDC
Software Tracker in spring 2021.
Through 2020, the DevSecOps software tools competitive market continued to demonstrate strong
growth as major vendors expanded and more tightly integrated their portfolios. Increasing numbers of
enterprise developers are adding DevSecOps practices to their day-to-day operations.
With growth in adoption of modern frameworks, architectural designs, and container packaging — along
with the ability to build, deploy, and fail fast — it becomes increasingly imperative for security to
become a development process, rather than an add-on technology that may or may not keep pace with
today's iterative development methodologies.
As a result, end-user organizations will need a variety of solutions to empower their developers to
move quickly and safely, as they create disruptive and digitally innovative software that can help grow
the business.
As with the DevOps market, the DevSecOps market, too, can be expected to experience merger and
acquisition activities that will continue to shake up the competitive environment going forward. It
becomes imperative for leading vendors to look for ways to expand and improve the capabilities that
their technologies offer to clients.
MARKET FORECAST
This IDC analysis provides a forecast by geographic region and market distribution for the worldwide
DevSecOps software tools market as of July 2021. Refer back to Figure 1 for the DevSecOps revenue
portions by IDC operational categories. Refer to the Market Definition section for further details on the
underlying functional markets, and Table 1 provides a detailed breakdown of the revenue allocations
by operational category.
IDC's data sizes the 2020 worldwide DevSecOps software tools competitive market at $2.6 billion in
U.S. dollar (USD) current currency. The overall DevSecOps software tools market is currently forecast
to grow to $7.5 billion in 2025, with a CAGR of 24% for the five-year 2021–2025 forecast period.
The updated IDC's DevSecOps software tools taxonomy (see IDC's Worldwide DevOps and
DevSecOps Software Tools Taxonomy, 2021, IDC #US48033621, forthcoming) has further expanded
the market to include portions of endpoint security and API management software. Refer back to
Figure 1 and see Table 1 for a summary of the allocation of these functional market revenues with the
four logical market groupings as follows:
TABLE 1
2020 2025
Share 2020–2025 Share
2020 2021 2022 2023 2024 2025 (%) CAGR (%) (%)
Application security tools 1,357.1 1,733.2 2,161.7 2,550.1 2,980.3 3,349.6 53.1 19.8 44.7
API and container security 629.1 977.2 1,349.9 1,806.7 2,361.0 2,950.9 24.6 36.2 39.4
Testing, secrets, and network 568.5 662.5 784.1 919.4 1,059.0 1,196.8 22.3 16.0 16.0
management
Total 2,554.7 3,372.9 4,295.6 5,276.3 6,400.3 7,497.3 100.0 24.0 100.0
IDC forecasts that by 2025, 53.6% of the worldwide DevSecOps software tools market will be
delivered as public cloud services (see Table 2 and Figure 2). Successful vendors will need to ensure
that they have an aggressive strategy to capture public cloud revenue opportunities but also make
sure that they do not neglect the equally large revenue opportunity for on-premises software, much of
which will likely be deployed into private and hybrid cloud environments.
2020 2025
Share 2020–2025 Share
2020 2021 2022 2023 2024 2025 (%) CAGR (%) (%)
On-premises/other software 1,458.8 1,855.1 2,276.7 2,690.9 3,136.2 3,478.7 57.1 19.0 46.4
Public cloud (SaaS) 1,096.0 1,517.8 2,018.9 2,585.4 3,264.2 4,018.5 42.9 29.7 53.6
Total 2,554.7 3,372.9 4,295.6 5,276.3 6,400.3 7,497.3 100.0 24.0 100.0
FIGURE 2
TABLE 3
2020 2025
Share 2020–2025 Share
2020 2021 2022 2023 2024 2025 (%) CAGR (%) (%)
Americas 1,512.4 1,959.6 2,465.7 2,991.6 3,577.8 4,123.5 59.2 22.2 55.0
EMEA 643.8 880.3 1,138.3 1,424.6 1,760.1 2,091.7 25.2 26.6 27.9
APJ 398.5 532.9 691.6 860.0 1,062.5 1,282.0 15.6 26.3 17.1
Total 2,554.7 3,372.9 4,295.6 5,276.3 6,400.3 7,497.3 100.0 24.0 100.0
MARKET CONTEXT
Larger and more regulated enterprise organizations are continuing to move toward DevOps. This is
boosting the demand for adding DevSecOps security and compliance software tools as part of the
application release workflow. The organizational effect has improved coordination between security
and DevOps teams, resulting in a security-as-a-code culture. We also see increased coordination
between security and quality teams for code analytics and metrics coordination, and initial coordination
with architects and designers in early phases of software development emerging as trends. Over time,
machine learning (ML) and artificial intelligence (AI) will build on emerging capabilities available now to
further company success in improving application resilience for security and quality.
The disruption that COVID-19 caused in 2020 ultimately resulted in, if anything, the acceleration of
spending on many categories of IT products and services. While other sectors of the economy face a
recovery transition during a gradual return to the next normal, DevSecOps products have never really
experienced a downturn.
MARKET DEFINITION
The 2021 IDC DevOps and DevSecOps software tools taxonomy has been expanded since the 2020
taxonomy and market share assessment were published. The revised 2021 taxonomy encompasses
portions of six IDC functional markets and products to the extent they are used to support DevSecOps
such as programmatic security scanning analytics.
Specifically, the updated market taxonomy covers software license, maintenance, subscriptions, and
software-as-a-service revenue related to the extent that DevSecOps initiatives make use of products
from the following functional markets:
Automated software quality (ASQ): This technology comprises automated software test and
related continuous integration/continuous delivery (CI/CD) tools used to enable agile DevOps
teams and use cases. Sample vendors include:
SonarSource
CAST
Micro Focus
HCL
Security analytics, intelligence, response, and orchestration (SAIRO): Selected compliance
and security scanning remediation and automation tools are included in the DevOps software
tools market to the extent they are integrated as part of CI/CD and DevOps operational
toolchains supporting the development and production of agile DevOps use cases. Sample
vendors include:
METHODOLOGY
The software revenue forecasts presented in this study represent IDC's best top-down estimates and
projections based on existing bottom-up historical data and forecasts for 2021–2025. In addition:
Software market forecasting begins with the formulation of global and regional macroeconomic
assumptions that are then analyzed to determine how they apply to specific market segments.
In addition, assumptions about specific market-level drivers and inhibitors are developed.
Forecast market values are built using a bottom-up approach in which our country analysts develop
forecasts in local currencies. These local currency forecasts are converted into U.S. dollars to produce
a forecast in one consistent currency. The latest quarterly exchange rate is applied to the 2021–2025
forecast period to better reflect the impact of the most recent known economic situation in each
country. In this document, the quarterly exchange rates used are based on the average quarterly
exchange rates from October 1 to December 31, 2020. The data represented in this document uses
this methodology unless otherwise stated and is termed current currency.
The data in this document is based on IDC's Worldwide Semiannual Software Tracker. IDC tracks
historical vendor revenue and develops forecasts in 53 individual countries and subregions. Because
of the detailed geographical granularity of the underlying data, the Worldwide Semiannual Software
Tracker also provides a "constant currency" revenue estimate for the total worldwide market in the
years reported in this document. Constant currency eliminates exchange rate fluctuation effects by
applying the same exchange rate to all historical and forecast periods.
Table 4 describes the average exchange rates applied to the local currency historical and forecast
estimates in the current currency and constant currency revenue numbers reported. Refer to IDC's
regional research studies for more accurate regional growth in local currencies.
Current USD 1H16 + 2H16 1H17 + 2H17 1H18 + 2H18 1H19 + 2H19 4Q19 4Q19
Current USD 1H16 + 2H16 1H17 + 2H17 1H18 + 2H18 1H19 + 2H19 1H20 + 2H20 4Q20
RELATED RESEARCH
Worldwide DevOps Software Tools Market Shares, 2020: Growth Fueled by Accelerated
Digital Transformation (IDC #US48050921, forthcoming)
Worldwide DevOps Software Tools Forecast, 2021-2025 (IDC #US48052021, forthcoming)
Worldwide DevSecOps Software Tools Market Shares, 2020: Strong Growth as DevOps
Teams Prioritize Security (IDC #US48051321, forthcoming)
IDC's Worldwide DevOps and DevSecOps Software Tools Taxonomy, 2021 (IDC
#US48033621, forthcoming)
IDC's Forecast Scenario Assumptions for the ICT Markets, April 2021 (IDC #US47665121,
May 2021)
DevSecOps Adoption, Techniques, and Tools Survey (IDC #US47597321, April 2021)
IDC FutureScape: Worldwide Developer and DevOps 2021 Predictions (IDC #US46417220,
October 2020)
Market Analysis Perspective: Worldwide DevOps Software, 2020 — Market View (IDC
#US46418720, September 2020)
Global Headquarters
Copyright Notice
This IDC research document was published as part of an IDC continuous intelligence service, providing written
research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC
subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please
contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on
applying the price of this document toward the purchase of an IDC service or for information on additional copies
or web rights.
Copyright 2021 IDC. Reproduction is forbidden unless authorized. All rights reserved.