塑造DevSecOps未来的关键趋势

Equity ResearchTechnology, Media, Communications July 7, 2025 Jonathan Ho +1 312 364 8276Jason Ader, CFA +1 617 235 7519Arjun Bhatia, CPA +1 312 364 5696Jake Roberge +1 312 364 8056Sebastien Naji +1 212 245 6508Garrett Burkam +1 312 364 5152 On the Ground and In the Cloud A Developer Technology Quarterly:DevSecOps Refresh Edition WilliamBlair Contents Introduction ............................................................................................................................................................................................................... 2Executive Summary ................................................................................................................................................................................................. 3Key Takeaways.......................................................................................................................................................................................................... 4Examining the DevSecOps Market Landscape ............................................................................................................................................... 7AI’s Impact on DevSecOps...................................................................................................................................................................................14DevSecOps Market Size and Growth Outlook ..............................................................................................................................................16DevSecOps Trends .................................................................................................................................................................................................18Core Value Propositions of DevSecOps Platforms .....................................................................................................................................22Proprietary Survey of Developers ...................................................................................................................................................................25Appendix–Private Company Profiles ............................................................................................................................................................32Glossary .....................................................................................................................................................................................................................38 Introduction On the Ground and In the Cloudis a quarterly publication produced by the William Blair technology team thatdelves into trends impacting developer technologies across a wide scope of topics that includes softwaredevelopment, DevOps, database, analytics, and observability. Over the past decade, developers have becomeincreasingly important influencers across all organizations, as software applications and digital transformationhave become critical to business operations, customer interaction, and competitive advantage. More recently, thistrend has been accentuated by black swan events like the COVID-19 pandemic and a slew of software supplychain attacks. Developers represent the early adopters who will determine the success of a particular softwareproduct or project. As a result, we believe it is essential to examine the key technological and cultural dynamicsimpacting this all-important cohort of workers. In this DevSecOps Refresh edition ofOn the Ground and In the Cloud, we provide updated results from our mostrecent proprietary survey of developers/practitioners, examine the overall DevSecOps market and its majorplayers and how it has changed over the last year, and discuss the latest trends in the space. We also provide ourthoughts on what impact AI might have on DevSecOps, and we highlight relevant private companies. WilliamBlair Executive Summary DevSecOps is the practice of embedding security throughout the software development lifecycle (SDLC) to ensure that securitytesting, policies, and controls are integrated directly into developer and DevOps workflows. Instead of treating security as aseparate phase at the end of the development process, DevSecOps makes it a continuous and shared responsibility across IToperations, development, and security teams. This approach aligns with agile and cloud-native software delivery methods,which enables faster and safer software releases by catching issues earlier in the process and fostering greater collaborationbetween traditionally siloed teams. Applications and APIs also represent a major attack vector, with 25% of all data breachestargeting application layer vulnerabilities, according to Verizon’s latest Data Breach Investigations Report. Software supplychain security is also gaining more attention after high-profile breaches, like the SolarWinds and Equifax attacks, highlightedthe need to secur