Continuous Protection for the Cloud Era: Veracode Spotlights Latest Innovations for Advanced Software Security

Advanced AI-Powered Solutions Reduce Remediation Time While Proactively Blocking 60% of Critical Supply Chain Threats

Veracode, a global leader in application risk management, today unveiled a suite of innovations that transform how enterprises approach security. The enhanced platform cuts vulnerability remediation time by up to 92 percent, while using proactive defense to prevent 60 percent of critical supply chain risk from ever entering organizations. These latest enhancements to Veracode’s Package Firewall and Risk Manager provide assurance, context, and continuity across the software development lifecycle.

“Security teams tell us they’re drowning in vulnerability alerts while missing the risks that actually matter. Our latest innovations flip the script—instead of endless firefighting, teams can now prevent threats proactively and focus remediation efforts where they’ll have maximum business impact,” said Derek Maki, Head of Product at Veracode.

Redefining Application Risk Management with End-to-End Risk Visibility

The latest enhancements to Veracode’s Application Risk Management platform enable security teams to identify and remediate vulnerabilities with greater speed and precision than ever before. Veracode Risk Manager sets a new standard for application security posture management (ASPM), featuring six new integrations with industry leaders, including Wiz. By aggregating and prioritizing issues across all sources, Risk Manager reduces vulnerability remediation time by up to 92 percent. This holistic view empowers security teams to act on the Best Next Action™—the actions that reduce the most risk—with precision.

Securing the Software Supply Chain

With 70 percent of critical security debt stemming from third-party code, enterprises are under unprecedented pressure to safeguard their software supply chains. Regulations like the European Union’s Digital Operational Resilience Act (DORA) highlight the vital role of open-source security in maintaining software supply chain integrity.

Veracode Package Firewall redefines supply chain security with an automated solution that blocks untrusted packages, before they can infiltrate development pipelines. Powered by advanced AI analysis, Package Firewall identifies and blocks 60 percent more malicious packages than competing solutions, effectively preventing vulnerabilities, malware, and policy violations from entering organizational systems.

Paired with Software Composition Analysis (SCA) and Malicious Package Detection, Veracode Package Firewall significantly reduces the risk of supply chain attacks by finding and neutralizing libraries harboring malicious code.

“Veracode Package Firewall represents a fundamental shift in how we think about supply chain security. While others are still alerting malicious packages after they’re in your codebase, we’re blocking them at the gate. This means security teams can finally get ahead of supply chain threats instead of scrambling to respond when legitimate packages get compromised or malicious packages slip through,” said Maki.

Built on proprietary threat intelligence, the product automates real-time risk management to ensure nefarious files and programs never make it into an organization’s codebase.

Empowering Developer Productivity with Frictionless Security

According to Gartner, Inc., organizations with a high-quality developer experience are 33 percent more likely to attain their business goals and 31 percent more likely to improve delivery flow. Veracode continues to champion developer productivity through an enhanced platform experience, featuring improved Integrated Developer Environment (IDE) plugins and new Git integrations that embed enterprise-level security directly into workflows.

“Developer productivity isn’t just a nice-to-have; it directly impacts your ability to ship secure software at market speed. Our IDE integrations deliver enterprise-grade security insights without the context switching that kills developer flow. This is why we’re seeing 35 percent faster remediation times with our IDE plugins and integrations, including Visual Studio, IntelliJ IDEA, and Eclipse, as well as GitHub, GitLab, and Azure DevOps,” said Maki.

Veracode’s latest developer-focused innovations eliminate operational inefficiencies and simplify workflows, removing unnecessary complexity from day-to-day DevSecOps processes. Additional innovations include:

• AI-Assisted Login for Dynamic Application Security Testing (DAST): Automates complex authentication flows, reducing script setup time by 50 percent and expanding dynamic testing coverage.
• Container and Infrastructure-as-Code (IaC) Results: Centralizes container and IaC findings in the Veracode Platform, streamlining vulnerability management.
• Veracode Fix Usage Analytics: Provides a dashboard that tracks usage and Common Weakness Enumerations (CWEs) addressed, offering insights by IDE, project, and source file to optimize remediation.

Availability

Veracode’s latest product innovations are available to customers today. To find out more about the company’s application risk management platform and solutions, visit the website.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.

Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands, or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250724023276/en/