Veracode , a global leader in application risk management, announced a series of innovations that revolutionize the way organizations approach security. The enhanced platform reduces vulnerability remediation time by up to 92 percent and prevents 60 percent of critical supply chain risks from entering organizations through proactive mitigation. These latest enhancements to Veracode’s Package Firewall and Risk Manager provide assurance, context, and continuity across the entire software development lifecycle.
“Security teams tell us they’re drowning in vulnerability reports, missing the truly important risks. Our latest innovations flip the script: Instead of endlessly putting out fires, teams can now proactively prevent threats and focus their remediation efforts where they can have the greatest impact for the business,” said Derek Maki, Head of Product at Veracode.
Redefining application risk management with end-to-end risk visibility
The latest enhancements to Veracode’s application risk management platform enable security teams to identify and remediate vulnerabilities faster and more accurately than ever before. Veracode Risk Manager sets a new standard for application security posture management (ASPM) and offers six new integrations with industry leaders, including Wiz . By aggregating and prioritizing issues from all sources, Risk Manager reduces vulnerability remediation time by up to 92 percent . This holistic view enables security teams to take the Best Next Action™ —the actions that will reduce risk the most — with precision.
Also Read: SecurityBridge acquires CyberSafe to provide contextual SSO, MFA, and passwordless authentication to SAP users
Securing the software supply chain
With 70 percent of critical security risks stemming from third-party code, companies are under unprecedented pressure to protect their software supply chains. Regulations such as the European Union’s Digital Operational Resilience Act (DORA) underscore the critical role of open source security in maintaining software supply chain integrity.
Veracode Package Firewall redefines supply chain security with an automated solution that blocks untrusted packages before they can enter development pipelines. Powered by advanced AI analytics, Package Firewall identifies and blocks 60 percent more malicious packages than competing solutions, effectively preventing vulnerabilities, malware, and policy violations from entering enterprise systems.
Combined with Software Composition Analysis (SCA) and Malicious Package Detection, Veracode Package Firewall significantly reduces the risk of supply chain attacks by detecting and neutralizing libraries containing malicious code.
“Veracode Package Firewall represents a fundamental shift in our approach to supply chain security. While others only raise alarms when malicious packages are already in their code base, we block them at the ingress. This means security teams can finally stay one step ahead of supply chain threats, rather than reacting frantically when legitimate packages are compromised or malicious packages slip through,” said Maki.
The product is based on proprietary threat intelligence and automates real-time risk management to ensure that malicious files and programs never enter an organization’s code base.
Increase developer productivity through frictionless security
According to Gartner, Inc., organizations with a high-quality developer experience are 33 percent more likely to achieve their business goals and 31 percent more likely to improve delivery flow. Veracode continues to drive developer productivity by optimizing the platform with improved integrated developer environment (IDE) plugins and new Git integrations that embed enterprise-grade security directly into workflows.
“Developer productivity isn’t just a nice-to-have; it directly impacts your ability to deliver secure, market-ready software. Our IDE integrations provide enterprise-grade security intelligence without requiring context switching that interrupts developer workflow. That’s why we achieve 35 percent faster remediation times with our IDE plugins and integrations, including Visual Studio, IntelliJ IDEA, and Eclipse, as well as GitHub, GitLab, and Azure DevOps,” said Maki.
Veracode’s latest developer-focused innovations eliminate operational inefficiencies, simplify workflows, and reduce unnecessary complexity from daily DevSecOps processes. Other innovations include:
- AI-powered login for dynamic application security testing (DAST): Automates complex authentication flows, reduces script setup time by 50 percent, and expands dynamic testing coverage.
- Container and Infrastructure-as-Code (IaC) results: Centralizes container and IaC results in the Veracode platform, streamlining vulnerability management.
- Veracode Fix Usage Analytics : Provides a dashboard that tracks usage and fixed Common Weakness Enumerations (CWEs), providing insights by IDE, project, and source file to optimize remediation.
Source: BusinessWire