Veracode, a global leader in application risk management, has introduced a suite of new innovations aimed at transforming how organizations secure their software environments. These enhancements dramatically accelerate vulnerability remediation reducing it by up to 92% and proactively block 60% of critical supply chain threats before they reach enterprise systems. The upgrades, integrated into Veracode’s Package Firewall and Risk Manager, offer seamless security coverage and contextual insights across the entire software development lifecycle.
“Security teams tell us they’re drowning in vulnerability reports, missing the truly important risks. Our latest innovations flip the script: Instead of endlessly putting out fires, teams can now proactively prevent threats and focus their remediation efforts where they can have the greatest impact for the business,” said Derek Maki, Head of Product at Veracode.
End-to-End Risk Visibility with Veracode Risk Manager
With the newest capabilities, Veracode’s platform now provides greater visibility and precision for managing application security posture. The enhanced Risk Manager aggregates vulnerabilities from various sources, integrates with six major platforms including Wiz, and prioritizes risks based on impact. This unified view empowers security teams to identify the Best Next Action™ steps that most effectively reduce security risk with confidence and speed.
Protecting the Software Supply Chain at the Source
As third-party code continues to account for the majority of high-severity risks, organizations face mounting pressure to secure their software supply chains especially in light of evolving regulations such as the EU’s Digital Operational Resilience Act (DORA).
Veracode’s Package Firewall brings a new level of automation and intelligence to supply chain security. By leveraging advanced AI analytics, it preemptively blocks untrusted or malicious packages before they infiltrate development pipelines. Capable of identifying 60% more malicious packages than other tools, the firewall prevents vulnerabilities, malware, and policy violations from ever reaching production environments. Combined with Veracode’s Software Composition Analysis (SCA) and Malicious Package Detection capabilities, it significantly lowers the risk of supply chain attacks.
Also Read: Intel 471 & Sumo Logic Partner to Boost Threat Visibility
“Veracode Package Firewall represents a fundamental shift in our approach to supply chain security. While others only raise alarms when malicious packages are already in their code base, we block them at the ingress. This means security teams can finally stay one step ahead of supply chain threats, rather than reacting frantically when legitimate packages are compromised or malicious packages slip through,” said Maki.
Built on proprietary threat intelligence, the firewall automates real-time risk management, ensuring that threats are intercepted before they impact application code.
Enabling Developer Productivity with Embedded Security
Recognizing the direct link between developer experience and business outcomes, Veracode continues to optimize its platform with developer-centric enhancements. New integrated development environment (IDE) plugins and expanded Git integrations bring enterprise-grade security directly into developers’ daily workflows.
“Developer productivity isn’t just a nice-to-have; it directly impacts your ability to deliver secure, market-ready software. Our IDE integrations provide enterprise-grade security intelligence without requiring context switching that interrupts developer workflow. That’s why we achieve 35 percent faster remediation times with our IDE plugins and integrations, including Visual Studio, IntelliJ IDEA, and Eclipse, as well as GitHub, GitLab, and Azure DevOps,” said Maki.
In addition to streamlined workflows, Veracode is rolling out several innovations designed to eliminate friction from DevSecOps processes, including:
-
AI-powered login for DAST: Simplifies complex authentication flows, cutting script setup time in half and expanding coverage for dynamic application testing.
-
Centralized Container and IaC Results: Brings container and Infrastructure-as-Code security insights into a single view within the Veracode platform.
-
Fix Usage Analytics Dashboard: Tracks usage patterns and remediated CWEs by IDE, project, and file source to fine-tune development and security strategies.
These updates position Veracode as a pioneer in proactive, integrated application security helping organizations shift from reactive patching to strategic prevention.