Business Wire

Simplifying Software Security: Veracode Enhances Frictionless Experience for Developers

14.9.2022 21:33:00 EEST | Business Wire | Press release

Share

Black Hat (booth #2428) Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220809005141/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Fig. 1 Veracode “Beat the Heat” security flaw heat map, State of Software Security Report v12 (Graphic: Business Wire)

Brian Roche, Chief Product Officer at Veracode, said, “Modern applications are mostly assembled, not written from scratch. Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries*—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”

Facilitating DevSecOps

Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Large enterprises have applications across myriad languages and being able to deploy a continuous security testing solution across them simplifies the process, while providing consistent results. The company’s latest State of Software Security (SoSS) 12 research analyzed the most common flaws by language and revealed that a prevalent flaw for one language may not be of any concern for another. For example, cross-site scripting (XSS) is the most common flaw for PHP, at 77 percent, but doesn’t even make the top 10 for C++*. Moreover, flaws change constantly, meaning that even if a flaw isn’t prevalent in a programming language, practitioners should still take active steps to prevent it from impacting their code. Since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.

Frequent scanning of first- and third-party code mitigates the risk from both proprietary and open-source vulnerabilities, such as Log4j. Veracode’s new developer-centric tools and services are designed to make this a quicker and easier process, particularly with the additional capability of third-party proprietary library scanning.

Peter Evans, Engineering Director at QAD Precision GTTE, said, “Veracode brought a complete platform for us to build security tools into our development pipelines, as well as helped us grow our knowledge to keep getting better at security. Veracode was also a good fit because the platform can scan Java code in the Spring framework where we develop our software. We’ve gone from reviewing code to integrating continuous scans into our daily pipelines. Security threats don’t stand still and Veracode provides us the tools to keep up with the latest vulnerabilities and rules.”

Notable updates to the Veracode Continuous Software Security platform include:

SBOM for SCA

  • With government regulations driving standards for securing software supply chains, having an SBOM is increasingly important for organizations. Veracode’s SBOM API in SCA enables developers to easily generate an SBOM in CycloneDX JSON format—one of the approved formats for compliance with the U.S. Executive Order. This helps confirm the code they’re using, or building, is free from vulnerabilities.

IDE and Integrations for SCA

To make software security a seamless experience, Veracode continues to introduce integrations that meet developers where they work.

  • The Veracode Azure DevOps Extension has a new “SCA Flaw Importer” to automatically import SCA flaws into Azure DevOps Boards and Work Items
  • The soon-to-be-released Veracode for Visual Studio Code extension provides detailed information on vulnerabilities, licence risks, and recommended versions of open-source libraries and transitive dependencies so developers can rapidly respond to any risks

Expanded Frameworks and Languages Support for Static Analysis

  • The company is committed to keeping up with the latest language and frameworks with which developers work, adding support for Rails 7.0, Ruby 3.x, and PHP Symfony

Roche concluded, “As a pioneer of application security, we are uniquely positioned to combine unrivalled experience with the latest innovations in cloud development. Unlike on-premise vendors, our SaaS solution is both scalable and elastic, meaning customers are always prepared to meet unexpected demand. Powered by nearly two decades of cumulative data, our platform provides detailed comparative historical reviews against industry benchmarks and peers—a level of insight highly relevant for leadership teams and the board. Our platform also saves developers time by delivering highly accurate results and enabling them to find and fix vulnerabilities in minutes, meaning they can ship code quickly with the confidence that it is secure.”

Developers can learn more about Veracode’s platform, the frictionless developer experience, and how to simply and maturely secure their SDLC by visiting Veracode’s booth #2428 at Black Hat USA.

*Veracode State of Software Security Report v12, February 2022

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Learn more at www.veracode.com, on the Veracode blog and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Press and Media
Katy Gwilliam
Head of Global PR, Veracode
kgwilliam@veracode.com +44.7584.341.110

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Agenus Announces Oversubscribed Private Placement of Up to $340 Million to Advance Registrational ROBBIN Trial of Neoadjuvant BOT+BAL in MSS Colon Cancer13.7.2026 13:00:00 EEST | Press release

Agenus Inc. (Nasdaq: AGEN), a leader in immuno-oncology innovation, today announced that it has entered into a securities purchase agreement for a private placement of approximately $85 million in upfront gross proceeds, before the deduction of private placement expenses, and up to an additional $255 million upon the full exercise of purchase warrants. The financing was led by Commodore Capital, with participation from RA Capital Management, TCGX, Invus, and Ligand Pharmaceuticals. The net proceeds of this financing are expected to support Agenus’ strategic prioritization of botensilimab and balstilimab (BOT+BAL) for the neoadjuvant treatment of microsatellite-stable (MSS) colon cancer, including advancement of ROBBIN1, the Company’s planned registrational Phase 3 neoadjuvant trial in microsatellite-stable (MSS) colon cancer. High-risk Stage II and Stage III MSS colon cancer affect an estimated 38,000 patients annually in the US and more than 200,000 patients worldwide,2 representing a

Zayed Sustainability Prize Closes 2027 Submissions with Strong Global Participation13.7.2026 12:48:00 EEST | Press release

The Zayed Sustainability Prize, the UAE’s pioneering award for innovative solutions to global challenges, has officially closed submissions for its 2027 awards cycle, receiving an unprecedented 10,233 entries from 177 countries across its six categories of Health, Food, Energy, Water, Climate Action and Global High Schools. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260713519403/en/ Zayed Sustainability Prize Closes 2027 Submissions with Strong Global Participation (Photo: AETOSWire) Now in its 18th year, the Prize continues to attract a diverse and growing pool of small and medium-sized enterprises, nonprofit organisations and high schools developing solutions that improve lives, particularly in vulnerable and underserved communities. This year’s submissions point to a growing emphasis on resilience, adaptability and systems-level impact. Across regions, applicants are addressing complex global challenges through practi

Ant Group Open-Sources SingGuard-NSFA to Establish New Security Paradigms for Autonomous AI Agents13.7.2026 12:01:00 EEST | Press release

Ant Group’s AI Security Lab today announced the open-source release of SingGuard-NSFA, a specialized security guardrail framework designed specifically for autonomous AI agents. The framework secures agentic AI systems against operational threats like prompt injection, addressing critical vulnerabilities as AI transitions from passive content generation to active, autonomous execution. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260712722454/en/ As AI agents rapidly move from research labs to business scenarios, the security landscape has fundamentally shifted. The explosive global adoption of open-source agent frameworks like OpenClaw, celebrated for their "one-click deployment" and "full-stack autonomy", has simultaneously exposed significant operational risks, including permission escalation and prompt injection. Industry frameworks, including the OWASP (Open Web Application Security Project) Top 10 for Agentic Applica

Incyte Presents Phase 1/2 Multidose Data for VGA039 (Latarcibart) at ISTH 2026, Showing Substantial Bleed Reductions in Patients with all Von Willebrand Disease Types13.7.2026 11:00:00 EEST | Press release

Incyte (Nasdaq: INCY) today announced complete safety and efficacy data from all patients (n=16) enrolled in the Phase 1/2 multidose study of VGA039 (latarcibart), a novel, Protein S-targeting, investigational monoclonal antibody for patients with von Willebrand disease (VWD). The data are being shared in an oral presentation today at the 34th Congress of the International Society on Thrombosis and Haemostasis (ISTH 2026 Congress) in Paris. Latarcibart modulates Protein S to improve hemostasis, potentially enhancing the body’s ability to prevent or reduce the frequency of bleeding episodes. Latarcibart is in pivotal Phase 3 development for patients with VWD, the most common inherited bleeding disorder. If approved, latarcibart has the potential to be the first, once monthly subcutaneous prophylactic therapy for patients with VWD, offering an important alternative to the frequent intravenous infusions of replacement factor concentrates commonly used in the prophylactic setting today. Gi

Europe’s Demand for Tech Services Accelerates in Q2, As Spending on AI and Managed Services Rises: ISG Index™13.7.2026 11:00:00 EEST | Press release

Demand for technology services in Europe continued to accelerate in the second quarter, as the region increasingly turns to managed services to reduce costs and cloud services to meet AI objectives, according to the latest state-of-the-industry report from Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm. The EMEA ISG Index™, which measures commercial outsourcing contracts with annual contract value (ACV) of US $5 million or more, shows second-quarter ACV for the combined market (both managed services and cloud-based as-a-service) soared 46 percent—its largest growth in eight years—to US $13.0 billion. The latest quarter adds to a string of three straight quarters in which growth has averaged 33 percent. “Europe has become the fastest-growing region for technology services, fueled not only by an increasing demand for AI, but for managed services, which acts as a cost-savings lever to help fund AI ambitions and continued digital

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye