Simplifying Software Security: Veracode Enhances Frictionless Experience for Developers
14.9.2022 21:33:00 EEST | Business Wire | Press release
Black Hat (booth #2428) – Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220809005141/en/
Fig. 1 Veracode “Beat the Heat” security flaw heat map, State of Software Security Report v12 (Graphic: Business Wire)
Brian Roche, Chief Product Officer at Veracode, said, “Modern applications are mostly assembled, not written from scratch. Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries*—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”
Facilitating DevSecOps
Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Large enterprises have applications across myriad languages and being able to deploy a continuous security testing solution across them simplifies the process, while providing consistent results. The company’s latest State of Software Security (SoSS) 12 research analyzed the most common flaws by language and revealed that a prevalent flaw for one language may not be of any concern for another. For example, cross-site scripting (XSS) is the most common flaw for PHP, at 77 percent, but doesn’t even make the top 10 for C++*. Moreover, flaws change constantly, meaning that even if a flaw isn’t prevalent in a programming language, practitioners should still take active steps to prevent it from impacting their code. Since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.
Frequent scanning of first- and third-party code mitigates the risk from both proprietary and open-source vulnerabilities, such as Log4j. Veracode’s new developer-centric tools and services are designed to make this a quicker and easier process, particularly with the additional capability of third-party proprietary library scanning.
Peter Evans, Engineering Director at QAD Precision GTTE, said, “Veracode brought a complete platform for us to build security tools into our development pipelines, as well as helped us grow our knowledge to keep getting better at security. Veracode was also a good fit because the platform can scan Java code in the Spring framework where we develop our software. We’ve gone from reviewing code to integrating continuous scans into our daily pipelines. Security threats don’t stand still and Veracode provides us the tools to keep up with the latest vulnerabilities and rules.”
Notable updates to the Veracode Continuous Software Security platform include:
SBOM for SCA
- With government regulations driving standards for securing software supply chains, having an SBOM is increasingly important for organizations. Veracode’s SBOM API in SCA enables developers to easily generate an SBOM in CycloneDX JSON format—one of the approved formats for compliance with the U.S. Executive Order. This helps confirm the code they’re using, or building, is free from vulnerabilities.
IDE and Integrations for SCA
To make software security a seamless experience, Veracode continues to introduce integrations that meet developers where they work.
- The Veracode Azure DevOps Extension has a new “SCA Flaw Importer” to automatically import SCA flaws into Azure DevOps Boards and Work Items
- The soon-to-be-released Veracode for Visual Studio Code extension provides detailed information on vulnerabilities, licence risks, and recommended versions of open-source libraries and transitive dependencies so developers can rapidly respond to any risks
Expanded Frameworks and Languages Support for Static Analysis
- The company is committed to keeping up with the latest language and frameworks with which developers work, adding support for Rails 7.0, Ruby 3.x, and PHP Symfony
Roche concluded, “As a pioneer of application security, we are uniquely positioned to combine unrivalled experience with the latest innovations in cloud development. Unlike on-premise vendors, our SaaS solution is both scalable and elastic, meaning customers are always prepared to meet unexpected demand. Powered by nearly two decades of cumulative data, our platform provides detailed comparative historical reviews against industry benchmarks and peers—a level of insight highly relevant for leadership teams and the board. Our platform also saves developers time by delivering highly accurate results and enabling them to find and fix vulnerabilities in minutes, meaning they can ship code quickly with the confidence that it is secure.”
Developers can learn more about Veracode’s platform, the frictionless developer experience, and how to simply and maturely secure their SDLC by visiting Veracode’s booth #2428 at Black Hat USA.
*Veracode State of Software Security Report v12, February 2022
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220809005141/en/
Contact information
Press and Media
Katy Gwilliam
Head of Global PR, Veracode
kgwilliam@veracode.com
+44.7584.341.110
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Braun Launches the Next Generation of Electric Shaver With Braun NEVO Introducing a New Dawn of Smooth Touch2.7.2026 09:00:00 EEST | Press release
With over 100 years of exceptional German craftsmanship, Braun introduces Braun NEVO, an electric shaver redefining what a close shave and smooth skin mean. Every element has been reimagined: the sleek unibody stainless steel handle, the revolutionary AeroTouch™ Technology and advanced personalized display deliver a perfectly close shave without sacrificing comfort. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260701842080/en/ Braun NEVO Shaver Oliver Grabes, Braun Head of Design, said: “At Braun, we set out to reimagine the shaving experience which led to the development of AeroTouch™ Shaving Technology, a cutting system engineered for ultra-low friction on the skin and high efficiency. This makes Braun NEVO our best shaver* setting a new standard for smooth skin.” Introducing the revolutionary world’s first AeroTouch™ Technology, featuring 250 diamond-sharp cutting edges and an exclusive Ultra gliding foil for a smooth g
Brenus Pharma Strengthens Its Governance With Designation of a New President and Appointment of Former Novo Nordisk EVP as Independent Member2.7.2026 09:00:00 EEST | Press release
Brenus Pharma, today announced key appointments to its board of directors. The company welcomes Eric DESSERTENNE, as President & Chairman of the board, succeeding co-founder Jacques GARDETTE, who will remain an active board member. Eric brings extensive experience in healthcare innovation and value creation, having notably led BIOCORP through its development and acquisition by Novo Nordisk. Brenus also appoints Camilla SYLVEST, as a second independent director, following the earlier addition of Diala EZZEDDINE a seasoned US-based biotech executive and entrepreneur. Camilla SYLVEST is an experienced pharmaceutical executive and global business leader, having spent nearly three decades at Novo Nordisk A/S, where she most recently served as Executive Vice President for Global Commercial Strategy, Corporate Communication and Sustainability. She currently serves on the Boards of Argenx SE, Getinge AB, and Zealand Pharma A/S, and has previously served on the Board of Danish Crown A/S and as
Access Advance and Alibaba Announce Alibaba's Expanded Participation in the VDP Pool2.7.2026 03:00:00 EEST | Press release
Access Advance LLC and Alibaba Group today announced that Alibaba has joined the Access Advance Video Distribution Patent Pool (VDP Pool) as a Licensee, securing a license to the pool's comprehensive coverage of HEVC, VVC, VP9, and AV1 codec technologies. The announcement marks a milestone in a multi-year collaboration between the two companies that spans the VVC Advance Patent Pool, where Alibaba participates as both a Licensor and Licensee, and the VDP Pool, where Alibaba joined as a Licensor in 2025. Alibaba's subsidiary Youku, one of China's leading streaming platforms, also joined the VDP Pool as a Licensee in 2025. Alibaba operates one of the world's most diverse video ecosystems, spanning a wide range of video-based services across e-commerce, entertainment, and digital media. As video has become central to how consumers shop, communicate, and access entertainment, the breadth of Alibaba's video operations reflects the kind of business model complexity the VDP Pool was designed
Vertex Announces US FDA Approval for Expanded Use of CASGEVY ® for the Treatment of People Ages 2 Years and Older With Sickle Cell Disease or Transfusion-Dependent Beta Thalassemia2.7.2026 02:58:00 EEST | Press release
Vertex Pharmaceuticals Incorporated (Nasdaq: VRTX) announced today that the U.S. Food and Drug Administration (FDA) has approved expanded use of CASGEVY® (exagamglogene autotemcel) for the treatment of people ages 2 years and older with either sickle cell disease (SCD) with recurrent vaso-occlusive crises (VOCs) or transfusion-dependent beta thalassemia (TDT). CASGEVY is the first approved genetic therapy indicated for children as young as 2 years for both SCD and TDT. “Just as we redefined what is possible in cystic fibrosis, our ambition is to transform the future for people living with sickle cell disease and transfusion-dependent beta thalassemia. The remarkable consistency of results across age groups reinforces the potential of CASGEVY to deliver durable, transformative benefits to those who have historically had limited options,” said Reshma Kewalramani, M.D., Chief Executive Officer and President, Vertex. “We’re deeply grateful to the patients, families and investigators who pa
Robinhood Chooses Morpho to Power New Earn Product1.7.2026 22:15:00 EEST | Press release
Morpho, the open blockchain-based credit network, today announced it will power Robinhood’s new Earn product, enabling Robinhood's millions of eligible users more options to earn yield onchain via a self-custody wallet, directly within the Robinhood app. The product will roll out progressively to Robinhood's US customer base over the coming weeks. The Robinhood Earn product aims to provide risk-adjusted yield on idle balances using USDG, a dollar-pegged stablecoin. Morpho serves as the underlying credit network, Steakhouse Financial curates the vault infrastructure supporting the product, and Robinhood Chain acts as the settlement layer. The product is delivered through a seamless experience in the Robinhood app. Morpho operates as an open network on the blockchain. Lenders and borrowers compete in real time, helping create more efficient markets and enabling financial products with better rates and terms for users. USDG supplied through Robinhood Earn is deposited into a Morpho Vault
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
