Shapefin

Menu

Veracode Unveils Innovations to Accelerate Vulnerability Remediation and Strengthen Software Supply Chain Security

AI-Powered Defenses & Adversarial AI Application & API Security (DevSecOps) CyberTech Regulation SecOps, XDR & Incident Response
July 25, 2025

Share It:

Veracode, a global leader in application risk management, has unveiled a suite of innovations designed to enhance enterprise security, significantly reducing vulnerability remediation time and proactively preventing critical supply chain risks.

The company reports that its enhanced platform can cut vulnerability remediation time by up to 92 percent and prevent 60 percent of critical supply chain risk from entering organizations. These advancements, integrated into Veracode’s Package Firewall and Risk Manager, aim to provide comprehensive assurance, context, and continuity across the software development lifecycle.

Derek Maki, Head of Product at Veracode, stated, “Security teams tell us they’re drowning in vulnerability alerts while missing the risks that actually matter. Our latest innovations flip the script—instead of endless firefighting, teams can now prevent threats proactively and focus remediation efforts where they’ll have maximum business impact.”

Enhancements to Veracode’s Application Risk Management platform enable security teams to identify and remediate vulnerabilities with increased speed and precision. Veracode Risk Manager, which functions as an application security posture management (ASPM) solution, includes six new integrations with industry leaders, such as Wiz. By aggregating and prioritizing issues from various sources, Risk Manager is reported to reduce vulnerability remediation time by up to 92 percent, allowing security teams to focus on the “Best Next Action™” to reduce the most risk.

With 70 percent of critical security debt attributed to third-party code, enterprises face pressure to secure their software supply chains. Regulations like the European Union’s Digital Operational Resilience Act (DORA) underscore the importance of open-source security in maintaining software supply chain integrity. Veracode Package Firewall offers an automated solution that blocks untrusted packages before they enter development pipelines. Utilizing advanced AI analysis, Package Firewall identifies and blocks 60 percent more malicious packages than competing solutions, thereby preventing vulnerabilities, malware, and policy violations from infiltrating systems. When combined with Software Composition Analysis (SCA) and Malicious Package Detection, Veracode Package Firewall aims to reduce supply chain attack risks by identifying and neutralizing malicious code within libraries.

Maki commented, “Veracode Package Firewall represents a fundamental shift in how we think about supply chain security. While others are still alerting malicious packages after they’re in your codebase, we’re blocking them at the gate. This means security teams can finally get ahead of supply chain threats instead of scrambling to respond when legitimate packages get compromised or malicious packages slip through.” The product, built on proprietary threat intelligence, automates real-time risk management to prevent harmful files and programs from entering an organization’s codebase.

Gartner, Inc. research indicates that organizations with a high-quality developer experience are 33 percent more likely to achieve business goals and 31 percent more likely to improve delivery flow. Veracode supports developer productivity through an enhanced platform experience, featuring improved Integrated Developer Environment (IDE) plugins and new Git integrations that embed enterprise-level security directly into workflows.

Maki further explained, “Developer productivity isn’t just a nice-to-have; it directly impacts your ability to ship secure software at market speed. Our IDE integrations deliver enterprise-grade security insights without the context switching that kills developer flow. This is why we’re seeing 35 percent faster remediation times with our IDE plugins and integrations, including Visual Studio, IntelliJ IDEA, and Eclipse, as well as GitHub, GitLab, and Azure DevOps.” Veracode’s recent developer-focused innovations aim to eliminate operational inefficiencies and simplify DevSecOps processes.

Additional innovations include AI-Assisted Login for Dynamic Application Security Testing (DAST), which automates complex authentication flows to reduce script setup time by 50 percent and expand dynamic testing coverage. Container and Infrastructure-as-Code (IaC) Results centralize findings within the Veracode Platform for streamlined vulnerability management. Veracode Fix Usage Analytics provides a dashboard to track usage and Common Weakness Enumerations (CWEs) addressed, offering insights by IDE, project, and source file for optimized remediation.

Veracode’s latest product innovations are currently available to customers. Veracode specializes in Application Risk Management for the AI era, providing a platform trusted by organizations globally for secure software development and deployment. The company offers capabilities across the software development lifecycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing.

Tags :
AI Application Security Common Weakness Enumerations Container Security CWE DAST Developer Productivity DevSecOps DORA Dynamic Application Security Testing European Union Gartner Git IaC IDE Infrastructure-as-Code Package Firewall Penetration Testing Risk Management Risk Manager SCA Software Composition Analysis Software Supply Chain Static Analysis

Latest Posts