Veracode Advances Application Risk Management with Innovations for Comprehensive Risk Visibility and Software Supply Chain Security

(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled new capabilities offering proactive risk mitigation and automated security at enterprise scale. With software supply chain attacks and open-source vulnerabilities at an all-time high, enhanced Veracode Risk Manager (VRM) and an early access program for Veracode Package Firewall come at a critical juncture. The innovations represent a significant milestone in Veracode’s vision to deliver centralized risk visibility and secure development from the start.

“Security teams face immense pressure to combat evolving threats, while developers require the flexibility to innovate quickly,” said Derek Maki, Head of Product at Veracode. “Our latest Application Risk Management platform enhancements provide organizations with the tools to not just identify risks, but to trace them to their root cause and prevent them before they compromise the software supply chain—all without slowing down development.”

Veracode’s newest offerings address increasing risk from open-source vulnerabilities and untrusted sources, reinforcing its leadership in application security innovation. The offerings combine automation with detailed remediation guidance to enable frictionless workflows throughout the software development lifecycle.

Fortified Software Supply Chain Security with Veracode Package Firewall

With over 97 percent of applications leveraging open-source components, malicious or noncompliant packages expose organizations to serious security risk. Veracode Package Firewall, built on technology acquired from Phylum Inc., blocks unsafe dependencies before they enter an organization’s environment. The tool employs the Open Policy Agent (OPA), a universal standard for policy automation that enables automated enforcement to expedite governance, effectively preventing software supply chain risks at the earliest entry point. Veracode Package Firewall delivers:

• Proactive Risk Mitigation: Strengthened security posture, reduced attack surface, and lower operational costs through automation and early threat mitigation.
• Streamlined Security and Compliance: Faster time to market, simplified compliance reporting, and enhanced collaboration across security and development teams.
• Secure Developer Productivity: Improved efficiency and innovation, freeing up developers’ time to focus on building software.

Veracode Package Firewall is currently available to a subset of customers under early access and will be generally available in June 2025.

Intelligent and Contextualised Prioritization with Veracode Risk Manager

Security teams are overwhelmed with the volume of risk alerts, making it challenging to identify which vulnerabilities are the most critical. Veracode’s latest enhancements to VRM further strengthen its Application Security Posture Management (ASPM) capabilities, providing unified risk visibility, contextual prioritization, and automated threat management. Key new features include:

• Runtime Container Risk Context: Seamless integration with Kubernetes environments to enrich vulnerability findings with crucial runtime intelligence. This allows customers to prioritize remediation efforts by identifying which vulnerabilities exist in packages that are loaded and exposed in running containers, focusing on the most tangible risks to the business and providing continuous visibility into the application’s runtime posture.
• Advanced Labeling Capabilities: Precise control over security findings with highly customizable tags and classifications. This granular labeling directly streamlines remediation by enabling targeted filtering and the creation of role-specific risk views tailored to use cases that matter most to the business.
• Repository Tools: More seamless integration with repository tools to pinpoint the exact origin of vulnerabilities, identifying the root cause of risk. This direct line of sight accelerates root cause analysis and enables teams to address security flaws with greater speed and precision.

Veracode Risk Manager automates issue investigation and prioritization while facilitating real-time monitoring—crucial for evaluating and improving security posture across multi-cloud environments. These latest enhancements enable organizations to address risk more effectively, with improved precision, triaging, and control over findings from multiple environments. Runtime Container Risk Context and Repository Tools are available now, and Advanced Labeling Capabilities will be coming soon.

See the Innovations Live at RSAC 2025

Veracode’s experts will be on site at RSAC Conference in San Francisco (April 28 - May 1, 2025) to showcase the company’s latest products. Visit booth #1243 for interactive demos and expert discussions on how to stay ahead of emerging threats and stop software supply chain attacks before they happen.

Learn more about Veracode’s products on the website.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform offers adaptive software security and is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.

Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250422270202/en/