Veracode, a global authority in application risk management, has once again been recognized as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST). This achievement marks the company’s 11th consecutive year in the Leader quadrant, underscoring its consistent performance and influence in the industry. Gartner’s report is widely regarded as one of the most comprehensive and impartial assessments of application security providers.
Trusted Partner in Application Security
“Over nearly 20 years, Veracode has built a reputation as a trusted partner for thousands of organizations worldwide,” said Derek Maki, Senior Vice President & Head of Product at Veracode. “From embedding security directly into the software development lifecycle to advancing AI-driven application risk management, we’ve always prioritized innovation. Being recognized as a Leader again reflects our dedication to customer success and the tangible value we deliver to developers, security teams, and business leaders. As AI reshapes software development, we are ensuring that security keeps pace with this transformation.”
Cyber Technology Insights : NTT DATA, Fortanix Partner Globally to Enhance Security in the AI and Post-Quantum Era
Unified Approach to Modern Software Security
The 2025 Gartner Magic Quadrant for AST highlights key trends affecting the application security landscape, such as securing software throughout its lifecycle, managing vulnerabilities in complex supply chains, and addressing the rise of cloud-native applications. Veracode was evaluated for both its Ability to Execute and Completeness of Vision.
Veracode offers a holistic approach to application risk, providing customers with comprehensive insights, context, and continuity. Its AI-powered engine scans code in hundreds of languages to detect and remediate vulnerabilities at their source. The unified Application Security Posture Management (ASPM) solution also delivers root cause analysis, helping teams prioritize threats and build security into software from the outset.
Strengthening the Software Supply Chain
With approximately 70% of critical security risks stemming from third-party code and the software supply chain, organizations face significant pressure to detect, prevent, and respond to threats. Veracode has expanded its capabilities into a full Application Risk Management (ARM) platform through strategic acquisitions. Longbow Security, acquired in 2024, now forms Veracode Risk Manager (VRM), enhancing application security posture management. The acquisition of Phylum in 2025 further strengthened supply chain defenses with real-time malicious package blocking and automated threat intelligence to stop attacks before compromised code enters an environment.
Cyber Technology Insights : Scouting America Launches First-Ever AI and Cybersecurity Merit Badges
“Modern applications are AI-assisted, API-driven, and assembled at record speed,” said Maki. “Our platform addresses this new reality. Through our acquisitions, we’ve moved beyond traditional code scanning to provide real-time risk intelligence across the software supply chain. Organizations can now prevent malicious packages from ever entering their codebase—a significant shift from reactive vulnerability discovery to proactive risk management.”
Comprehensive Cloud-Native Security Capabilities
Veracode’s ARM platform offers a full spectrum of application security services, including Static Analysis Security Testing (SAST), Dynamic Analysis Security Testing (DAST), Software Composition Analysis (SCA), container scanning, Package Firewall, Infrastructure as Code (IaC) scanning, penetration testing as a service, program management support, remediation consulting, and hands-on developer security training.
AI-Powered Security Innovation
Introduced in 2023, Veracode Fix combines AI and human insight to provide automated remediation suggestions for over 70% of detected vulnerabilities across 10 programming languages. This tool enables developers to reduce accumulated security debt rapidly and efficiently.
Looking Ahead
Veracode continues to evolve its platform to support continuous, integrated, and automated application risk management. With a clear vision for the future, the company remains dedicated to advancing technology, expanding resources, and empowering organizations to build secure, resilient, and trustworthy digital environments.
Cyber Technology Insights : Bitsight Launches Brand Intelligence to Help Enterprises Prevent Cyber Threats
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
