Veracode Introduces Platform Improvements as Software Supply Chain Attacks Increase

Veracode, the global leader in application risk management, announced significant platform innovations launching in the second half of 2025. The headline innovation is Package Firewall, an industry-leading preventative control for software supply chains, furthering the company’s mission to help organizations run secure software from code to cloud. With third-party data breaches in supply chains doubling year-over-year—from 15 percent to 30 percent according to Verizon’s 2025 Data Breach Investigations Report —the need to strengthen security across the software ecosystem has never been greater.

“The expanding attack surface has created unprecedented complexity for security and development teams,” said Tim Jarrett, Vice President of Product at Veracode. “The latest enhancements to our platform enable organizations to prevent third-party threats from ever penetrating their software code, giving them a proactive approach.”

Cyber Technology Insights: Veracode Secures Leader Position in Gartner Magic Quadrant

Package Firewall Enhancement: Preventing Supply Chain Attacks at the Source

Package Firewall , originally launched in June 2025, provides organizations with preemptive control over their software supply chains by blocking malicious and risky packages before they reach the development environment. Traditional Software Composition Analysis (SCA) tools identify vulnerabilities in packages already in use, but Veracode Package Firewall stops threats at the point of ingestion.

The solution now integrates with Azure Artifacts and can be deployed in seconds using integrations with package managers and repositories such as NPM, PyPI, Maven, Nexus, and Artifactory . It also supports custom policies that allow organizations to enforce security standards while maintaining developer productivity. Organizations can configure policies based on package risk profiles, vulnerability thresholds, and specific security requirements.

Cyber Technology Insights: Continuous Protection for the Cloud Era: Veracode Spotlights Latest Innovations

Extensive platform capabilities and developer experience

Throughout the year, Veracode continued to expand and improve its platform capabilities and developer experience, with each release increasing detection accuracy. Dynamic Application Security Testing (DAST) Essentials gained the ability to manually link applications, enabling policy evaluation and consolidated reporting. Software Composition Analysis (SCA) was upgraded with intelligent policies that only fail builds when fixes for vulnerable components are available, reducing friction for developers. Static analysis support was added for advanced frameworks, including the .NET Semantic Kernel, Python frameworks such as AWS Glue and FastAPI, Java JDK 25 (LTS), and Node.js 22.x.

The platform has also seen significant updates to developer integrations with Visual Studio, JetBrains, Azure DevOps, and GitHub, along with enhancements to Veracode Security Labs , which include training modules on container security and the latest OWASP Top 10 .

Enterprise-class authentication for developer tools

The latest platform update introduced the advanced, enterprise-grade security modern organizations require. The company added deeper platform integration and deeper role-based access controls to Veracode Risk Manager (VRM) , as well as OAuth-based single sign-on (SSO) authentication across its entire portfolio of Integrated Development Environment (IDE) plugins, including Visual Studio Code, Visual Studio, Eclipse, and JetBrains platforms. This integration eliminates API key management and provides secure, enterprise-grade authentication with centralized access control.

Jarrett concluded, “Our mission is to empower organizations to improve their security posture, close critical knowledge gaps, and accelerate remediation processes—all within a unified, integrated platform. By listening closely to our customers, we’ve continuously evolved the Veracode platform through 2025 to meet their needs, enabling them to implement faster and more secure DevSecOps practices.”

Cyber Technology Insights: Veracode Delivers End-to-End Risk Coverage with New Tools: AI-Powered Analysis Security Testing

Source: businesswire

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com

Tags: Application security, DevOps, identify vulnerabilities, link applications, security, Veracode

Veracode Introduces Platform Improvements as Software Supply Chain Attacks Increase

Package Firewall Enhancement: Preventing Supply Chain Attacks at the Source

Extensive platform capabilities and developer experience

Enterprise-class authentication for developer tools

CyberTech Media Room

Share With

Recent Posts

CyberTech Lead Generation: How Security Brands Reach High-Intent Decision-Makers

Veracode Introduces Platform Improvements as Software Supply Chain Attacks Increase

Andersen Consulting Expands Cybersecurity Capabilities Through RedLegg Collaboration

Aker Security Enhances GSOC Operations with Cyviz’s Unified Control Room Platform

Black Kite Introduces ThreatTrace to Detect New IOCs Using Internet Traffic

Guardz Builds Momentum in 2026 with 300% Growth and Platform Innovation

Contact Us

Quick Links

Insights

Get in touch

Follow Us

Our Other Brands