Veracode Enhancements: Revolutionizing Developer-Driven Application Security

Veracode, a prominent name in application risk management, has introduced groundbreaking platform enhancements that revolutionize developer-driven application security. These updates feature repo risk visibility and analysis from Longbow Security, designed to expedite the resolution of application risks from code repositories to runtime images. This launch is complemented by Veracode Fix in the Integrated Development Environment (IDE) and Batch Fix, which aim to bridge the gap between development and security teams. These innovations empower developers to focus on the most critical tasks that drive value and differentiation.

Tim Jarrett, Group Head of Product Management at Veracode, remarked, "Developers today are under immense pressure to innovate rapidly while conducting more security checks on their code than ever before. We are dedicated to providing a seamless experience for developers and security operators, and our latest product enhancements simplify and streamline the process of securing code."

Enhancing Collaboration: Repo Risk Visibility & Analysis

Veracode's acquisition of Longbow Security in April has enabled organizations to manage and mitigate application risk across an expanding attack surface. The integration of Longbow’s repo risk visibility and analysis capability bridges the gap between development and security teams by enhancing visibility from code repositories to cloud assets and runtime images. It also identifies infrastructure-as-code and misconfiguration risks for cloud assets originating from repositories.

Derek Maki, Vice President of Product Management at Veracode, stated, "Our customers challenged us to apply our unique cloud risk and prioritization expertise from Longbow to address the challenges they face in managing upstream risk in their code repositories. We responded with a solution that provides visibility into the relationship between source code weaknesses and runtime security posture. This allows development teams to have a consolidated view of risk, saving significant time in prioritizing remediation, reducing code changes, and quickly addressing issues."

This new feature complements Veracode’s latest innovation for GitHub repo scanning, enabling developers to streamline activities like staging servers and environments without needing to scan every time. This facilitates collaboration on secure coding and scanning as Veracode results are delivered to GitHub, allowing developers to take immediate action.

Reducing Security Debt: Veracode Fix in the IDE & Batch Fix

Research shows that 92 percent of U.S.-based developers are utilizing artificial intelligence (AI) coding tools, with generative AI helping software engineers write code 35-45 percent faster. However, code developed by AI contains a similar percentage of security flaws as human-generated code.

Veracode was the first to offer a solution that provides developers with AI-generated secure code fixes. Since the launch of Veracode Fix at the RSA Conference last year, hundreds of customers have used the solution to reduce their backlog of security debt and risk. Ninety-two percent of CWEs (Common Weakness Enumeration) with a severity rating from medium to very high can be addressed through AI-generated code edits from Veracode Fix.

With Veracode Fix in the IDE, developers can now fix flaws faster with AI-suggested remediation directly in the IDE, without switching applications or researching alternative code options. Fixes can be applied before code is pushed through the software development lifecycle, significantly reducing the time and cost associated with fixing flaws compared to retroactive remediation.

Batch Fix allows for bulk AI-assisted remediation of flaws in source code across multiple flaws and files in one operation, making flaw remediation significantly faster and aiding in reducing security debt at scale. For example, developers can use it to fix a CWE that requires an easy-to-test resolution and run it across multiple source files simultaneously.

Jarrett concluded, "With these latest innovations, Veracode meets developers where they are—in the tools they use daily—to help them secure the code they create today, without compromising productivity. This vastly improves efficiency and velocity, fostering a culture of collaboration and trust between development and security teams."

Repo Risk Visibility & Analysis, Veracode Fix in the IDE, and Batch Fix are available immediately. For more information, please visit the Veracode blog.

Visitors to RSA Conference can learn more about Veracode’s platform and these new features by visiting Veracode’s booth in the main hall.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands, or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.