Veracode’s latest innovations help developers enhance cloud-native security

Veracode announced product innovations to enhance the developer experience. The new features integrate security into the software development lifecycle (SDLC) and drive adoption of application security techniques in the environments where developers work.

According to a recent study by analyst firm IDC, 84% of organizations say developer acceptance of security tooling is the “most important requirement” or a “very important requirement” for DevSecOps adoption. Veracode’s latest innovations redefine the approach to securing cloud-native applications throughout the SDLC, reinforcing the company’s commitment to providing a unified platform for comprehensive security risk management.

Brian Roche, CPO at Veracode said, “Developers face immense pressure to rapidly deliver innovations, often resorting to mechanisms such as LLMs and open source to expedite the process. Unfortunately, this approach can result in insecure code consumption and solutions that exacerbate security risks rather than mitigate them. The situation is compounded by existing security tools that add complexity rather than simplifying the process for developers.

Veracode addresses this challenge by providing a unified platform that not only monitors and mitigates risk but also streamlines developer workflows across repositories, IDEs, and the cloud. By delivering developer-friendly security tools, we empower organizations to deliver secure software faster, eliminating the need to compromise between security and speed.”

The next frontier: DAST Essentials

In a world where web applications account for 60% of breaches and API attacks skyrocketed by 137% in 2022, ensuring cloud-native applications are sufficiently protected and continuously monitored is paramount. Dynamic scanning analyzes live runtime systems using real-world attack methods in a safe environment and can be performed in a pre-production environment—within the SDLC.

Traditional point solutions fall short and often don’t offer the scalability and flexibility required by growing organizations. In contrast, Veracode’s DAST Essentials is an agile solution that empowers developers and security teams to address risk easily at speed and scale.

“As organizations continue to grapple with the challenge of securing an ever-expanding attack surface, the need for comprehensive solutions is undeniable. Balancing speed of development with robust security is a daunting task, hindered by the time-consuming nature of regular dynamic scans and the disconnect between development and security teams,” said Katie Norton, senior research analyst, DevOps and DevSecOps, at IDC.

“Solutions, like Veracode DAST Essentials, that are integrated and reduce friction for developers can help to accelerate secure software development, unify remediation efforts, and empower organizations to strengthen their defenses in the evolving cybersecurity landscape,” added Norton.

With one of lowest customer-reported false-positive rates (below five percent), Veracode DAST Essentials scans and tests multiple web applications and APIs (Application Programming Interfaces) simultaneously. Veracode’s State of Software Security research found 80% of web applications have critical vulnerabilities that can only be identified through dynamic scanning. This emphasizes the critical role DAST (Dynamic Application Security Testing) plays in a robust application security program, ensuring organizations can address exploitable vulnerabilities in cloud-native software accurately and swiftly.

Supply chain solutions specialist, Manhattan Associates, chose to partner with Veracode on its dynamic analysis and cloud-native security program. Rob Thomas, EVP, Research & Development and Cloud Operations at Manhattan Associates, said, “Veracode’s tenure in the industry and the fact that they are cloud-based means they can continually deliver new innovation. Having a cloud-native partner like Veracode enables us to scan our software continuously so we have real-time confidence that our solution is as safe as possible.”

Enhancing developer workflows: Veracode GitHub App

Veracode understands the challenges developers face in adopting cloud-native security measures without disrupting their workflows. The Veracode GitHub App facilitates developer adoption, allowing application security teams to configure once and seamlessly onboard developers.

This integration enables developers to fix code quickly in the environments where they work with a single tool for static, software composition analysis (SCA), and container security scanning. The result is a faster, frictionless development process that doesn’t compromise security.

Enhanced repo scanning

Scanning cloud-native applications for the first time is often a manual, complex and frustrating process. The Veracode GitHub App simplifies this by providing developers with frustration-free scan results in their preferred environment. DevOps teams can easily onboard repositories without manual setup, maintaining development velocity and streamlining scan processes.

With the ability to standardize scan configurations across hundreds of repositories using a single click, DevOps teams can reduce friction and integrate cloud-native security much earlier in the development cycle.

Roche closed, “Ensuring the security of cloud-native applications has never been more crucial. Developers are assembling code just as much as they’re writing it, meaning even the most meticulously built applications are susceptible to threat. To protect the software supply chain, modern application development demands a paradigm shift in security practices. As distributed cloud app development methods take hold, these latest product innovations demonstrate Veracode is embracing the dynamic nature of the cloud-native landscape to lead the charge in securing our digital future.”