New Preventive Controls and Developer Integrations Powered 2025 Innovation
BURLINGTON, Mass.--(BUSINESS WIRE)--#AppSec--Veracode, the global leader in application risk management, today announced significant platform innovations introduced through the second half of 2025. Headlining the release is Package Firewall, an industry-leading preventive control for software supply chains, advancing the company’s mission to help organizations run secure software from code to cloud. With supply chain-related third-party breaches doubling year over year— from 15 to 30 percent according to the Verizon 2025 Data Breach Investigations Report— the need to strengthen security across the software ecosystem has never been greater.
“The growing attack surface has created an unprecedented level of complexity for security and development teams,” said Tim Jarrett, Vice President of Product at Veracode. “The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach.”
Package Firewall Enhancement: Preventing Supply Chain Attacks at the Source
Package Firewall, originally launched in June 2025, provides organizations with preventive control over their software supply chains by blocking malicious and risky packages before they enter the development environment. While traditional Software Composition Analysis (SCA) tools identify vulnerabilities in packages that are already in use, Veracode Package Firewall stops threats at the point of ingestion.
The solution now integrates with Azure Artifacts and deploys in seconds with integrations into package managers and repositories, like NPM, PyPI, Maven, Nexus, and Artifactory. It also supports custom policies that enable organizations to enforce security standards while maintaining developer productivity. Organizations can configure policies based on package risk profiles, vulnerability thresholds, and specific security requirements.
Expanded Platform Capabilities and Developer Experience
Veracode continued to expand and enhance its platform capabilities and developer experience throughout the year, with each release improving detection accuracy. Dynamic Application Security Testing (DAST) Essentials gained manual application linking, enabling policy evaluation and consolidated reporting. Software Composition Analysis (SCA) was upgraded with intelligent policies that only fail builds when fixes are available for vulnerable components, reducing developer friction. Static Analysis support was added for cutting-edge frameworks, including .NET Semantic Kernel, Python frameworks like AWS Glue and FastAPI, Java JDK 25 (LTS), and Node.js 22.x.
The platform also saw significant updates to developer integrations for Visual Studio, JetBrains, Azure DevOps, and GitHub, alongside expansions to Veracode Security Labs, with training modules in container security content and the latest OWASP Top 10.
Enterprise-Grade Authentication for Developer Tools
The most recent platform update saw Veracode introduce the advanced enterprise-grade security required by modern organizations. The company added more thorough platform integration and deeper role-based access control to Veracode Risk Manager (VRM), and OAuth-based single sign-on (SSO) authentication across its entire Integrated Development Environment (IDE) plugin portfolio, including Visual Studio Code, Visual Studio, Eclipse, and JetBrains platforms. The integration eliminates Application Programming Interface (API) key management and delivers secure, enterprise-grade authentication with centralized access control.
Jarrett closed, “Our mission is to empower organizations to enhance their security posture, bridge critical skills gaps, and accelerate remediation—all within a unified, integrated platform. By listening closely to our customers, we continuously evolved Veracode’s platform in 2025 to meet their needs, enabling them to drive faster, more secure DevSecOps practices.”
To learn more about Veracode’s products and platform enhancements, visit the website.
About Veracode
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, Package Firewall, and Penetration Testing.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.
Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands, or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
Contacts
Press and Media Contacts
Katy Gwilliam
Head of Global Communications, Veracode
kgwilliam@veracode.com
