Veracode Elevates Developer-Powered Application Risk Management with Latest Innovations: Enhanced Repo Risk Visibility & Analysis and Veracode Fix in the IDE
May 01 2024 - 8:50AM
Business Wire
- Longbow Security, Powered by Veracode, Empowers DevSecOps with
Launch of Code-to-Cloud Repo Risk Visibility and Analysis
- Veracode Fix in the IDE and Batch Fix Accelerate Secure
Development While Helping Organizations Reduce Application Risk at
Scale
Veracode, a global leader in application risk management, today
announced platform innovations that set a new standard for
developer-powered application security. New repo risk visibility
and analysis from Longbow Security, powered by Veracode, speeds up
remediation of application risk from code repositories to runtime
images. The solution launches alongside Veracode Fix in the
Integrated Development Environment (IDE) and Batch Fix to bridge
the gap between development and security teams. These latest
innovations help developers focus on the most critical tasks that
drive value and differentiation.
“Developers today face significant competing pressures to
innovate faster and perform more security checks on their code than
ever before,” said Tim Jarrett, Group Head of Product Management at
Veracode. “We are committed to a frictionless experience for
developers and security operators and our latest product
enhancements make the job of securing code simple and
seamless.”
Bringing Developer & Security Teams Together: Repo Risk
Visibility & Analysis
In April, Veracode acquired Longbow Security to help
organizations effectively manage and reduce application risk across
the growing attack surface. The integration of Longbow’s newest
capability, repo risk visibility and analysis, bridges the gap
between development and security teams with enhanced visibility
from code repositories to cloud assets and runtime images. It also
illuminates infrastructure-as-code and misconfiguration risk for
cloud assets originating from repositories.
“Customers challenged us to apply our unique cloud risk and
prioritization expertise from Longbow to problems they face
managing upstream risk in their code repositories,” said Derek
Maki, Vice President of Product Management at Veracode. “We
responded with a solution that gives visibility into the
relationship between source code weaknesses and runtime security
posture. Simultaneously, development teams get a consolidated view
of risk and huge time savings when it comes to prioritizing
remediation, reducing code changes, and fixing issues fast.”
This new feature complements Veracode’s latest innovation for
GitHub repo scanning, which enables developers to streamline
activities like staging servers and environments so they don’t need
to scan every time. This makes it easier for development and
security teams to collaborate on secure coding and scanning as
Veracode results are delivered to GitHub where developers can act
immediately.
Security Debt Reduction: Veracode Fix in the IDE & Batch
Fix
Research shows 92 percent of U.S.-based developers are already
using artificial intelligence (AI) coding tools both in and outside
of work, with generative AI helping software engineers write code
35-45 percent faster. At the same time, other research suggests
code developed by AI contains the same percentage of security flaws
as that generated by humans.
Veracode was the first company to deliver a solution that
provides developers with AI-generated secure code fixes. Since
launching Veracode Fix at RSA Conference last year, hundreds of
customers have used the solution to reduce their backlog of
security debt and risk. Ninety-two percent of CWEs (Common Weakness
Enumeration) with a severity rating from medium to very high can be
addressed through AI-generated code edits from Veracode Fix.
With the introduction of Veracode Fix in the IDE, developers can
now fix flaws faster with AI-suggested remediation right in the
IDE, without switching applications or researching alternative code
options. Fixes can be made before code is pushed through the
software development lifecycle, dramatically cutting the time and
cost spent fixing flaws compared to retroactive remediation.
Batch Fix enables bulk AI-assisted remediation of flaws in
source code across multiple flaws and files in one operation. This
makes remediation of flaws an order of magnitude faster, aiding the
reduction of security debt at scale. For example, developers can
use it to fix a CWE that requires an easy-to-test resolution and
run it across multiple source files at once.
Jarrett closed, “With these latest innovations, Veracode meets
developers where they are—in the tools they use daily—to help them
secure the code they create today, without compromising
productivity. This vastly improves efficiency and velocity,
fostering a culture of collaboration and trust between development
and security teams.”
Repo Risk Visibility & Analysis, Veracode Fix in the IDE,
and Batch Fix are available immediately. For more information,
please visit the Veracode blog.
Visitors to RSA Conference can learn more about Veracode’s
platform and these new features by visiting Veracode’s booth #2045
in the main hall.
About Veracode
Veracode is a global leader in Application Risk Management for
the AI era. Powered by trillions of lines of code scans and a
proprietary AI-assisted remediation engine, the Veracode platform
is trusted by organizations worldwide to build and maintain secure
software from code creation to cloud deployment. Thousands of the
world’s leading development and security teams use Veracode every
second of every day to get accurate, actionable visibility of
exploitable risk, achieve real-time vulnerability remediation, and
reduce their security debt at scale. Veracode is a
multi-award-winning company offering capabilities to secure the
entire software development life cycle, including Veracode Fix,
Static Analysis, Dynamic Analysis, Software Composition Analysis,
Container Security, Application Security Posture Management, and
Penetration Testing.
Learn more at www.veracode.com, on the Veracode blog, and on
LinkedIn and Twitter.
Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is
a registered trademark of Veracode, Inc. in the United States and
may be registered in certain other jurisdictions. All other product
names, brands or logos belong to their respective holders. All
other trademarks cited herein are property of their respective
owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240501107223/en/
For more information: Katy Gwilliam kgwilliam@veracode.com