OutSystems announced the general availability (GA) of Mentor on OutSystems Developer Cloud (ODC).
Veracode Unveils Continuous Software Security Platform
May 04, 2022
Veracode announced its Continuous Software Security Platform, which seamlessly embeds application security into the software development lifecycle (SDLC).
The platform streamlines workflows by bringing together development and security teams to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process.
According to Veracode’s latest research, there has been a 20x increase in average scan cadence over the past decade, with most applications tested three times per week, as opposed to three times per year a decade ago. The research also showed a 31 percent increase in organizations using multiple scan types over the last three years alone.
Today, leading organizations recognize the need to leverage multiple methods to assess their software and do so across all stages of the development lifecycle. Gartner® predicts that “by 2025, 70% of organizations will consolidate the number of vendors securing the lifecycle of cloud-native applications to a maximum of three vendors.” ¹ This suggests companies are already looking for a comprehensive platform that provides flexible policy management, a holistic assessment of software risk, and integrated remediation guidance, while simplifying the complexity of managing multiple solutions.
With increased pressure to build and deploy software at breakneck speed, development teams require security checks to be seamlessly integrated into the tools where they work so they can find and fix vulnerabilities quickly. Meanwhile, security teams must meet increasingly stringent compliance standards defined by their boards and regulatory bodies. Veracode’s Continuous Software Security Platform is pervasive but not invasive because it provides a frictionless experience for developers by embedding vulnerability analysis with remediation guidance directly into the integrated development environment.
Brian Roche, Chief Product Officer at Veracode, said, “Other vendors in our space have incomplete or disjointed solutions that lack consistent reporting and analysis, leaving customers playing a game of ‘whack a mole’ across different tools. We have continued to evolve our platform to create a seamless and integrated experience for developers, as well as provide security teams with a holistic view of their software security posture from design, through development and deployment. We see this as a win for both development and security teams that will result in the delivery of software that is more secure.”
Veracode Continuous Software Security Platform
The Veracode Continuous Software Security Platform enables users to define and manage security policy, gain a comprehensive view of software security across their application portfolio, and leverage rich analytics to make informed plans, communicate metrics, comply with policy, and meet regulatory requirements. Powered by almost two decades of data, the platform enables organizations to detect, predict, manage, and, ultimately, mitigate their security risk. These intelligent capabilities empower companies to deliver secure code at the speed and scale expected in today’s world.
The new Veracode Continuous Software Security Platform release features several new capabilities including:
- Single-Pane-of-Glass Reporting: Security teams can now access unified reporting directly in the portal for Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Testing. Administrators and developers now have a consolidated view into security risks, as well as flexible policy controls through stronger license management reports to address issues quickly.
- Self-Service Peer Benchmarking: With comprehensive data and anonymized insights across all platform users, customers now have direct access to reports on the portal, which enable them to easily benchmark their DevSecOps program results against others in their industry. Tapping into many years of data and learning, customers can see how their program metrics stack up and establish plans to address their risk.
- Software Bill of Materials (SBOM): Security teams can now generate and export SBOMs on demand with an integrated representational state transfer (REST) API. This returns data for a specific application in CycloneDX SBOM format—a standard designed for use in application security contexts and supply chain component analysis. Additionally, data from the API can be mined and transformed outside of the Veracode Platform.
- Intelligent Remediation: The Continuous Software Security Platform will leverage technology acquired from Jaroona to detect and remediate software vulnerabilities through machine learning. Jaroona, which was recognized by Gartner Research as a “Cool Vendor” in 2021, outperforms traditional approaches by 7x to 10x in terms of accuracy, false negatives, and false positive rates, and reduces the burden on technical resources.
Industry News
January 30, 2025
Kurrent announced availability of public internet access on its managed service, Kurrent Cloud, streamlining the connectivity process and empowering developers with ease of use.
January 29, 2025
MacStadium highlighted its major enterprise partnerships and technical innovations over the past year. This momentum underscores MacStadium’s commitment to innovation, customer success and leadership in the Apple enterprise ecosystem as the company prepares for continued expansion in the coming months.
Traefik Labs Delivers API Gateway and Ingress Controller Integration for Nutanix Kubernetes Platform
January 29, 2025
Traefik Labs announced the integration of its Traefik Proxy with the Nutanix Kubernetes Platform® (NKP) solution.
January 28, 2025
Perforce Software announced the launch of AI Validation, a new capability within its Perfecto continuous testing platform for web and mobile applications.
January 28, 2025
Mirantis announced the launch of Rockoon, an open-source project that simplifies OpenStack management on Kubernetes.
January 28, 2025
Endor Labs announced a new feature, AI Model Discovery, enabling organizations to discover the AI models already in use across their applications, and to set and enforce security policies over which models are permitted.
January 27, 2025
Qt Group is launching Qt AI Assistant, an experimental tool for streamlining cross-platform user interface (UI) development.
January 27, 2025
Sonatype announced its integration with Buy with AWS, a new feature now available through AWS Marketplace.
January 27, 2025
Endor Labs, Aikido Security, Arnica, Amplify, Kodem, Legit, Mobb and Orca Security have launched Opengrep to ensure static code analysis remains truly open, accessible and innovative for everyone:
January 23, 2025
Progress announced the launch of Progress Data Cloud, a managed Data Platform as a Service designed to simplify enterprise data and artificial intelligence (AI) operations in the cloud.
January 23, 2025
Sonar announced the release of its latest Long-Term Active (LTA) version, SonarQube Server 2025 Release 1 (2025.1).
January 23, 2025
Idera announced the launch of Sembi, a multi-brand entity created to unify its premier software quality and security solutions under a single umbrella.
January 22, 2025
Postman announced the Postman AI Agent Builder, a suite empowering developers to quickly design, test, and deploy intelligent agents by combining LLMs, APIs, and workflows into a unified solution.
January 22, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of CubeFS.
