"Veracode Platform Enhancements Improve Developers’ Ability to Secure Software Supply Chains"
Recently at Black Hat USA 2022, Veracode announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. Some of the new features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work. Chief Product Officer at Veracode Brian Roche stated that applications are mostly assembled, not written from scratch, and noted that open-source code makes up a significant proportion of audited codebases, increasing security risk and the need to identify supply chain risk. Roche stated that the SBOM API is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Roche stated that since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.