Veracode Named a Leader in the 2025 Q3 Forrester Wave™: Static Application Security Testing Solutions

Burlington, Mass. — September 22, 2025 – Veracode, the global leader in application risk management, today announced its recognition as a Leader in The Forrester Wave™: Static Application Security Testing (SAST) Solutions, Q3 2025.

The report evaluates 10 top vendors against 23 criteria, providing security and development leaders with critical insights to select the optimal SAST partner for securing modern applications. Veracode believes its position as a Leader reflects its relentless focus on innovation, customer success, and a secure, developer-first future.

Forrester’s evaluation covers vendors’ strengths across both current offerings and strategy with Veracode achieving the highest possible score of 5.0 in nine criteria—and in the remediation guidance criterion it was the sole vendor to earn a 5/5 rating. The Forrester Wave™ states, “Veracode is best suited to enterprises with large and geographically diverse development teams that want to expand their application security program.”

Key Insights from the Forrester Report and Veracode:

• Excellent Detection Capabilities: The Forrester report notes, “Veracode’s SAST stands out with excellent detection capabilities and Veracode Fix, available in the IDE and on PRs.”
  Veracode’s SAST delivers accuracy and comprehensive coverage, identifying flaws with exceptional precision and speed, even in complex codebases, while minimizing false positives. Veracode Fix provides AI-powered remediation suggestions directly in the Integrated Development Environment (IDE) and on pull requests, helping developers address issues quickly without disrupting their workflow.
• Strategy and Vision:  The Forrester Wave™ states, “Veracode’s acquisition of Longbow is central to its vision of becoming an application risk management platform in which SAST is a configurable service tailored to the SDLC use case. Its roadmap backs this vision with features like an AI assistant for developers, AI detection and triage, and application security testing (AST) correlation for prioritization.”
  Veracode’s roadmap includes expanding Fix for Software Composition Analysis (SCA), and static analysis for emerging technologies like AI apps, smart contracts, and APIs. Veracode’s recent acquisition of Phylum (secure software supply chain) strengthens this vision, allowing the company to provide a holistic view of security risk across the entire software portfolio.
• Differentiated Reporting and Analytics: According to the Forrester report, “Veracode’s reporting and analytics are differentiated with native and customizable dashboards, the ability to interact with the data behind the graphs, and industry benchmark comparisons.”
  These capabilities give Veracode customers the visibility to track progress, measure the effectiveness of their AppSec program, benchmark against industry peers, and reduce security debt.
• Customer-Focused Support: Forrester notes, “Customers appreciate that once developers are trained on the platform, they can schedule time with the Veracode application security consultants to get help with remediation.”
  Veracode’s on-demand model ensures developers receive practical, hands-on guidance to fix flaws efficiently and effectively, maximizing both security outcomes and developer productivity.

To access a complimentary copy of The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025 report, please visit the Veracode website.

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here.