Veracode Named a Leader in GigaOm Radar Report for Software Supply Chain Security

BURLINGTON, Mass. – January 10, 2026 – Veracode, the global leader in application risk management, has been named a Leader in the GigaOm Radar Report for Software Supply Chain Security (SSCS). The recognition positions Veracode in the Maturity/Platform Play quadrant, underscoring the company’s comprehensive approach to securing software supply chains throughout the development lifecycle.

As software supply chains grow increasingly complex, organizations face mounting pressure to secure open-source components, third-party dependencies, and software bills of materials (SBOMs) without compromising development velocity. The GigaOm Radar Report provides an unbiased analysis of leading vendors, evaluating them on technical capabilities, innovation, and platform maturity.

“Being named a Leader in the GigaOm Radar Report validates our commitment to helping organizations eliminate blind spots in their software supply chains,” said Karen Buffo, Chief Marketing Officer at Veracode. “A single compromised dependency can expose an entire application portfolio. Enterprises need a unified platform that delivers complete visibility into their risk landscape and enables teams to remediate vulnerabilities before they become breaches. This recognition reflects our focus on transforming supply chain security from a critical gap into a strategic advantage.”

Fig.1: GigaOm Radar for Software Supply Chain Security

GigaOm recognized Veracode as both a Leader and Fast Mover, highlighting the platform’s maturity and comprehensive capabilities for addressing security risks throughout the software development lifecycle.

Key Capabilities Recognized in the Report:

• Comprehensive Security Testing: Veracode’s platform includes a full range of automated security testing tools—Static Analysis Security Testing (SAST), Dynamic Analysis Security Testing (DAST), and Software Composition Analysis (SCA)—providing developers and security teams with broad testing capabilities that enable early vulnerability detection and remediation.
• Proactive Supply Chain Protection: Veracode Package Firewall blocks insecure or vulnerable packages before they enter development pipelines, while Software Supply Chain Intelligence delivers real-time, actionable insights from proprietary threat feeds to detect emerging and stealthy attacks.
• AI-Powered Remediation: Veracode Fix offers AI-generated code fixes based on curated data and expert solutions, accelerating vulnerability resolution while reducing technical debt.
• Code Risk Scoring and Analysis: The platform includes cross-risk analytics, vulnerability and legal risk results, peer benchmarking, and auditable mitigation workflows, enabling organizations to prioritize issues with the largest impact.

“Supply chain vulnerabilities represent one of the most significant attack vectors facing enterprises today,” added Tim Jarrett, Vice President of Product at Veracode. “Attackers are increasingly exploiting dependencies and open-source components to compromise critical systems. Our leadership position in the GigaOm Radar Report demonstrates that we’re delivering the comprehensive visibility and rapid remediation capabilities organizations need to proactively defend their software ecosystems and protect their business.”

To learn more about Veracode’s platform evaluation, download a complimentary copy of the full GigaOm Radar for Software Supply Chain Security on Veracode’s website. To understand more about AI-powered application risk management, please visit the products page.