Certifications and Security at Every Level
Veracode delivers a comprehensive, end-to-end application security service designed for scale and built to systematically reduce application security risks. We understand that customers require assurance that our services are delivered securely—and that their binaries and analysis results remain confidential.
This page outlines the certifications Veracode has achieved, demonstrating our commitment to securing customer information.
SOC 3
Veracode has received a SOC 2 Type II attestation report, verifying that we have implemented effective controls to protect the security, availability, and confidentiality of customer data in accordance with the AICPA’s Trust Services Criteria.
The SOC 2 report provides a detailed, independent assessment of Veracode’s internal control environment and evaluates the design and operational effectiveness of those controls over a specified period.
Veracode’s SOC 2 report includes:
- A thorough description of our systems and services.
- Evidence that our controls are appropriately designed and operating effectively to meet the following trust principles:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
Note: The SOC 2 report is confidential and available on the Veracode Trust Center. To request access, please go to the Veracode Trust Center, and click on “Get Access”.equests through your Veracode Account Executive, Account Manager, or Customer Service Representative.

FedRAMP
On March 5, 2022, Veracode received a FedRAMP Moderate Authority to Operate (ATO) from the U.S. Securities and Exchange Commission (SEC), affirming that Veracode’s cloud-based application security platform meets the stringent security and risk management requirements of the Federal Risk and Authorization Management Program (FedRAMP).
This designation demonstrates Veracode’s continued commitment to providing secure, trusted solutions for U.S. federal agencies and contractors. The FedRAMP Moderate baseline requires compliance with over 300 security controls aligned with NIST SP 800-53 Rev. 5, including controls for access control, system integrity, incident response, audit logging, encryption, and more.
With this ATO, Veracode is listed in the FedRAMP Marketplace, enabling federal agencies to adopt Veracode’s services with confidence that the platform has been independently assessed and authorized by a sponsoring federal agency.
Key benefits of Veracode’s FedRAMP ATO include:
- Verified compliance with federal cybersecurity standards
- Secure cloud-based application security capabilities for the public sector
- Increased transparency and assurance for both government and commercial customers
For more information, or to request documentation related to our FedRAMP authorization, please visit our listing on the FedRAMP Marketplace.ease direct all requests through your Veracode Account Executive, Account Manager, or Customer Service Representative.

Data Privacy Framework
Veracode has self-certified its compliance with the Data Privacy Framework (DPF) Principles, which include notice, choice, onward transfer, security, data integrity, access, and enforcement.
To learn more about the Data Privacy Framework program, please visit the Data Privacy Framework website.
To view Veracode’s profile, click here.