Certifications and Security at Every Level

Veracode delivers an application security service that is end to end, built for scale, and works to systematically reduce application security risks. But Veracode recognizes that customers need assurance that its services are delivered securely and assurance that customer binaries and analysis results remain confidential.

This page outlines the certifications Veracode has received that attest to our efforts to secure our customers information.

Download the Report


Veracode has received a SOC 3 attestation report evidencing that appropriate internal controls are in place relating to the security, availability, and confidentially of customer information within our environment.

The SOC 3 report represents that Veracode, as a service organization, has been through an independent examination and evaluation of our control activities as they relate to applicable Trust Services Principles and Criteria (2017) defined by the AICPA.

Veracode’s SOC 3 Report includes Veracode’s system description and provides an assurance that controls implemented by Veracode were suitably designed to meet or exceed the prescribed criteria for applicable trust principles of:

  • Security: The system is protected against unauthorized access (both physical and logical);

  • Availability: The system is available for operation and use as committed or agreed; and

  • Confidentiality: Information designated as confidential is protected as committed or agreed.

The SOC 2 is for limited distribution and shared under non-disclosure agreement (NDA). Please direct all requests through your Veracode Account Executive, Account Manager, or Customer Service Representative.

Data Privacy Framework

Veracode has certified that it adheres to the Data Privacy Framework Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Data Privacy Framework program, please visit Data Privacy Framework. To view Veracode’s current self-certification, please visit Data Privacy Framework.