When considering new language support, we think about our customers’ existing technology stacks and the new and emerging languages that will enable them to securely bring innovations to market faster. With this in mind, we recently added support for Apex, Go, and PLSQL:
Support for each one of these languages is only released after extensive testing to help you meet your business goals while ensuring the necessary depth of coverage to protect your organization. (Get our full list of supported languages here.) Our approach to language coverage helps you:
Veracode Static Analysis removes the need for application security managers to manually review flaws or create custom rules for each unique application to suppress findings for accuracy. Furthermore, trusted results and prescriptive remediation advice enable developers to quickly remediate flaws. Each Veracode language coverage is continually refined for accuracy based on feedback from millions of scans, resulting in a less than 1.1 percent false positive rate for Veracode customers from their first scan. Across our customers, this represents tangible cost savings, with an 80 percent reduction in security team effort and a developer time savings of more than 2 hours when remediating flaws found.
Veracode scans are constantly getting faster as we continuously work to reduce scan times to meet DevOps release cycles. To put this into numbers: Veracode Static Analysis scans are three times faster this year. In 2018, more than 250,000 apps scanned in less than 5 minutes, and more than 50 percent of all scans finished in less than 15 minutes.
Our SaaS-based approach covers all your applications – even large, complex and difficult-to-scan apps – from day one with no burden on your infrastructure. In addition, you can assess an unlimited amount of applications concurrently. No matter the size or geographic distribution of your organization, concurrent scanning means you don’t have to wait for a scan to complete before starting the next one.
Thanks to the Veracode Platform, you can see your static analysis results alongside all your AppSec tests – dynamic, SCA, pen testing – in one central location. This single view of test results provides total visibility into each application’s risk and makes it easy to coordinate remediation between multiple teams and track your progress.
Keep your code secure across the software lifecycle, without slowing development cycles. Get more details on Veracode Static Analysis.