/sep 12, 2023

KuppingerCole Names Veracode an Overall Leader for Software Supply Chain Security

API Security, Visibility & Reporting, and SBOM Highlighted as Strengths in SSCS Leadership Compass 2023
Inaugural Evaluation is for Organizations Concerned with Supply Chain Risk and Securing Their Goods and Services     

Burlington, Mass – September 12, 2023 - Veracode, a leading provider of intelligent software security solutions, today announced it has been named an Overall Leader in the inaugural Software Supply Chain Security (SSCS) Leadership Compass 2023 by KuppingerCole Analysts AG. The report assesses vendors based on innovativeness, market position, financial position, and tech ecosystem.

KuppingerCole SSCS Leadership Compass

Figure 1: The Overall Leadership rating for the SSCS market segment

Veracode is also positioned as a Product Leader for functional strength and completeness of service, and an Innovation Leader for its customer-oriented upgrade approach in delivering cutting-edge features.

Richard Hill, Director of IAM Research and Lead Analyst at KuppingerCole, who authored the report, said, “Veracode’s customer base comprises SMB to enterprise-level organizations located primarily in North America, with good growth in the EMEA, APAC, and Latin America. It also supports a good partner ecosystem commensurate to those customer regions. Veracode is a leader in all KuppingerCole Leadership Compass categories and provides depth in source, API security, and vulnerability detection SSCS capabilities while providing visibility of key SSCS indicators. Veracode should be considered when evaluating SSCS solutions.”

Making Software Supply Chain Security a Top Priority

The software supply chain has hit headlines several times in recent years, most notably with the attack on SolarWinds in late 2020. These types of attacks led the U.S. government to issue an Executive Order on Improving the Nation’s Cybersecurity in May 2021, which called for the modernization of software security practices, such as mandating a Software Bill of Materials (SBOM) for products.

The Leadership Compass is the industry's most detailed and in-depth analysis of the emerging end-to-end software supply chain security market. It assesses a vendor’s ability to secure the entire software development life cycle (SDLC) process throughout the entire CI/CD (Continuous Integration/Continuous Delivery) pipeline. The study evaluates market segment, vendor service functionality, relative market share, and innovative approaches to providing SSCS solutions for specific organizational needs. 

Continuous Software Security Throughout the SDLC

Veracode’s integrated platform bridges the needs of security and development teams by seamlessly embedding application security into the SDLC. Powered by nearly two decades of proprietary data, the platform provides a comprehensive view of risk, remediation guidance, and progress at every stage of the development process.

In the SSCS Leadership Compass, Veracode’s platform was hailed for strengths in API security features, visibility and reporting, vulnerability & secrets detection, and offering multiple SBOM formats. The company was also evaluated for its good customer growth and global partner ecosystem.   

Eric Swenson, Vice President of Product Marketing at Veracode, said, “Increased reliance on third-party and open-source code, combined with emerging regulations to drive standardization and governance, has made supply chain security a top priority for organizations. Until recently, they haven’t had all the necessary data to make an informed decision on how best to mitigate risk in their supply chains. The KuppingerCole SSCS Leadership Compass is the best definition of this emerging market to date. We are proud to position as a leader in every category, and achieve a Strong Positive for every product capability analyzed.”  

To read a complimentary copy of the SSCS Leadership Compass 2023, visit the KuppingerCole website.

To learn more about intelligent software security from Veracode, please visit veracode.com/platform.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.


Press and Media Contacts

Katy Gwilliam,
Head of Global Communications, Veracode
[email protected]
Related Links


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image

    and Tricks

  • resource image

    & Podcasts

  • resource image

    and eBooks