/jan 11, 2021

Veracode Named a Leader in Newest Evaluation of Static Analysis Security Testing by Independent Research Firm

“Veracode Has Invested in the Developer Experience,” According to Analyst Report

BURLINGTON, Mass. – Jan. 11, 2021 – Veracode, Inc., the largest independent global provider of application security testing (AST), today announced it has been named a Leader in The Forrester Wave™: Static Application Security Testing, Q1 2021. The report states, “Prioritization is a strength, with Veracode’s graphical representation of code flaws according to risk and ease of fix unmatched in the market.” The Forrester report noted, “For firms looking for an enterprise-grade SAST tool, Veracode remains a top choice.”

Veracode was among the select companies that Forrester invited to participate in The Forrester Wave™: Static Application Security Testing, Q1 2021. In this evaluation, Veracode received the highest scores possible in the remediation guidance and education, product vision, execution roadmap, market approach, and planned enhancements criteria.

“We believe our commitment to empowering software developers to write secure code from the start, without sacrificing speed or innovation, while enabling security teams to manage risk and meet compliance mandates is why Veracode continues to be a market leader,” said Sam King, CEO of Veracode. “We’re thrilled that Forrester Research has recognized us in its Static Application Security Testing Wave and believe this report is a validation of our continued vision, innovation, execution, and focus on customer success.”

Veracode SAST is a SaaS solution that empowers customers to both find and fix flaws. It delivers a false positive rate of less than 1.1 percent without manual tuning, which allows developers to focus on fixing real security defects and write code with minimal distraction.

In 2020, Veracode scanned nearly 11 trillion lines of code and helped customers fix more than 16.4 million flaws. Three types of Veracode SAST scans guide developers through different stages of the software development lifecycle (SDLC):

  • IDE Scan in the pre-commit stage to help developers find and fix defects in seconds in their preferred development environment. In addition to finding vulnerabilities, it also helps to accelerate remediation and educate developers through positive reinforcement, remediation guidance, and code samples.
  • Pipeline Scan in the build stage of development to provide fast, accurate feedback in a median scan time of 90 seconds, so that teams can test every time they commit code in their CI/CD system. This scan is conducted within a development pipeline via an API, with checks against a company’s security policy and results directly integrated into the pipeline.
  • Policy Scan to test the full application against policy and summarize its security posture in a single report in a matter of minutes. Development teams can also preview compliance in a sandbox environment before communicating results to security and governance teams. This centralized reporting gives security teams broad visibility across their application landscape.

To download a complimentary copy of The Forrester Wave™: Static Application Security Testing, Q1 2021 report, click here.

Click here to schedule a demo of Veracode Static Analysis. To learn more about application security from Veracode, please visit: https://www.veracode.com/solutions.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.


Press and Media Contacts

Katy Gwilliam,
Head of Global Communications, Veracode
[email protected]
Related Links


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image

    and Tricks

  • resource image

    & Podcasts

  • resource image

    and eBooks