Veracode Named a Leader in Newest Evaluation of Static Analysis Security Testing by Independent Research Firm

“Veracode Has Invested in the Developer Experience,” According to Analyst Report

BURLINGTON, Mass. – Jan. 11, 2021 – Veracode, Inc., the largest independent global provider of application security testing (AST), today announced it has been named a Leader in The Forrester Wave™: Static Application Security Testing, Q1 2021. The report states, “Prioritization is a strength, with Veracode’s graphical representation of code flaws according to risk and ease of fix unmatched in the market.” The Forrester report noted, “For firms looking for an enterprise-grade SAST tool, Veracode remains a top choice.”

Veracode was among the select companies that Forrester invited to participate in The Forrester Wave™: Static Application Security Testing, Q1 2021. In this evaluation, Veracode received the highest scores possible in the remediation guidance and education, product vision, execution roadmap, market approach, and planned enhancements criteria.

“We believe our commitment to empowering software developers to write secure code from the start, without sacrificing speed or innovation, while enabling security teams to manage risk and meet compliance mandates is why Veracode continues to be a market leader,” said Sam King, CEO of Veracode. “We’re thrilled that Forrester Research has recognized us in its Static Application Security Testing Wave and believe this report is a validation of our continued vision, innovation, execution, and focus on customer success.”

Veracode SAST is a SaaS solution that empowers customers to both find and fix flaws. It delivers a false positive rate of less than 1.1 percent without manual tuning, which allows developers to focus on fixing real security defects and write code with minimal distraction.

In 2020, Veracode scanned nearly 11 trillion lines of code and helped customers fix more than 16.4 million flaws. Three types of Veracode SAST scans guide developers through different stages of the software development lifecycle (SDLC):

  • IDE Scan in the pre-commit stage to help developers find and fix defects in seconds in their preferred development environment. In addition to finding vulnerabilities, it also helps to accelerate remediation and educate developers through positive reinforcement, remediation guidance, and code samples.
  • Pipeline Scan in the build stage of development to provide fast, accurate feedback in a median scan time of 90 seconds, so that teams can test every time they commit code in their CI/CD system. This scan is conducted within a development pipeline via an API, with checks against a company’s security policy and results directly integrated into the pipeline.
  • Policy Scan to test the full application against policy and summarize its security posture in a single report in a matter of minutes. Development teams can also preview compliance in a sandbox environment before communicating results to security and governance teams. This centralized reporting gives security teams broad visibility across their application landscape.

To download a complimentary copy of The Forrester Wave™: Static Application Security Testing, Q1 2021 report, click here.

Click here to schedule a demo of Veracode Static Analysis. To learn more about application security from Veracode, please visit: