Skip to main content

Veracode Named a Leader in Static Application Security Testing

BURLINGTON, Mass. – Dec. 12, 2017 Veracode, Inc., a leader in securing the world’s software, and acquired by Veracode (NASDAQ:CA), today announced it has been named a Leader in The Forrester Wave™: Static Application Security Testing, Q4 2017 report by Forrester Research. The report is based on the detailed evaluation of the 10 most significant vendors in static application security testing (SAST). To download the report, please click here.

According to The Forrester Wave™: Static Application Security Testing, Q4 2017, the analyst report stated that in addition to its application security platform, Veracode “offers the Veracode Static Analysis IDE scan plug-in for early, on-the-fly SAST checking.” The report also stated that Veracode “shows very strong support for binary and byte code scanning as well as wide support of source code language.”[1]

“Veracode’s mission is to help create a world where secure software is synonymous with great software, where the applications that matter are made to be secure from the start,” said Sam King, general manager, Veracode. “As such, we believe Forrester’s recognition of us as a leader is a result of our dedication to ensuring that both security and development professionals have the best tools at their fingertips to deploy world-class and secure applications.”

To achieve this mission, Veracode has evolved its static application security testing family of products to meet the changing needs of development and security professionals. Veracode Static Analysis IDE Scan provides security results in seconds so developers can secure their code as they write it, while the Veracode Static Analysis analyzes the binary code of applications for unknown vulnerabilities in a scalable, repeatable format. Veracode’s Developer Sandbox functionality enables engineers to test and fix code between releases without triggering a failed policy compliance report to the security team.

Vendors were evaluated across 29 criteria including their ability to offer a variety of SAST capabilities suitable for developers and security professionals. These capabilities include source code scanning with broad language support, incremental scans, quality gates and integrations with developer tools such as IDEs and build tools.

Veracode extends application security across the entire software lifecycle by empowering development teams with the tools to test early, giving security teams with the solutions they need to govern security issues, and enabling operations teams maintain applications’ security resulting in reduced application risk.

To learn more about Veracode’s Static Application Security Testing Capabilities, please visit:

For a demo of Veracode Static Analysis IDE Scan, please visit:
Read more about the DevSecOps approach to software security, with the Veracode’s State of Software Security Report 2017

1The Forrester Wave™: Static Application Security Testing, Q4 2017
2The Forrester Wave™: Static Application Security Testing, Q4 2017