/feb 13, 2020

Veracode Static Analysis Doubles Down on Developers’ Need for Speed with New Pipeline Scan

Veracode Static Analysis meets the needs of DevSecOps programs with three scan types delivering fast, accurate results at all stages of the development lifecycle

BURLINGTON, Mass. – Feb. 13, 2020Veracode, the largest independent global provider of application security testing (AST) solutions, today announced the launch of the next-generation of Veracode Static  Analysis. The new release features comprehensive analysis across the development lifecycle, including a new Pipeline Scan that is optimized for use when code is submitted to the build process. Veracode Static Analysis is part of the Veracode SaaS platform providing comprehensive software security analysis capabilities, developer enablement, and AppSec governance, including compliance frameworks and market-leading analytics.

Veracode Static Analysis is a DevSecOps solution for companies that innovate through software and need to deliver secure code on time. The Veracode Static Analysis product family includes:

  • IDE Scan: IDE Scan, formerly Veracode Static Analysis IDE Scan, allows developers to discover flaws pre-commit in real-time as they write code, shifting security left to catch issues while they are easier and less expensive to fix. IDE Scan returns results in a median time of 3 seconds, reducing the number of new flaws introduced and allowing developers to deliver secure code while staying on schedule and reducing unplanned work. Because developers get immediate feedback and remediation advice on their own code, IDE Scan also provides effective on-the-job secure coding training.
  • Pipeline Scan: The first of its kind in the market, this is a fast, new scan that fits developers’ DevSecOps requirements and helps them address security flaws quickly in the pipeline. The median scan time for Pipeline Scan is just 90 seconds. This new scan type addresses a widespread industry need for fast feedback on every build in a continuous integration environment, which is critical for developer success in DevSecOps practices. It also reduces costly unplanned work later.
  • Policy Scan: Prior to releasing software, Policy Scan completes a full assessment of the code with an audit trail for management and compliance purposes. This comprehensive scan with detailed logging completes in a median scan time of 8 minutes. Development teams can also preview compliance in a sandbox environment before communicating results to security and governance teams. Each application is evaluated against the company’s security policy, delivering a clear pass/fail result.

“In a DevSecOps world, developers come first and the tools they use to secure their code have to fit with how they work,” said Ian McLeod, Chief Product Officer at Veracode. “Veracode Static Analysis provides powerful capabilities for developers to focus on fixing, not just finding, flaws in code. The speed these products offer organizations is unrivaled in the industry, without sacrificing accuracy. Application security programs are most comprehensive and effective when individual developers in the organization become engaged participants and stakeholders.”

Veracode Static Analysis allows organizations to scan early and frequently, providing developers with clear guidance on what issues to focus on and how to fix them faster, while offering comprehensive scanning of the full application to meet security team requirements. A large technology firm using Veracode Static Analysis reduced the number of new flaws introduced into its master branch by 79%, or about 150,000 flaws. Veracode Static Analysis ensures the highest possible accuracy with a developer-reported false positive  rate of less than 1.1% without manual tuning..

Visit Veracode at RSA 2020 at booth N #5553 to learn more about the industry’s most complete SaaS platform for DevSecOps, experience our demos, and talk with our experts about our product families. Follow us on Twitter at @Veracode to enter Twitter raffle during RSA for a chance to win great prizes.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.


Press and Media Contacts

Katy Gwilliam,
Head of Global Communications, Veracode
[email protected]
Related Links


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image

    and Tricks

  • resource image

    & Podcasts

  • resource image

    and eBooks