/oct 5, 2020

Veracode Streamlines AppSec Workflows for Developers with New GitHub Action

DevSecOps becomes a seamless experience by making AppSec tools accessible in familiar interface

BURLINGTON, Mass. – Oct. 5, 2020 – Veracode, the largest global provider of application security testing (AST), has announced a new GitHub Action to provide developers with an easy and familiar way to ensure that the code they are writing is secure – as they write it. The action enables developers to perform Veracode’s Static Policy Scan workflow, initiate a pipeline scan, and consume pipeline scan results all within GitHub’s code scanning UI.

GitHub Actions CI/CD helps developers improve time to market by allowing them to build, test and deploy code directly from within GitHub. Developers can invoke Veracode’s Static Analysis (SAST) scans from GitHub Actions, significantly expanding the security testing capabilities for developers leveraging GitHub workflows, and allowing them to build security directly into their DevOps processes and scale development across the team.

John Leon, VP of Business Development at GitHub, said, “Veracode understands the importance of shifting left in the development lifecycle to enable teams to find and fix flaws at scale. With software development moving at breakneck speed, this new GitHub Action further enables our joint customers to develop secure software, without compromising speed or quality – all within a familiar interface.”

Veracode’s Static Analysis solution enables DevSecOps by providing fast, automated and actionable security feedback to developers in their pipeline – when they compile their code or when they check in their code - and conducting a full policy scan before deployment. With the new GitHub Action, developers can control Veracode scans as they write code within the GitHub environment and get clear guidance on how to remediate issues. Scan results are converted into GitHub code scanning alerts. When code is ready for deployment, developers can conduct the Veracode Policy Scan for a full assessment of the code, with an audit trail for compliance that can be previewed before triggering alerts. Veracode results have high accuracy without manual tuning as a result of the intelligence of Veracode’s SaaS platform which has scanned more than 21 trillion lines of code, to date.

Ian McLeod, Chief Product Officer at Veracode, said, “Secure development at scale is only possible if developers assume ownership of ensuring that the code they are writing is secure from the start. It’s therefore critical that we provide tools and integrations that simplify the job for the developer and make the capabilities available in the tools they use every day. Our new GitHub Action provides a seamless experience that saves developers time, while giving them the confidence that the code they’re writing is secure.”

Veracode tools are available as GitHub Actions in the GitHub Marketplace.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.


Press and Media Contacts

Katy Gwilliam,
Head of Global Communications, Veracode
[email protected]
Related Links


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image

    and Tricks

  • resource image

    & Podcasts

  • resource image

    and eBooks