Veracode Static Analysis Doubles Down on Developers’ Need for Speed with New Pipeline Scan

Veracode Static Analysis meets the needs of DevSecOps programs with three scan types delivering fast, accurate results at all stages of the development lifecycle

BURLINGTON, Mass. – Feb. 13, 2020 – Veracode, the largest independent global provider of application security testing (AST) solutions, today announced the launch of the next-generation of Veracode Static  Analysis. The new release features comprehensive analysis across the development lifecycle, including a new Pipeline Scan that is optimized for use when code is submitted to the build process. Veracode Static Analysis is part of the Veracode SaaS platform providing comprehensive software security analysis capabilities, developer enablement, and AppSec governance, including compliance frameworks and market-leading analytics.

Veracode Static Analysis is a DevSecOps solution for companies that innovate through software and need to deliver secure code on time. The Veracode Static Analysis product family includes:

• IDE Scan: IDE Scan, formerly Veracode Static Analysis IDE Scan, allows developers to discover flaws pre-commit in real-time as they write code, shifting security left to catch issues while they are easier and less expensive to fix. IDE Scan returns results in a median time of 3 seconds, reducing the number of new flaws introduced and allowing developers to deliver secure code while staying on schedule and reducing unplanned work. Because developers get immediate feedback and remediation advice on their own code, IDE Scan also provides effective on-the-job secure coding training.
• Pipeline Scan: The first of its kind in the market, this is a fast, new scan that fits developers’ DevSecOps requirements and helps them address security flaws quickly in the pipeline. The median scan time for Pipeline Scan is just 90 seconds. This new scan type addresses a widespread industry need for fast feedback on every build in a continuous integration environment, which is critical for developer success in DevSecOps practices. It also reduces costly unplanned work later.
• Policy Scan: Prior to releasing software, Policy Scan completes a full assessment of the code with an audit trail for management and compliance purposes. This comprehensive scan with detailed logging completes in a median scan time of 8 minutes. Development teams can also preview compliance in a sandbox environment before communicating results to security and governance teams. Each application is evaluated against the company’s security policy, delivering a clear pass/fail result.

“In a DevSecOps world, developers come first and the tools they use to secure their code have to fit with how they work,” said Ian McLeod, Chief Product Officer at Veracode. “Veracode Static Analysis provides powerful capabilities for developers to focus on fixing, not just finding, flaws in code. The speed these products offer organizations is unrivaled in the industry, without sacrificing accuracy. Application security programs are most comprehensive and effective when individual developers in the organization become engaged participants and stakeholders.”

Veracode Static Analysis allows organizations to scan early and frequently, providing developers with clear guidance on what issues to focus on and how to fix them faster, while offering comprehensive scanning of the full application to meet security team requirements. A large technology firm using Veracode Static Analysis reduced the number of new flaws introduced into its master branch by 79%, or about 150,000 flaws. Veracode Static Analysis ensures the highest possible accuracy with a developer-reported false positive  rate of less than 1.1% without manual tuning..

Visit Veracode at RSA 2020 at booth N #5553 to learn more about the industry’s most complete SaaS platform for DevSecOps, experience our demos, and talk with our experts about our product families. Follow us on Twitter at @Veracode to enter Twitter raffle during RSA for a chance to win great prizes.