.jpg)
Veracode has rolled out major platform innovations throughout the second half of 2025, with Package Firewall leading the advancements as a preventive control to block malicious packages in software supply chains. These updates address the sharp rise in supply chain attacks, which doubled from 15 to 30 percent of third-party breaches according to the Verizon 2025 Data Breach Investigations Report, enabling organizations to adopt a prevention-first security strategy from code to cloud.
Package Firewall, initially launched in June 2025, delivers proactive defense by stopping threats during package ingestion rather than detecting them post-integration. Unlike traditional SCA tools that scan existing components, this preventive mechanism blocks malicious or high-risk packages at the outset. Recent enhancements include seamless integration with Azure Artifacts and major package managers and repositories such as NPM, PyPI, Maven, Nexus, and Artifactory. Organizations can now enforce customizable policies based on risk profiles, vulnerability severity thresholds, and specific compliance needs, balancing strong security with developer velocity.
Veracode strengthened its core scanning engines and developer experience across multiple releases. Dynamic Application Security Testing (DAST) Essentials now supports manual application linking for streamlined policy evaluation and reporting. Software Composition Analysis (SCA) features intelligent policies that reduce unnecessary build failures by triggering alerts only when remediation is available for vulnerable components. Static Analysis expanded coverage to include emerging frameworks and runtimes such as .NET Semantic Kernel, Python-based AWS Glue and FastAPI, Java JDK 25 (LTS), and Node.js 22.x.
Developer tool integrations received significant upgrades for Visual Studio, JetBrains IDEs, Azure DevOps, and GitHub, improving workflow efficiency. Veracode Security Labs expanded its training content with new modules on container security and the latest OWASP Top 10, helping teams build secure coding practices.
The latest platform release introduced OAuth-based single sign-on (SSO) across the full IDE plugin portfolio, including Visual Studio Code, Visual Studio, Eclipse, and JetBrains platforms. This eliminates manual API key management and provides centralized, role-based access control. Veracode Risk Manager (VRM) gained deeper integration capabilities and more granular access controls to meet enterprise security requirements.
“The growing attack surface has created an unprecedented level of complexity for security and development teams,” said Tim Jarrett, Vice President of Product at Veracode. “The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach.”
“Our mission is to empower organizations to enhance their security posture, bridge critical skills gaps, and accelerate remediation—all within a unified, integrated platform. By listening closely to our customers, we continuously evolved Veracode’s platform in 2025 to meet their needs, enabling them to drive faster, more secure DevSecOps practices,” Jarrett added.
About Veracode
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.