Here is a quick snapshot of what we uncovered during our annual State of Software Security (SoSS) report. Download this year’s report to find out.

An overview of the Veracode Continuous Software Security Platform, that brings security and development together to secure software throughout the software development lifecycle.

Veracode Community Manager Javed Mohammed discusses with Security Consultant Evan Gertis, what makes an Application Security Champion, best practices, and more.

In this video, we’ll demo how to use the SBOM API with Veracode Software Composition Analysis (SCA) to generate a Software Bill of Materials (SBOM). The new SBOM API provides an inventory of components within your application with insight into the relationships between the components. Exported in CycloneDX format, the SBOM identifies which components are coming from 3rd party sources and offers visibility into your software supply chain.

This episode of Veracode Insiders features Elisa Velarde, Senior Product Marketing Manager, here at Veracode. Tune in for an update on a new product enhancement that allows your security team to find log4shell at runtime.

Chris Wysopal, CTO and Co-founder of #Veracode shares his 2022 Application Security Technology Predictions with Community Manager, Javed Mohammed.

Traditionally Veracode Dynamic Analysis has targeted applications with a Web user interface. But increasingly, web applications are composed of many small microservices, many of which have Representational State Transfer (REST) interfaces with which the UI layer communicates. With API scanning, you can now scan the APIs of your microservices earlier in the software development process, before they are integrated into a web application.

In this video, you will learn how to review Dynamic Analysis prescan scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

Things we learned from the Log4j vulnerability.

In this video, you will learn how to upload, update, and delete API specifications using the API Specification Management tab in the Veracode Platform. This tab is a feature of Dynamic Analysis API Scanning.