Veracode Software Composition Analysis Cited as a Strong Performer by an Independent Research Firm

Veracode Software Composition Analysis Cited as a Strong Performer by an Independent Research Firm

Veracode, the largest global provider of application security testing (AST) solutions, has been recognized as a Strong Performer in The Forrester WaveTM: Software Composition Analysis, Q3 2021 by Forrester Research, a leading global research and advisory firm. The analyst group included Veracode among the most significant vendors in the market in its recent report titled, "The Forrester Wave™: Software Composition Analysis, Q3 2021." To download a complimentary copy of "The Forrester Wave™ report for Software Composition Analysis, Q3 2021," please visit this page

Veracode was among the select companies that Forrester invited to participate in its 2021 Forrester Wave™ SCA evaluation, with the analyst report noting: "Veracode is a strong choice for customers that are most interested in remediating vulnerabilities in open source components." In this evaluation, Veracode received the second highest ranking in the Strategy category. Additionally, Veracode received the highest scores possible within the Current Offering category in the criteria of Open Source Vulnerability Detection, Out-of-the-Box Remediation Reporting, Actionable Remediation, Prioritization, and Workflow Modification. Learn more:

"Threats to supply chain security have driven a 750% increase in the number of scans performed by Veracode SCA in a single year," said Brian Roche, Veracode chief product officer, "and our developer-driven remediation capabilities—thanks to a successful integration of SourceClear technologies—reduce fix time from hours to minutes with prioritization guidance and prescriptive fix actions. In addition to our placement by Forrester Research in its Software Composition Analysis Wave, we were recognized as a Leader in their Static Application Security Testing Wave. We believe this recognition across multiple categories validates our commitment to uniting developers and security teams with a unified platform."

According to the report, "Veracode has concentrated its SCA solution on finding and remediating open source vulnerabilities, with dependency graphs and guidance on a fix's likelihood to break the code — one customer reference called the dependency graph 'amazing'." The analysis goes on to say, "After combining their SourceClear acquisition with their homegrown SCA capabilities, Veracode's Software Composition Analysis is now a single, unified SCA product available through their SaaS platform. Veracode's roadmap focuses on unifying the SAST and SCA capabilities in the developer environment and enhancing container and IaC (Infrastructure as Code) security capabilities."

In addition, "the upcoming launch of a European data center will make their SaaS offerings more appealing to a broader geographic base. In support of their corporate culture, Veracode removed terminology like whitelist and blacklist from the product and documentation last year."

It appears that this recognition complements the strengths of Veracode's complete product suite, a unified end-to-end application security solution that gives customers a 360-degree view of their security posture. Veracode provides analysis at every phase of development for proprietary, open source, and functional code, and also offers world-class security experts, hands-on developer training, and an abundance of remediation resources that help companies reduce security risk.

Read more here: