Veracode Risk Manager and Package Firewall Updated
April 22, 2025

Veracode unveiled new capabilities offering proactive risk mitigation and automated security at enterprise scale.

With software supply chain attacks and open-source vulnerabilities at an all-time high, enhanced Veracode Risk Manager (VRM) and an early access program for Veracode Package Firewall come at a critical juncture. The innovations represent a significant milestone in Veracode’s vision to deliver centralized risk visibility and secure development from the start.

“Security teams face immense pressure to combat evolving threats, while developers require the flexibility to innovate quickly,” said Derek Maki, Head of Product at Veracode. “Our latest Application Risk Management Platform enhancements provide organizations with the tools to not just identify risks, but to trace them to their root cause and prevent them before they compromise the software supply chain—all without slowing down development.”

Veracode’s newest offerings address increasing risk from open-source vulnerabilities and untrusted sources, reinforcing its leadership in application security innovation. The offerings combine automation with detailed remediation guidance to enable frictionless workflows throughout the software development lifecycle.

Veracode Package Firewall, built on technology acquired from Phylum Inc., blocks unsafe dependencies before they enter an organization’s environment. The tool employs the Open Policy Agent (OPA), a universal standard for policy automation that enables automated enforcement to expedite governance, effectively preventing software supply chain risks at the earliest entry point. Veracode Package Firewall delivers:

- Proactive Risk Mitigation: Strengthened security posture, reduced attack surface, and lower operational costs through automation and early threat mitigation.

- Streamlined Security and Compliance: Faster time to market, simplified compliance reporting, and enhanced collaboration across security and development teams.

- Secure Developer Productivity: Improved efficiency and innovation, freeing up developers’ time to focus on building software.

Veracode Package Firewall is currently available to a subset of customers under early access and will be generally available in June 2025.

Veracode’s latest enhancements to VRM further strengthen its Application Security Posture Management (ASPM) capabilities, providing unified risk visibility, contextual prioritization, and automated threat management. Key new features include:

- Runtime Container Risk Context: Seamless integration with Kubernetes environments to enrich vulnerability findings with crucial runtime intelligence. This allows customers to prioritize remediation efforts by identifying which vulnerabilities exist in packages that are loaded and exposed in running containers, focusing on the most tangible risks to the business and providing continuous visibility into the application’s runtime posture.

- Advanced Labeling Capabilities: Precise control over security findings with highly customizable tags and classifications. This granular labeling directly streamlines remediation by enabling targeted filtering and the creation of role-specific risk views tailored to use cases that matter most to the business.

- Repository Tools: More seamless integration with repository tools to pinpoint the exact origin of vulnerabilities, identifying the root cause of risk. This direct line of sight accelerates root cause analysis and enables teams to address security flaws with greater speed and precision.

Veracode Risk Manager automates issue investigation and prioritization while facilitating real-time monitoring—crucial for evaluating and improving security posture across multi-cloud environments. These latest enhancements enable organizations to address risk more effectively, with improved precision, triaging, and control over findings from multiple environments. Runtime Container Risk Context and Repository Tools are available now, and Advanced Labeling Capabilities will be coming soon.

Share this

Industry News

May 15, 2025

GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.

May 15, 2025

Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.

May 15, 2025

Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.

May 15, 2025

CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.

May 14, 2025

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.

May 14, 2025

CodeRabbit is now available on the Visual Studio Code editor.

The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.

May 14, 2025

Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.

May 14, 2025

Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.

May 13, 2025

Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.

May 13, 2025

Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.

May 13, 2025

Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.

May 13, 2025

Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.

May 13, 2025

Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.

May 12, 2025

LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.

May 12, 2025

Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.