GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
Veracode unveiled new capabilities offering proactive risk mitigation and automated security at enterprise scale.
With software supply chain attacks and open-source vulnerabilities at an all-time high, enhanced Veracode Risk Manager (VRM) and an early access program for Veracode Package Firewall come at a critical juncture. The innovations represent a significant milestone in Veracode’s vision to deliver centralized risk visibility and secure development from the start.
“Security teams face immense pressure to combat evolving threats, while developers require the flexibility to innovate quickly,” said Derek Maki, Head of Product at Veracode. “Our latest Application Risk Management Platform enhancements provide organizations with the tools to not just identify risks, but to trace them to their root cause and prevent them before they compromise the software supply chain—all without slowing down development.”
Veracode’s newest offerings address increasing risk from open-source vulnerabilities and untrusted sources, reinforcing its leadership in application security innovation. The offerings combine automation with detailed remediation guidance to enable frictionless workflows throughout the software development lifecycle.
Veracode Package Firewall, built on technology acquired from Phylum Inc., blocks unsafe dependencies before they enter an organization’s environment. The tool employs the Open Policy Agent (OPA), a universal standard for policy automation that enables automated enforcement to expedite governance, effectively preventing software supply chain risks at the earliest entry point. Veracode Package Firewall delivers:
- Proactive Risk Mitigation: Strengthened security posture, reduced attack surface, and lower operational costs through automation and early threat mitigation.
- Streamlined Security and Compliance: Faster time to market, simplified compliance reporting, and enhanced collaboration across security and development teams.
- Secure Developer Productivity: Improved efficiency and innovation, freeing up developers’ time to focus on building software.
Veracode Package Firewall is currently available to a subset of customers under early access and will be generally available in June 2025.
Veracode’s latest enhancements to VRM further strengthen its Application Security Posture Management (ASPM) capabilities, providing unified risk visibility, contextual prioritization, and automated threat management. Key new features include:
- Runtime Container Risk Context: Seamless integration with Kubernetes environments to enrich vulnerability findings with crucial runtime intelligence. This allows customers to prioritize remediation efforts by identifying which vulnerabilities exist in packages that are loaded and exposed in running containers, focusing on the most tangible risks to the business and providing continuous visibility into the application’s runtime posture.
- Advanced Labeling Capabilities: Precise control over security findings with highly customizable tags and classifications. This granular labeling directly streamlines remediation by enabling targeted filtering and the creation of role-specific risk views tailored to use cases that matter most to the business.
- Repository Tools: More seamless integration with repository tools to pinpoint the exact origin of vulnerabilities, identifying the root cause of risk. This direct line of sight accelerates root cause analysis and enables teams to address security flaws with greater speed and precision.
Veracode Risk Manager automates issue investigation and prioritization while facilitating real-time monitoring—crucial for evaluating and improving security posture across multi-cloud environments. These latest enhancements enable organizations to address risk more effectively, with improved precision, triaging, and control over findings from multiple environments. Runtime Container Risk Context and Repository Tools are available now, and Advanced Labeling Capabilities will be coming soon.
Industry News
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.