Veracode, a global provider of intelligent software security solutions, announced it has been named a Leader in The Forrester Wave™: Static Application Security Testing, Q3 2023.
The annual report, which evaluates 11 top vendors in the market against 26 criteria, helps security professionals select a static application security testing (SAST) vendor that best fits their needs. In this evaluation, Veracode received the highest score ahead of all competitors included in the report. The report notes, “Veracode is a great fit for enterprises looking to roll out and scale a comprehensive application security programme.”
FedRAMP and StateRAMP
Veracode’s SAST analysis is part of a software-as-a-service (SaaS) platform that includes dynamic application security testing, software composition analysis, container and infrastructure-as-code (IaC) scanning and developer training.
StateRAMP provides a wide security framework created to enhance cloud security for state government
Veracode is the only vendor evaluated by Forrester Wave to achieve the Federal Risk and Authorisation Management Programme (FedRAMP) and State Risk and Authorisation Management Programme certification (StateRAMP).
FedRAMP is a government-wide programme that provides a standardised approach to security assessment, authorisation, and continuous monitoring for cloud products and services. StateRAMP provides a comprehensive security framework designed to improve cloud security for state and local governments.
Veracode’s future vision
The Forrester Wave™ report states, “Veracode differentiates with reporting, remediation, and a programmatic approach.” Veracode offers a wide range of metrics and KPIs to meet customer needs, including fixed rate, security trends and policy compliance, all in a digestible format.
The report also highlighted Veracode’s future vision, which aims to “lower the development burden while providing security with a 360-degree view of the application risk landscape.” This vision includes “an exciting roadmap with AI-powered features for flaw prevention, automated remediation, intelligent prioritisation, and cross-correlation of application security testing (AST) scans."
The report notes, “Veracode Fix is a noteworthy innovation that utilises generative AI to automatically generate fixes for a finding. Veracode introduced Veracode Fix earlier this year, which utilises generative AI to automatically suggest remediations for security flaws found in first-party code."