CA Technologies announced that it has signed a definitive agreement to acquire Veracode for approximately US$614 million in cash, in order to increase speed and security from app development to production.

This agreement follows CA’s acquisition of BlazeMeter in October 2016, as well as its January acquisition of Automic. BlazeMeter was added to build out CA’s DevOps portfolio, and the Automic acquisition was for CA’s cloud-based capabilities.

Acquiring Veracode, a SaaS-based secure DevOps platform, lets CA Technologies bridge its security business with a broad DevOps portfolio and add it to its growing SaaS business. Acquiring Veracode also sets up CA to compete with the secure DevOps market through automation and scaling of application security testing.

(Related: Visual Studio 2017 takes on DevOps)

Also, Veracode provides an application security solution with both static and dynamic testing, developer training, application protection, SaaS-based deployment, open-source security management, and the ability to test mobile applications, according to general manager of security at CA Technologies Mordecai Rosen.

The combination of CA and Veracode makes us a leader out the gate in application security,” he said. “It lets us insert security sooner into the software development life cycle, allowing organizations to address application vulnerabilities, which are commonly exploited attack vectors, and respond to market shifts quickly with security at the heart of their innovation.”

This SaaS-based model helps customers scale their application security programs at a pace the application economy demands, said Rosen, and it allows customers to benefit from the insight gained across the Veracode customer base. He said that last year, Veracode helped discover 10 million defects across its customer base, and it helped these customers remediate 7 million defects.

Rosen said that CA and Veracode will look at where integrations of the two portfolios should take place.

Others in the industry noted that the planned acquisition of Veracode allows CA to fill in the gaps of its DevOps offerings, since Veracode brings in its portfolio of application security testing tools offered as SaaS, said Forrester principal analyst Amy DeMartine.   

She added that although many enterprises are using application security testing in their DevOps Continuous Delivery pipeline, CA Technologies will not get “an automatic win with this purchase.

“CA Technologies will have to work hard to integrate Veracode into their DevOps tools as well as keep Veracode’s integration with non-CA Technologies tools, or lose out on revenue from Veracode as an independent, flexibly installed application security testing portfolio. Current and potential customers should be wary of any promise of quick integration wins.”

CA Technologies assumes the transaction will close in early April, and the company expects that it will increase revenue for fiscal year 2018 to the range of 1% to 3% as reported, or 2% to 4% in constant currency.