Veracode has announced that it updated its Continuous Software Security Platform with enhancements like extended integrations for software composition analysis (SCA), an API for creating software bill of materials (SBOMs), and new improved language and framework support for static analysis. 

“Modern applications are mostly assembled, not written from scratch,” said Brian Roche, chief product officer at Veracode. “Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”

The Veracode Azure DevOps Extension has been updated with a new feature that allows developers to automatically import SCA data into Azure DevOps Boards and Work Items. The company also will be releasing a Veracode extension for Visual Studio Code that will include detailed information on vulnerabilities, license risks, and recommended versions of open-source libraries and dependencies. 

The new SBOM API allows developers to generate a SBOM in CycloneDX JSON format, which is one of the approved formats from the White House’s Executive Order on cybersecurity.  

In addition, the platform now offers support for Rails 7.0, Ruby 3.x, and PHP Symfony.