Across the thousands of customer conversations we have each year, one theme continues to emerge regardless of industry, size, or geography: the pace of development is accelerating rapidly, and the pressure to innovate quickly is more intense than ever before. Veracode’s customers are not alone. A recent GitLab survey across more than 4,000 global developers found that 43 percent of teams now deploy on demand or multiple times a day, and nearly the same percentage, 41 percent, deploy between once a day and once a month.
In response to this development evolution, Veracode is evolving as well. Security testing that can’t keep up or, worse, slows developers down, will be under-utilized or ignored in this fast-paced environment. In turn, we’re announcing the latest evolution of our Static Analysis solution – in which we’re bringing together two existing scan types and introducing a new, first-of-its-kind scan type:
- IDE Scan, which provides fast, automated security feedback to developers in the IDE, in seconds
- Pipeline Scan, a new, first-of-its-kind offering, which runs on every build and provides security feedback on code at a team level, with a median scan time of 90 seconds
- Policy Scan, which returns a full security assessment of the code before release, in a median scan time of 8 minutes
The result is a comprehensive Static Analysis product family that is optimized to integrate security testing into every stage of the development pipeline, giving teams the right scan, at the right time, in the right place.