Veracode strengthens its position in application security with record performance and new platform enhancements.
Veracode, a global leader in application risk management, reported a year of strong business momentum, product innovation, and expanding customer adoption throughout 2025. The company capped off the year with an especially strong fourth quarter, recording an 81 percent year-over-year increase in annual contract value (ACV). This surge highlights growing market demand for comprehensive application security platforms as organizations navigate increasingly complex digital environments.
The company’s performance was largely driven by a shift in enterprise priorities. As artificial intelligence adoption accelerates and software supply chains grow more intricate, security and development teams are under pressure to manage risks at unprecedented speed and scale. Organizations are increasingly turning to integrated platforms that provide end-to-end visibility, control, and compliance across the entire application ecosystem. Veracode’s solutions have gained traction as businesses look for tools that help them meet evolving regulatory requirements while reducing vulnerabilities across modern development pipelines.
According to CEO Brian Roche, the company’s results reflect a strong commitment to customer outcomes. He noted that organizations today face a rapidly changing security landscape shaped by AI-generated code, external attack surface exposure, and complex supply chain risks. Veracode’s mission, he said, is to help customers secure software at scale by providing actionable intelligence, automated remediation, and comprehensive visibility into application risk.
Customer growth was another major contributor to the company’s momentum. In the final quarter of 2025 alone, Veracode added more than 130 new organizations to its customer base. The company also closed multiple multi-million-dollar, multi-year contracts across a range of industries, reflecting strong confidence in its platform and long-term value proposition. Much of this demand has come from organizations seeking a unified approach to managing risk throughout the software development lifecycle, from initial code creation to cloud deployment and production environments.
Veracode also reported record-setting operational metrics. By the end of 2025, its platform had processed more than 420 trillion lines of code and helped customers remediate 131 million vulnerabilities. These figures underscore a broader industry trend toward actively reducing security debt rather than simply scanning for compliance. Organizations are increasingly focused on fixing issues early and continuously, rather than treating security as a final checkpoint in the development process.
Product innovation played a key role in supporting this growth. During the year, Veracode introduced several new capabilities designed to address emerging threats. Among them was the Veracode Package Firewall, which blocks malicious open-source packages before they enter development environments. The company also launched External Attack Surface Management, enabling organizations to proactively identify and reduce risks across internet-facing assets.
Industry recognition further validated the company’s position in the market. In 2025, Veracode received TrustRadius Top Rated and Buyers Choice awards and was named a leader in several major analyst reports. These included the Forrester Wave for Static Application Security Testing (SAST), the Gartner Magic Quadrant for Application Security Testing, and the IDC MarketScape for Application Security Posture Management (ASPM). Beyond analyst recognition, the company also contributed to industry thought leadership by publishing its inaugural GenAI Code Security Report and the 2025 State of Software Security Report. It was also featured in a CNBC documentary focused on application risk management in modern development.
Looking ahead, Veracode plans to continue expanding its platform capabilities while maintaining a strong focus on customer success. The company aims to provide organizations with comprehensive visibility across their entire attack surface, helping them build, buy, and deploy software with confidence.
Veracode positions itself as a leader in application risk management for the AI era. Its platform combines large-scale code scanning with a proprietary AI-powered remediation engine to help organizations secure applications from development through deployment. Thousands of development and security teams around the world rely on Veracode to identify exploitable risks, fix vulnerabilities in real time, and reduce security debt at scale. The company’s offerings span the full software development lifecycle, including static and dynamic analysis, software composition analysis, container security, application security posture management, penetration testing, and automated remediation tools.
With strong financial performance, expanding customer adoption, and continued product innovation, Veracode enters the new year positioned to build on its momentum and further shape the future of application risk management.
