Veracode has enhanced its cloud-based application risk management platform to embed verification processes into the software product development lifecycle.

The changes will allow developers to use a Veracode API that supports a fully scripted build server integration and fully automated security verification for entire software portfolios. By adding APIs, developers can use Veracode's cloud-based security testing in their on-premise development environment.

According to Samskriti King, SV-P of product marketing at Veracode, developers are often told to test application code but are not given the tools to do so.

King said: “This is enhancing the cloud service into day-to-day tools to become functionless for security testing. This is not an extra thing for them to do as it helps transparency and results will pop up as the tests are done.

“This is in the cloud so it can scale to all applications that an organisation uses on-premise. Sometimes we call it ‘inside Veracode' as a developer logs in, sees a pop-up box and the security issue is transparent to them.”

Veracode said the enhancements allow for the automation of all necessary security verification steps, from uploading applications and specifying status, to creating application profiles and submitting the application for a scan.

It added that with more rapid results, developers can identify flaws early and efficiently in the development cycle and create a severity-based list to meet with their regulatory stance.