Veracode Acquires Phylum, Inc. Technology to Transform Software Supply Chain Security
Veracode, a global leader in application risk management, today announced it has acquired certain assets of Phylum, Inc., including its malicious package analysis, detection, and mitigation technology. The acquisition enhances Veracode’s ability to identify and block malicious code in open-source libraries, marking continued investment in its software supply chain risk management capabilities. This gives customers a more comprehensive view of risks associated with open-source code usage, strengthening their defenses against emerging threats.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250106967344/en/
Veracode acquires technology from Phylum, Inc. (Graphic: Business Wire)
With software supply chain attacks projected to triple in cost from $46 billion in 2023 to $138 billion by 20311, safeguarding against these risks is now mission-critical for organizations. Through Phylum’s innovative technology, Veracode empowers customers to proactively prevent attacks by identifying and blocking malicious packages and vulnerabilities in real time. The addition of a package management firewall and an unmatched malicious package database further strengthens Veracode’s ability to mitigate emerging software threats before they impact customers.
Ravi Iyer, Chief Product Officer at Veracode, said, “This acquisition advances Veracode’s mission to be the most comprehensive application risk management platform by significantly expanding our ability to identify, mitigate, and remediate risks across the software supply chain. With Phylum’s unmatched database and cutting-edge research—proven to detect 60 percent more malicious packages than any other vendor—our customers will gain the confidence to innovate faster, knowing their software is protected against evolving threats.”
Veracode Prevents, Detects and Fixes Malicious Packages
Malicious packages have become a prevalent attack vector in the software supply chain, capable of infecting networks, stealing sensitive information, and enabling remote code execution. Identifying and mitigating these threats is now a critical component of any robust software composition analysis (SCA) solution. Effective tools must go beyond detection to quarantine and block suspicious packages in real-time.
With Phylum’s fully automated malicious code analysis pipeline, Veracode significantly shortens the window of opportunity for attackers. Newly published packages are analyzed within seconds, helping customers proactively prevent attacks. Phylum’s recent research identified nearly half a million malicious packages, including 2,500 targeted malware campaigns aimed at industries like finance and cryptocurrency, demonstrating the scale and sophistication of these threats.
“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide,” said Aaron Bray, CEO & Co-founder of Phylum, Inc. “By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats. Together, we will deliver even greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are excited to join the team.”
Phylum’s technology, including its malicious package database and package management firewall, will be integrated into Veracode’s SCA product, with general availability expected early this year. The acquisition also bolsters Veracode’s renowned security research team with Phylum’s experts, further elevating the company’s ability to protect customers from evolving threats.
For more information about the acquisition and software supply chain security, contact the Veracode team.
1 Gartner Inc., “Leader’s Guide to Software Supply Chain Security”, June 20, 2024
About Veracode
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.
Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250106967344/en/
Contacts
For more information, please contact:
Katy Gwilliam
kgwilliam@veracode.com
(c) 2024 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
First Cessna SkyCourier Delivered into Mexico, Expanding Air Freight Capabilities for FlexCoah22.12.2025 18:13:00 CET | Press Release
The first Cessna SkyCourier in Mexico was recently delivered to cargo transportation provider FlexCoah for use by the company’s aviation subsidiary, Altair. The aircraft — a freighter variant — will expand the company’s air freight capabilities throughout the country. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251222890759/en/ First Cessna SkyCourier delivered into Mexico, expanding air freight capabilities for FlexCoah (Photo Credit: Textron Aviation) The Cessna SkyCourier is designed and manufactured by Textron Aviation Inc., a Textron Inc. (NYSE: TXT) company. “The Cessna SkyCourier’s combination of reliability, payload capacity and mission flexibility makes it a powerful asset for operators looking to scale their operations while maintaining cost-efficiency,” said Lannie O’Bannion, senior vice president, Sales & Marketing. “The delivery of the Cessna SkyCourier to FlexCoah reflects the aircraft’s growing role in tran
Proudly Produced in Donegal: ProAmpac Invests in the Future of Food Board Manufacturing22.12.2025 17:34:00 CET | Press Release
ProAmpac, a global leader in flexible packaging and material science, is strengthening its operational footprint with the expansion of Food Board manufacturing capabilities at its Donegal, Ireland campus. The addition of a new, purpose-built Food Board production area within the existing site reinforces ProAmpac’s commitment to innovation, efficiency, and customer service across the food packaging sector. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251222149380/en/ Carr & Sons Smoked Salmon - ProAmpac As an extension of the existing Donegal operations, which support the pet food, food-to-go, and CPG markets, the expanded production area increases capacity and precision. A state-of-the-art guillotine system delivers cleaner cuts and consistent board quality, ensuring every sheet meets ProAmpac’s performance standards. The expanded facility area introduces several key improvements for customers: Dedicated Customer Service T
Coherent Solutions closes strategic investment led by IceLake22.12.2025 16:07:00 CET | Press Release
Coherent Solutions, a global digital engineering firm, has announced the closing of the strategic investment from IceLake, a leading private equity investor specializing in partnering with high-growth business services organizations. The transaction, previously announced in September 2025, has now received all necessary regulatory approvals. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251222791182/en/ Coherent Solutions and IceLake close strategic investment Coherent Solutions employs ~2,000 digital engineering, product, and design professionals across Europe and Latin America. The company builds and modernizes digital products and platforms for growing scale-ups and established global brands. “In a market saturated with AI claims, we’re seeing clients prioritize partners who can convert technology into measurable business outcomes,” said Igor Epshteyn, CEO of Coherent Solutions. “Staying grounded in digital value creatio
China Industry Leaders Convene in Jianshui to Chart the Blueberry Sector’s Growth Path22.12.2025 14:32:00 CET | Press Release
The Third Yunnan Blueberry Conference and the release ceremony of the “Xinhua–Yunnan Honghe Blueberry Industry Development Index Report” opened on December 19 in Jianshui County, Honghe Hani and Yi Autonomous Prefecture, in southwest China’s Yunnan Province. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251222516223/en/ The opening ceremony of the conference on 19th Dec in Jianshui. The conference has attracted scholars, experts, business representatives, and purchasers from across China, who have gathered here to explore pathways for promoting the high-quality development of the blueberry industry. During the three-day conference, organizers convened two major signing ceremonies: a cooperation agreement to jointly establish the Yunnan Blueberry Research Institute, and a strategic agreement to enhance financial support for the full industrial chain of Honghe blueberries. Outstanding organizations and individuals contributin
Modon Holding Forms Joint Venture With Related Companies and Panepinto Properties to Deliver Harborside 4, a Luxury Residential Tower Along the Waterfront in the Heart of Downtown Jersey City22.12.2025 14:17:00 CET | Press Release
Modon Holding PSC (“Modon”) today announced a new joint venture to deliver Harborside 4, a 54-story residential tower on one of the last prime waterfront sites in downtown Jersey City, New Jersey, USA. Modon will hold a majority equity stake alongside leading US developer Related Companies and long-established Jersey City firm Panepinto Properties (the “Joint Venture”), marking a further milestone in the Group’s strategy to scale its diversified global portfolio. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251222455854/en/ Harborside 4 render (Photo: AETOSWire) Harborside 4, designed by Handel Architects, will bring 800 luxury rental apartments and condominiums to downtown Jersey City, with the building offering unobstructed views of the Manhattan skyline and premium lifestyle and hospitality amenities including a marquee fitness club and concierge services. The site is minutes from Manhattan via PATH cross-Hudson rail se
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom