Veracode is a technology company.
Veracode has raised $115.0M across 6 funding rounds.
Veracode has raised $115.0M in total across 6 funding rounds.
Veracode has raised $115.0M in total across 6 funding rounds.
Veracode's investors include .406 Ventures, Accomplice VC, Ballistic Ventures, Evolution Equity Partners, Founders Circle Capital, Highland Capital Partners, Sequoia Capital, Top Tier Capital Partners, Betaworks Ventures, Lampros Capital Partners, StarVest Partners, TBD Angels.
Veracode is a Burlington, Massachusetts-based application security company founded in 2006 that provides a SaaS platform for securing software development. It offers integrated tools like static analysis (white-box testing), dynamic analysis (black-box testing), and software composition analysis to scan code for vulnerabilities, serving over 2,400 customers worldwide and having assessed more than 315 trillion lines of code while fixing over 113 million flaws.[1][3] The platform helps organizations build, buy, and run secure software by embedding security into development pipelines, with strong growth evidenced by acquisitions like Phylum Inc. in January 2025 to enhance open-source library security and a customer recommendation rate of 97%.[1][3]
Veracode was founded in 2006 by Chris Wysopal and Christien Rioux, both former engineers at @stake, a security consulting firm tied to L0pht Heavy Industries' white-hat hackers; Rioux authored much of the core software.[1] The idea stemmed from creating an automated alternative to manual penetration testing: in 2007, they launched SecurityReview to detect code vulnerabilities without hiring external hackers.[1] Key milestones include leadership shifts—like Robert T. Brennan as CEO in 2011, Sam King post-Thoma Bravo acquisition, and Brian Roche in April 2024 after acquiring Longbow Security—and a $2.5 billion acquisition by TA Associates in March 2022, followed by the Phylum deal in 2025 to block malicious open-source code.[1]
Veracode rides the shift-left security trend in DevSecOps, where vulnerabilities must be caught early amid rising cyber threats and complex supply chains.[1][3] Timing aligns with exploding software dependency on open-source (e.g., Log4j vulnerabilities) and regulations like GDPR/SOX demanding proactive appsec; its platform counters this by automating what manual testing can't scale.[1] Market forces favoring Veracode include SaaS adoption for speed/pricing over on-prem tools and its data-driven insights (e.g., annual reports) influencing industry standards, while acquisitions position it against rivals in a $10B+ AppSec market.[1]
Veracode's trajectory points to deeper AI-driven automation and supply chain security dominance, fueled by Phylum integration and CEO Brian Roche's push for comprehensive risk management.[1] Trends like generative AI code generation and zero-trust architectures will amplify demand, potentially driving more acquisitions or expansion into runtime protection. As threats evolve, Veracode could shape ecosystem norms for "secure from the start" software, reinforcing its role in enabling confident innovation for enterprises worldwide—echoing its founding mission to secure the software moving business forward.[1][2][3]
Veracode has raised $115.0M across 6 funding rounds. Most recently, it raised $40.0M Series F in September 2014.