Veracode Acquires Phylum Technology Assets

Veracode, a cloud-based application security platform, has acquired certain Phylum technology assets, including its malicious package analysis, detection and mitigation technology.

Veracode said Phylum’s assets improve its ability to identify and block malicious code in open-source libraries. It also said the acquisition shows its continued investment in its software supply chain risk management capabilities.

Veracode customers will gain a more comprehensive view of risks associated with open-source code usage. This should strengthen their defenses against emerging threats, according to Veracode.

The acquisition also beefs up Veracode’s security research team, allowing it to better protect customers from evolving threats.

Veracode Partners To Benefit From Phylum Technology

Ravi Iyer, Veracode‘s chief product officer, said partners play a key role in bringing new solutions and features to the market in an impactful way.

"Veracode’s partners will have access to Phylum’s malicious package database, which will be directly integrated into Veracode’s software composition analysis (SCA) product in the first half of 2025," he said. "With Phylum, Veracode SCA customers will be able to identify and score risks from open sources that are identified as containing malicious code. In addition, Veracode will be releasing a package detection firewall as another control point for customers in their software development lifecycle (SDLC). This is a great opportunity for partners to expand their footprint with existing customers, as well as gain new customers."

Related:Veracode Unveils Enhanced Velocity Partner Program

Veracode's Ravi Iyer

This acquisition was a strategic investment for Veracode, which deepens its capabilities to protect organizations using open-source software and their overall software supply chain, Iyer said.

"As software supply chain attacks continue to rise and evolve, the addition of Phylum’s technology will help our customers and prospects meet these challenges," he said. "The addition of Phylum means customers will be able to detect and block malicious packages from entering or within their supply chain. For our channel partners, the addition of Phylum within Veracode’s products means our partners are more effective for their customers in meeting the supply chain threat."

Phylum and Veracode will share the same partner ecosystem and will benefit from the combination of Phylum technology into Veracode’s products, Iyer said.

“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide,” said Aaron Bray, Phylum’s CEO and co-founder. “By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats. Together, we will deliver even greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are excited to join the team.”