Veracode, the global leader in application risk management, today announced a year of significant corporate momentum, product innovation, and customer growth throughout 2025. The company delivered strong performance in the final quarter of 2025, with new Annual Contract Value (ACV) increasing 81 percent year-over-year, underscoring sustained market traction and rising demand for its solutions.
Veracode’s strong performance was fueled by growing demand for application risk management as organizations navigated the dual pressures of rapid AI adoption and increasingly complex software supply chains. Security and development teams are now prioritizing comprehensive platforms that deliver visibility, control, and compliance across application ecosystems, helping them meet evolving regulatory requirements and manage modern development risks.
“We closed 2025 with an exceptional finish, and this is a direct result of our unwavering commitment to customer success,” said Brian Roche, Chief Executive Officer at Veracode. “Veracode’s purpose is to empower organizations to address the mounting challenges defining today’s security landscape—AI-generated code, external attack surface management, complex supply chain vulnerabilities, and the pressure to secure software at unprecedented speed and scale. Our teams remained true to this purpose throughout the year, delivering unrivalled visibility, intelligence, and assurance every day.”
Customer acquisition accelerated in 2025, with more than 130 new organizations added in the last quarter alone. The strength of Veracode’s value proposition was reflected in deal size, marked by the closing of seven-figure and multi-year contracts across diverse industries and use cases. The company’s performance was driven by heightened demand for comprehensive platforms that manage risk across the entire software development lifecycle, from code creation to cloud deployment.
The Veracode platform processed a record-breaking 420 trillion lines of code and helped customers fix 131 million flaws in 2025. This demonstrates a clear industry trend toward actively reducing security debt rather than simply scanning for compliance.
This momentum was powered by key product innovations, including the launch of Veracode Package Firewall to block malicious open-source packages before they enter the development environment, and External Attack Surface Management to proactively reduce risk across all internet-facing assets.
Veracode’s leadership was validated by customers and top industry analysts. The company earned the TrustRadius Top Rated and Buyers Choice awards for 2025 and was named a Leader in the Forrester Wave for Static Application Security Testing (SAST), the Gartner Magic Quadrant for Application Security Testing, and the IDC MarketScape for Application Security Posture Management (ASPM). Veracode also led the industry conversation on emerging risks, publishing the inaugural GenAI Code Security Report and 2025 State of Software Security Report, and was featured in a CNBC documentary on application risk management for modern development.
“I’m incredibly proud of what we achieved in 2025 and look forward to sustained success in the year ahead as we continue to enhance our platform and provide comprehensive visibility across the attack surface,” Roche closed. “Our mission remains clear: to deliver a platform that gives organizations complete confidence in the software they build, buy, run, and share. That’s the future we’re building.”
