Veracode Acquires Technology from Phylum, Inc. to Support Supply Chain Security

Veracode, a Burlington, Massachusetts-based company specializing in application risk management, has acquired certain assets of Phylum, Inc., including its malicious package analysis, detection, and mitigation technology. The acquisition is intended to enhance Veracode’s ability to identify and block malicious code in open-source libraries, thereby giving customers a more comprehensive view of risks associated with open-source code usage.

Leveraging the Phylum malicious code analysis technology, Veracode hopes to significantly shorten the window of opportunity for attackers. Newly published packages are analyzed within seconds, helping customers proactively prevent attacks. Phylum’s recent research identified nearly half a million malicious packages, including 2,500 targeted malware campaigns aimed at industries like finance and cryptocurrency, demonstrating the scale and sophistication of these threats.

“This acquisition advances Veracode’s mission to be the most comprehensive application risk management platform by significantly expanding our ability to identify, mitigate, and remediate risks across the software supply chain,” said Ravi Iyer, Chief Product Officer at Veracode. “With Phylum’s unmatched database and cutting-edge research—proven to detect 60 percent more malicious packages than any other vendor—our customers will gain the confidence to innovate faster, knowing their software is protected against evolving threats.”

“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide,” said Aaron Bray, CEO & Co-founder of Phylum, Inc. “By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats. Together, we will deliver even greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are excited to join the team.”

Phylum’s technology is expected to be integrated into Veracode’s SCA product, with general availability expected early this year.

Channel Impact^®
This acquisition of the Phylum technology is expected to augment Veracode’s application risk management platform by significantly expanding the ability to identify, mitigate, and remediate risks.