RSA Conference (booth #435)–Veracode, the global leader in application risk management, today announced Veracode Fix for Software Composition Analysis (SCA), an AI-powered solution to address software supply chain risk. The enhanced automated remediation engine—the next evolution of Veracode’s industry-leading Fix solution—enables organizations to detect and remediate open-source vulnerabilities easily, before code reaches production. Designed to integrate seamlessly into existing developer workflows, it delivers third-party updates and first-party code refactoring without breaking builds or disrupting development. In 2025, software supply chain breaches accounted for 30 percent of external attacks. Meanwhile Veracode’s 2026 State of Software Security (SoSS) Report revealed 82 percent of organizations struggle with escalating security debt, largely due to open-source dependencies. Veracode Fix for SCA addresses both challenges directly. Leveraging deep, contextual analysis, the solution delivers pull requests that are safe to merge, enabling autonomous fixing. Unlike traditional SCA solutions that often overwhelm developers with alerts and hinder productivity, Veracode Fix combines logic-driven AI with proprietary vulnerability intelligence, ensuring ready-to-merge fixes while eliminating the risk of AI “hallucinations.” “AI is accelerating software development—but it’s also enabling an unprecedented explosion of supply chain risks,” said Tim Jarrett, Vice President of Product Management. “Visibility into these risks is no longer enough. Organizations need intelligent, automated solutions that not only find vulnerabilities but fix them with precision, giving development teams the confidence to innovate securely.”

Full report : Veracode updates its SCA to automate open-source vulnerability fixes as software supply chain attacks surge.

For more see the OODA Company Profile on Veracode.