Application security company Veracode Inc. today announced that it had acquired certain assets from software supply chain security company Phylum Inc. for an undisclosed price.

Under the deal, Veracode is acquiring Phylum’s malicious package analysis, detection and mitigation technology. The technology is planned to be used to enhance Veracode’s ability to identify and block malicious code in open-source libraries and give customers a more comprehensive view of risks associated with open-source code usage.

The acquisition comes at a time when software supply chain attacks are becoming increasingly sophisticated and costly, with projected global damages expected to rise from $46 billion in 2023 to $138 billion by 2031. By integrating Phylum’s automated malicious code analysis pipeline, Veracode is aiming to assist organizations in identifying and blocking threats in real time, reducing the risk of data breaches and operation disruptions.

Phylum’s tech brings a cutting-edge malicious-package database and package management firewall to Veracode’s platform, which is aimed at strengthening its Software Composition Analysis offering. The tools coming to Veracode are designed to provide instant analysis of newly published packages and, in doing so, close the gap between threat identification and mitigation.

With Phylum’s fully automated malicious code analysis pipeline, Veracode says, it can significantly shorten the window of opportunity for attackers. Newly published packages are analyzed within seconds, helping customers proactively prevent attacks.

The acquisition does not include only Phylum’s tech, as the experts behind Phylum’s malicious package analysis are also joining Veracode. The incoming researchers have uncovered nearly a half-million malicious packages, including targeted campaigns against industries such as finance and cryptocurrency. Their expertise will complement Veracode’s mission to deliver industry-leading solutions for application risk management.

“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide,” said Phylum co-founder and Chief Executive Aaron Bray. “By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats.”

Phylum’s technology, including its malicious package database and package management firewall, is planned to be integrated into Veracode’s SCA product, with general availability expected later this year.

Image: SiliconANGLE/Ideogram