Skip to main content

Install the Veracode CLI

This guide explains how to install or upgrade the Veracode CLI, authenticate, and run a test to ensure the CLI is set up correctly.

Prerequisites

Before you can install and use the Veracode CLI, you must have:

  • One of the following operating systems:

    • macOS (Intel or Apple silicon with Rosetta 2 installed)
    • Linux (Intel)
    • Windows
  • A Veracode account. If your organization uses single sign-on (SSO), you can authenticate with OAuth using your username or email address and password. If your organization doesn’t use SSO, or you're using the CLI in an automation, such as a script, authenticate with HMAC using your API credentials. You can generate API credentials in the Veracode Platform.

Install or upgrade the CLI

To avoid conflicts on Windows, use either Chocolatey or PowerShell, but not both. If you do not have permission to run PowerShell scripts, you can install the CLI with the MSI executable.

Select from the following installation options:

To install the CLI on Windows using Chocolatey, run:

choco install veracode-cli

Authenticate with Veracode

You can authenticate with Veracode in the following ways:

  • If your organization uses single sign-on (SSO), use OAuth to sign in with your username and password.
  • If you doesn't use SSO, use your API credentials to authenticate with Veracode using HMAC. When using the CLI in automation, such as scripts, use HMAC authentication.

Use OAuth authentication

Use OAuth authentication if your organization uses SSO and you interact directly with the CLI. When using the CLI in automation, where you do not interact with the CLI, use HMAC authentication.

To complete this task:

  1. In the CLI, run:

    veracode auth login
  2. Enter your username and password.

  3. Select Sign in to authenticate. You can now return to the CLI.

Use HMAC authentication

Use HMAC authentication to authenticate with Veracode using your API credentials. Use this method if your organization doesn't use SSO, or you're using Veracode CLI for automation, such as in a script.

To perform HMAC authentication, ensure you have generated your Veracode API credentials from the Veracode Platform.

To authenticate using HMAC, run:

veracode configure

The CLI authenticates with Veracode and, by default, stores your API credentials locally. You typically store your API credentials with the CLI on your local system, but you can also configure your credentials as environment variables. For local development environments, Veracode recommends that you store your credentials with the CLI.

Store credentials with the CLI

Veracode recommends you use this option when running the CLI locally.

  1. To configure the CLI, run:

    veracode configure
  2. Enter your API ID and secret key. If you have set your credentials as environment variables, the CLI pre-populates these fields.

Configure credentials as environment variables

Veracode recommends you use this option when integrating the CLI with CI\CD systems.

To set the VERACODE_API_KEY_ID and VERACODE_API_KEY_SECRET environment variables to your API credentials, run:

set VERACODE_API_KEY_ID=<your_API_ID>
set VERACODE_API_KEY_SECRET=<your_API_key>

Configure proxy settings

If you use the CLI behind a proxy, provide the URLs of the proxy servers as environment variables.

To configure environment variables for your proxy servers, run:

set HTTP_PROXY=<URL of your HTTP proxy server>
set HTTPS_PROXY=<URL of your HTTPS proxy server>

Test the installation

To run a test scan and confirm that you have successfully installed the CLI, run:

veracode scan --source alpine:latest --type image

Next steps