Install the Veracode CLI

This guide explains how to install or upgrade the Veracode CLI, authenticate, and run a test to ensure the CLI is set up correctly.

Prerequisites

Before you can install and use the Veracode CLI, you must have:

• One of the following operating systems:

  • macOS (Intel or Apple silicon with Rosetta 2 installed)
  • Linux (Intel)
  • Windows

• A Veracode account. If your organization uses single sign-on (SSO), you can authenticate with OAuth using your username or email address and password. If your organization doesn’t use SSO, or you're using the CLI in an automation, such as a script, authenticate with HMAC using your API credentials. You can generate API credentials in the Veracode Platform.

Install or upgrade the CLI

To avoid conflicts on Windows, use either Chocolatey or PowerShell, but not both. If you do not have permission to run PowerShell scripts, you can install the CLI with the MSI executable.

Select from the following installation options:

Chocolatey

To install the CLI on Windows using Chocolatey, run:

choco install veracode-cli

PowerShell

To install the CLI on Windows using a PowerShell script:

1. Run PowerShell as an administrator.

2. To configure PowerShell to run signed scripts, run:

   Set-ExecutionPolicy AllSigned -Scope Process -Force

3. To install the latest version, run:

   $ProgressPreference = "silentlyContinue"; iex ((New-Object System.Net.WebClient).DownloadString('https://tools.veracode.com/veracode-cli/install.ps1'))

   If you want to configure a proxy server during the installation, or install a specific version of the CLI, see Alternate CLI installation methods.

MSI

The Microsoft Standard Installer (MSI) for the Veracode CLI is a signed installer.

To install the CLI on Windows using the MSI installer:

1. Download the latest 64-bit Windows MSI installer to your desktop.
2. To install the CLI, double-click the MSI executable.
3. To use the CLI, open a command prompt.

If you want to install a specific version of the CLI, see Alternate CLI installation methods.

Homebrew

To install the CLI on macOS or Linux using Homebrew, run:

brew install veracode/tap/veracode-cli

This command taps the Veracode CLI and installs the latest version.

cURL

To install the CLI on macOS or Linux using cURL, run:

curl -fsS https://tools.veracode.com/veracode-cli/install | sh

Authenticate with Veracode

You can authenticate with Veracode in the following ways:

• If your organization uses single sign-on (SSO), use OAuth to sign in with your username and password.
• If you doesn't use SSO, use your API credentials to authenticate with Veracode using HMAC. When using the CLI in automation, such as scripts, use HMAC authentication.

Use OAuth authentication

Use OAuth authentication if your organization uses SSO and you interact directly with the CLI. When using the CLI in automation, where you do not interact with the CLI, use HMAC authentication.

To complete this task:

1. In the CLI, run:

   veracode auth login

2. Enter your username and password.

3. Select Sign in to authenticate. You can now return to the CLI.

Use HMAC authentication

Use HMAC authentication to authenticate with Veracode using your API credentials. Use this method if your organization doesn't use SSO, or you're using Veracode CLI for automation, such as in a script.

To perform HMAC authentication, ensure you have generated your Veracode API credentials from the Veracode Platform.

To authenticate using HMAC, run:

veracode configure

The CLI authenticates with Veracode and, by default, stores your API credentials locally. You typically store your API credentials with the CLI on your local system, but you can also configure your credentials as environment variables. For local development environments, Veracode recommends that you store your credentials with the CLI.

Store credentials with the CLI

Veracode recommends you use this option when running the CLI locally.

1. To configure the CLI, run:

   Windows

   veracode configure

   macOS or Linux

   ./veracode configure

2. Enter your API ID and secret key. If you have set your credentials as environment variables, the CLI pre-populates these fields.

Configure credentials as environment variables

Veracode recommends you use this option when integrating the CLI with CI\CD systems.

To set the VERACODE_API_KEY_ID and VERACODE_API_KEY_SECRET environment variables to your API credentials, run:

Windows

set VERACODE_API_KEY_ID=<your_API_ID>
set VERACODE_API_KEY_SECRET=<your_API_key>

macOS or Linux

export VERACODE_API_KEY_ID=<your_API_ID>
export VERACODE_API_KEY_SECRET=<your_API_key>

Configure proxy settings

If you use the CLI behind a proxy, provide the URLs of the proxy servers as environment variables.

To configure environment variables for your proxy servers, run:

Windows

set HTTP_PROXY=<URL of your HTTP proxy server>
set HTTPS_PROXY=<URL of your HTTPS proxy server>

macOS or Linux

export HTTP_PROXY=<URL of your HTTP proxy server>
export HTTPS_PROXY=<URL of your HTTPS proxy server>

Test the installation

To run a test scan and confirm that you have successfully installed the CLI, run:

Windows

veracode scan --source alpine:latest --type image

macOS or Linux

./veracode scan --source alpine:latest --type image

Next steps

• See the list of CLI commands.
• Use the CLI to scan containers.
• Integrate the CLI with CI/CD systems.