Install the Veracode CLI

This guide explains how to install or upgrade the Veracode CLI, add your API credentials, and run a test to ensure the CLI is set up correctly.

Prerequisites

Before you can install and use the Veracode CLI, you must have:

• One of the following operating systems:

  • macOS (Intel or Apple silicon with Rosetta 2 installed)
  • Linux (Intel)
  • Windows

• A Veracode account with API credentials.

Install or upgrade the CLI

To avoid conflicts on Windows, use either Chocolatey or PowerShell, but not both.

Select from the following installation options:

Chocolatey

To install the CLI on Windows using Chocolatey, run:

choco install veracode-cli

PowerShell

To install the CLI on Windows using a PowerShell script:

1. Run PowerShell as an administrator.

2. To configure PowerShell to run signed scripts, run:

   Set-ExecutionPolicy AllSigned -Scope Process -Force

3. To install the latest version, run:

   $ProgressPreference = "silentlyContinue"; iex ((New-Object System.Net.WebClient).DownloadString('https://tools.veracode.com/veracode-cli/install.ps1'))

   If you want to configure a proxy server during the installation, or install a specific version of the CLI, see Alternate CLI installation methods.

Homebrew

To install the CLI on macOS or Linux using Homebrew, run:

brew install veracode/tap/veracode-cli

This command taps the Veracode CLI and installs the latest version.

cURL

To install the CLI on macOS or Linux using cURL, run:

curl -fsS https://tools.veracode.com/veracode-cli/install | sh

Add your credentials

You typically store your API credentials with the CLI on your local system, but you can also configure your credentials as environment variables. For local development environments, Veracode recommends that you store your credentials with the CLI.

Store credentials with the CLI

Veracode recommends you use this option when running the CLI locally.

1. To configure the CLI, run:

   Windows

   veracode configure

   macOS or Linux

   ./veracode configure

2. Enter your API ID and secret key. If you have set your credentials as environment variables, the CLI pre-populates these fields.

Configure credentials as environment variables

Veracode recommends you use this option when integrating the CLI with CI\CD systems.

To set the VERACODE_API_KEY_ID and VERACODE_API_KEY_SECRET environment variables to your API credentials, run:

Windows

set VERACODE_API_KEY_ID=<your_API_ID>
set VERACODE_API_KEY_SECRET=<your_API_key>

macOS or Linux

export VERACODE_API_KEY_ID=<your_API_ID>
export VERACODE_API_KEY_SECRET=<your_API_key>

Configure proxy settings

If you use the CLI behind a proxy, provide the URLs of the proxy servers as environment variables.

To configure environment variables for your proxy servers, run:

Windows

set HTTP_PROXY=<URL of your HTTP proxy server>
set HTTPS_PROXY=<URL of your HTTPS proxy server>

macOS or Linux

export HTTP_PROXY=<URL of your HTTP proxy server>
export HTTPS_PROXY=<URL of your HTTPS proxy server>

Test the installation

To run a test scan and confirm that you have successfully installed the CLI, run:

Windows

veracode scan --source alpine:latest --type image

macOS or Linux

./veracode scan --source alpine:latest --type image

Next steps

• See the list of CLI commands.
• Use the CLI to scan containers.
• Integrate the CLI with CI/CD systems.