Install the Veracode CLI
This guide explains how to install or upgrade the Veracode CLI, authenticate, and run a test to ensure the CLI is set up correctly.
Prerequisites
Before you can install and use the Veracode CLI, you must have:
-
One of the following operating systems:
- macOS (Intel or Apple silicon with Rosetta 2 installed)
- Linux (Intel)
- Windows
-
A Veracode account. If your organization uses single sign-on (SSO), you can authenticate with OAuth using your username or email address and password. If your organization doesn’t use SSO, or you're using the CLI in an automation, such as a script, authenticate with HMAC using your API credentials. You can generate API credentials in the Veracode Platform.
Install or upgrade the CLI
To avoid conflicts on Windows, use either Chocolatey or PowerShell, but not both. If you do not have permission to run PowerShell scripts, you can install the CLI with the MSI executable.
Select from the following installation options:
- Chocolatey
- PowerShell
- MSI
- Homebrew
- cURL
To install the CLI on Windows using Chocolatey, run:
choco install veracode-cli
To install the CLI on Windows using a PowerShell script:
-
Run PowerShell as an administrator.
-
To configure PowerShell to run signed scripts, run:
Set-ExecutionPolicy AllSigned -Scope Process -Force
-
To install the latest version, run:
$ProgressPreference = "silentlyContinue"; iex ((New-Object System.Net.WebClient).DownloadString('https://tools.veracode.com/veracode-cli/install.ps1'))
If you want to configure a proxy server during the installation, or install a specific version of the CLI, see Alternate CLI installation methods.
The Microsoft Standard Installer (MSI) for the Veracode CLI is a signed installer.
To install the CLI on Windows using the MSI installer:
- Download the latest 64-bit Windows MSI installer to your desktop.
- To install the CLI, double-click the MSI executable.
- To use the CLI, open a command prompt.
If you want to install a specific version of the CLI, see Alternate CLI installation methods.
To install the CLI on macOS or Linux using Homebrew, run:
brew install veracode/tap/veracode-cli
This command taps the Veracode CLI and installs the latest version.
To install the CLI on macOS or Linux using cURL, run:
curl -fsS https://tools.veracode.com/veracode-cli/install | sh
Authenticate with Veracode
You can authenticate with Veracode in the following ways:
- If your organization uses single sign-on (SSO), use OAuth to sign in with your username and password.
- If you doesn't use SSO, use your API credentials to authenticate with Veracode using HMAC. When using the CLI in automation, such as scripts, use HMAC authentication.
Use OAuth authentication
Use OAuth authentication if your organization uses SSO and you interact directly with the CLI. When using the CLI in automation, where you do not interact with the CLI, use HMAC authentication.
To complete this task:
-
In the CLI, run:
veracode auth login
-
Enter your username and password.
-
Select Sign in to authenticate. You can now return to the CLI.
Use HMAC authentication
Use HMAC authentication to authenticate with Veracode using your API credentials. Use this method if your organization doesn't use SSO, or you're using Veracode CLI for automation, such as in a script.
To perform HMAC authentication, ensure you have generated your Veracode API credentials from the Veracode Platform.
To authenticate using HMAC, run:
veracode configure
The CLI authenticates with Veracode and, by default, stores your API credentials locally. You typically store your API credentials with the CLI on your local system, but you can also configure your credentials as environment variables. For local development environments, Veracode recommends that you store your credentials with the CLI.
Store credentials with the CLI
Veracode recommends you use this option when running the CLI locally.
-
To configure the CLI, run:
- Windows
- macOS or Linux
veracode configure
./veracode configure
-
Enter your API ID and secret key. If you have set your credentials as environment variables, the CLI pre-populates these fields.
Configure credentials as environment variables
Veracode recommends you use this option when integrating the CLI with CI\CD systems.
To set the VERACODE_API_KEY_ID
and VERACODE_API_KEY_SECRET
environment variables to your API credentials, run:
- Windows
- macOS or Linux
set VERACODE_API_KEY_ID=<your_API_ID>
set VERACODE_API_KEY_SECRET=<your_API_key>
export VERACODE_API_KEY_ID=<your_API_ID>
export VERACODE_API_KEY_SECRET=<your_API_key>
Configure proxy settings
If you use the CLI behind a proxy, provide the URLs of the proxy servers as environment variables.
To configure environment variables for your proxy servers, run:
- Windows
- macOS or Linux
set HTTP_PROXY=<URL of your HTTP proxy server>
set HTTPS_PROXY=<URL of your HTTPS proxy server>
export HTTP_PROXY=<URL of your HTTP proxy server>
export HTTPS_PROXY=<URL of your HTTPS proxy server>
Test the installation
To run a test scan and confirm that you have successfully installed the CLI, run:
- Windows
- macOS or Linux
veracode scan --source alpine:latest --type image
./veracode scan --source alpine:latest --type image