Skip to main content

veracode package

Packages project code as an artifact (archive file) that you can upload to Veracode for Static Analysis or SCA upload and scan. SCA agent-based scanning is not supported. To automate packaging, see About auto-packaging.


./veracode package [flags]


-d, --debugDisplay verbose output.
-h, --helpReturn help content for veracode package.
-o, --output stringOutput directory to place the output artifact file on your local system. Default is the local working directory.
-s, --source stringLocation of the source to package based on the target --type. If the target is directory, enter the path to a local directory. If the target is repo, enter the URL to a Git version control system. If you enter a repository URL, the package command clones the repository to a temporary directory on the local file system, then packages the code in the clone. After packaging the source, Veracode deletes the clone.
-a, --trustAcknowledge that the source project is a trusted source. Required the first time you package a project.
-t, --type stringTarget type you want to package. Values are repo or directory. Default is directory.

Environment variables

All environment variables are optional.

Environment variableDescription
SRCCLR_IOS_SCHEMEFor iOS projects, defines a custom scheme. A scheme is a collection of settings that define how the xcodebuild process builds, runs, and configures an application. By default, the auto-packager creates a scheme for a project based on the project name.
To set this environment variable, run: export SRCCLR_IOS_SCHEME=<custom scheme>
SRCCLR_IOS_DESTINATIONFor iOS projects, defines the destination platform, such as iOS, tvOS, watchOS, or visionOS, for the application. The default is generic/platform=iOS.
To set this environment variable, run: export SRCCLR_IOS_DESTINATION=<custom destination>
SRCCLR_IOS_CONFIGURATIONDefines the build configuration the xcodebuild process uses to build the project. Values are Debug or Release. The default is Debug.
To set this environment variable, run: export SRCCLR_IOS_CONFIGURATION=<value>


To package a local directory and place the output in a different directory, run:

./veracode package --source path/to/project --output path/to/output/dir

To package source for a GitHub repository that you trust and place the output in the current directory, run:

./veracode package --source --type repo --trust

To perform the same action with a custom scheme, run:

SRCCLR_IOS_SCHEME=MyTestProj/veracode package --source --type repo --trust