Skip to main content

veracode repository report

Generates a report of all developers who have contributed to a repository in the last 90 days. This command uses the repository inventory Excel files generated by the command veracode repository add.


./veracode repository report [flags]


-h, --helpReturn help for this command.


To generate a report of contributing developers:

  1. Ensure the configuration Excel files that you generated with the command veracode repository add are in the current directory.

  2. At a command prompt, run:

    ./veracode repository report

    The veracode repository report command uses the configuration files to access all repositories with a Y in the Is Included column and calculates the number of contributing developers for each repository. The report of contributing developers for each repository appears in the CLI.

  3. To save the report as an Excel file in the current directory, at the prompt for saving a copy of the report, select Yes, then select Enter. The Excel file contains the following information.

    • The Summary tab shows the report creation date and time, the total number of unique contributors to each source control management (SCM) system and the total number of unique contributors, minus any duplicate contributors, across all SCMs. It also shows the number of selected, or included, repositories compared to the total number of repositories available in the SCM. In the configuration files, the included repositories show a Y in the Is Included column. To stop including a repository in a report, in the Is Included column of each configuration file, change Y to N.
    • The tabs for each SCM list the repository namespace, name, and the number of contributing developers.

About contributing developers

Contributing developers are members of SCM projects that have contributed to a repository within the last 90 days. The veracode repository report command identifies unique contributing developers by their email address. If a developer uses the same email address across multiple SCMs, the veracode repository report command only counts that address once.

In the following table for a single SCM, repository A has two contributing developers and repository B has two contributing developers. But, the total unique contributing developers across this SCM is three: Mark, Karen, and Diana.

DeveloperRepositoryLast commit
MarkA95 days
KarenA85 days
DianaA2 days
MarkB65 days
KarenB5 days