CLI updates

The updates on this page apply to the Veracode CLI. Updates that apply to specific Veracode regions show a region icon.

For updates specific to Veracode Fix, such as language and CWE support, see Fix updates.

October 30, 2025

Veracode CLI v2.43.0

This update includes the following improvements:

• The veracode scan command has security related updates.
• The veracode package command:
  • Supports generic packager for Apex.
  • Includes fixes to stop the creation of a Golang zip artifact when only the go.mod file is present.
  • Adds the new VERACODE_PACKAGE_GOLANG_GENERATE environment variable, which enables client-side CGO code generation when packaging Go applications.
• The veracode static command includes fixes for the usability of --filtered-json-output-file to work like --results-file.
• The veracode fix CLI includes minor updates.

Aug 1, 2025

Veracode CLI v2.42.0

This update includes the following improvements:

• Improves error messaging when a user cannot be authenticated.
• The veracode static scan command:
  • Displays the Static Engine version in the scan summary.
  • Provides enhanced logging.
• The veracode package command:
  • Resolves packaging errors for C++/CLI and C++/CX projects that produce static libraries.
  • Resolves MSBuild errors for C/C++ projects that contain a . in the name.
  • Improves detection of Makefiles generated by Autoconf to reduce auto-packaging errors.
  • Provides packaging support for the MSBuild .NET framework.
• The veracode scan command:
  • Adds platform integration support for scenarios where the scan path is specified as relative. For example, ./.

July 1, 2025

Veracode CLI v2.41.0

This update includes the following improvements:

• The veracode package command has the following updates and improved capabilities:

  • Adds the ability to include the directory path in the artifact name to make flaws easier to locate.
  • Skips creating a JS artifact if the artifact contains only these extensions: json, map, yaml, yml, lock, css.
  • Fixes Maven build failure caused by the directory tag in pom.xml. Scannable artifacts are now created only in the target directory.
  • Adds support for preprocessor header files used to build PCH.
  • Packages C++/CLI and C++/CX projects as binaries when packaging preprocessed source.
  • Adds the option to process all Makefiles in a directory tree.

• The veracode scan command includes the following improvements:

  • Enables customers to specify a custom location from which vulnerability databases can be downloaded.
  • Provides supports for parsing Dockerfile heredoc syntaxes.

• The veracode repository report command fixes the issue of duplicate email address being counted twice.

• The veracode sca command that includes SBOM generation is now supported via SCA agent-based scans. Results can be published in CycloneDX 1.6 and SPDX 2.3 formats.

• Introduces auth login command to seamlessly onboard new users via oAuth2.

May 16, 2025

Veracode CLI v2.40.0

This update includes the following improvements:

• The veracode package command includes:

  • Improved messaging for build issues during packaging.
  • Support for Go v1.24.

• The veracode scan command includes updated dependencies for improved security.

April 14, 2025

Veracode CLI v2.39.0

This update includes the following improvements:

• The veracode package command includes:

  • New configuration options for specifying platform and build configuration for C/C++ on Linux and Windows.
  • Improved packaging support for Golang and Ruby projects.
  • The SRCCLR_DOWNLOAD_URL environment variable now defaults to https://sca-downloads.veracode.com. The previous URL, https://download.sourceclear.com, is now deprecated. We recommend updating all instances in your environment.
  • Auto-packager debug logs now include Maven project exit codes.
  • A new, optional --strict flag: when enabled, the CLI returns exit code 4 for any build failures during packaging.
  • Preprocessed source code scanning is now the default method for C/C++ projects on Windows. This change offers broader support and faster scan times.
  • Support for scanning preprocessed C/C++ source code is now available on Linux, replacing the existing Linux auto-packaging solution.

• The veracode scan command includes:

  • Improved detection of misconfigured environments
  • A new schema that improves the organization and presentation of scan results

March 13, 2025

Veracode CLI v2.38.2

This update includes the following improvements:

• The veracode static scan command no longer includes the --verbose flag, by default.

• The veracode package command includes:

  • Improved logging and warning messages.
  • Support for identifying the Go version specified in the go.mod file.
  • Support for .NET 9.
  • Improved support for atypical .NET projects, such as mixed SDK-style.
  • Builds that use Microsoft C++ (MSVC) compilers now succeed, even if there are warning messages.

• The veracode repository add command now supports larger data types (Int64).

February 21, 2025

Veracode CLI v2.38.0

This update includes the following improvements:

• Added the --verbose flag to the veracode package command. The --debug flag is now deprecated, but still available for compatibility. Use --verbose instead.
• The veracode static scan command now retries failed scans up to five times when server errors or too many requests occur.

January 13, 2025

Veracode CLI v2.37.0

This update includes the following improvements:

• You can now install the CLI on Windows using a signed Microsoft Standard Installer (MSI) file.

• The CLI now prompts you when a new version of the CLI is available.

• The CLI now displays a progress indicator when commands are running.

• The veracode package command includes:

  • Auto-packaging for .NET MAUI framework, .NET Blazor WebAssembly, Azure functions in .NET projects, and .publishproj file types in .NET frameworks.
  • Improved logging.

• The veracode scan command no longer generates extraneous files in the working directory.

November 20, 2024

Veracode CLI v2.36.0

This update includes the following improvements:

• The veracode package command includes:

  • Improved logging.
  • The auto-packager attempts to generate artifacts for .NET projects even if it encounters warnings.
  • The auto-packager now ignores gems when packaging Ruby projects.

• The veracode scan command now takes less time to generate output.

October 24, 2024

Veracode CLI v2.35.0

This update includes the following improvements to the veracode package command:

• If your Python, JavaScript, or PHP projects do not use a package manager, this command now generates artifacts that include all code files that might be omitted by a package manager. The artifact filename contains no-pm.
• Minor performance improvements.

October 15, 2024

Veracode CLI v2.34.0

This update includes the following improvements:

• New veracode cache command clears the cache for all commands.

• The veracode scan command includes:

  • To improve secrets detection, adds support for custom keywords and regex patterns, based on the policy for your organization.
  • If policy passed is false, the CLI now exits with code 3.
  • Support for defining a temp directory.

September 25, 2024

Veracode CLI v2.33.0

This update includes support for installing previous versions of the CLI using Homebrew.

September 16, 2024

Veracode CLI v2.32.0

This update includes the following improvements:

• The veracode package command includes:

  • Support for PL/SQL and T-SQL.
  • Improved packaging for Python and PHP.
  • Improved error handling.
  • Improved packaging for iOS to support the latest release of gen-ir.
  • Improved packaging for .NET to include EXE files.
  • Improved JavaScript packaging on Windows.

• The veracode scan command adds a --verbose flag to show debug logs.

September 09, 2024

Veracode CLI v2.31.0

This update includes the following improvements:

• The veracode package command has improved packaging for JavaScript.
• The veracode package command now excludes nested Go modules when packaging Go projects.
• The veracode scan command has improved logging for .NET projects.
• The veracode scan command can now scan SBOMs from an SCA agent-based scan or upload scan.
• Added the proxyUrl parameter to a CLI installation script for PowerShell. You can use the parameter to configure proxy servers during the installation.

August 28, 2024

Veracode CLI v2.30.1

You can now install and access the CLI using Homebrew.

August 27, 2024

Veracode CLI v2.30.0

This update includes the following improvements to the veracode package, veracode sbom and veracode scan commands:

• Improved language support for Java Maven workflow.
• Improved error handling to show fatal errors in all modes. For debug mode, added guidance to contact Veracode Technical Support.

August 1, 2024

Veracode CLI v2.29.0

This update includes the following improvements to the veracode package, veracode sbom and veracode scan commands:

• Streamlined the log output by removing overly detailed logs that were cluttering the console. This change improves readability and helps users focus on the most relevant information during the execution of commands. Detailed logs are still available using the --debug flag.
• Windows C/C++ packaging improvements, including parallel project builds, skipping non-C/C++ projects, and enhanced logging for failed builds.
• Improved error messaging.
• Updated the Syft JSON schema from version 13.0.0 to 16.0.4.
• Updated the CycloneDX XML schema from version 1.5 to 1.6.
• URL encoder is applied.

July 25, 2024

Veracode CLI v2.28.0

This update includes the following improvements:

• The veracode static scan command has improved error messages that indicate whether API credentials are missing or invalid.
• The veracode configure command now correctly uses directory paths that contain environment variables.
• General performance improvements.

July 2, 2024

Veracode CLI v2.27.1

This update includes the following improvements to the veracode package command:

• Support for C/C++ Windows, C/C++ Linux, COBOL, and Perl.
• Support for multiple target frameworks defined in the *.csproj, Directory.Packages.props, and Directory.Build.props files in .NET projects.
• Improved language support for .NET.

June 28, 2024

Veracode CLI v2.26.0

This update includes the following improvements to the veracode package command:

• Support for .NET Framework 4.6-4.8.
• Support for restoring .NET projects with <TargetFramework>.
• Improved language support for Flutter, Android, PHP, and .NET.
• More meaningful --debug messages if the command is not able to locate required build or packaging tools.

June 18, 2024

Veracode CLI v2.25.0

This update includes the following improvements

• The veracode package and veracode scan commands are now supported on alpine-based environments.
• Improved Java, Javascript, and Python language support for the veracode package command.

June 12, 2024

Veracode CLI v2.24.0

The veracode static command now provides improved command output.

June 6, 2024

Veracode CLI v2.23.0

The veracode static command output now only displays scannable modules once.

June 5, 2024

Veracode CLI v2.22.0

This update adds the veracode dynamic command. You use this command to run a DAST Essentials dynamic analysis, check the status of the analysis, and output the results.

May 28, 2024

Veracode CLI v2.21.0

The veracode package command now supports Android, React Native, Dart, and Flutter.

May 6, 2024

Veracode CLI v2.18.0

This update includes the following improvements to the veracode package command:

• Support for streaming log messages.
• Improved language support for .NET and Python.

April 15, 2024

Veracode CLI v2.16.0

This update includes the following improvements:

• The veracode package command now supports iOS, in addition to existing support for Java, JavaScript, .NET, Python, PHP, Scala, Kotlin, Go, and Ruby on Rails. You use this command to auto-package your applications for Static Analysis and Software Composition Analysis (SCA) upload scans.
• The packaged artifacts use a Veracode approved filename format.
• Improved error messaging.
• The veracode package command output now displays the installed CLI version.

March 29, 2024

Fix flaws in multiple files in a directory

The veracode fix command now provides suggested fixes for a directory of source files, in addition to a single source file. You can fix flaws in multiple files as a batch, without having to rescan your code each time you apply a fix.

March 27, 2024

Veracode CLI v2.14.0

The veracode package command now supports application packaging for the following languages:

• .NET
• Go
• Kotlin
• PHP
• Ruby on Rails
• Scala

February 5, 2024

New commands for reporting on repository contributors

The Veracode CLI now includes the following commands:

• veracode repository add: create an Excel file that lists all accessible repositories from which to import contributing developers.
• veracode repository report: create a report that lists all contributing developers for each repository.

January 18, 2024

The Veracode CLI now supports auto-packaging for Veracode Static Analysis

The Veracode CLI now supports Static Analysis auto-packaging for Java, JavaScript, and Python. The package command removes manual packaging steps to streamline your application security tests.

January 9, 2024

Install the CLI on Windows with a PowerShell script

You can now install the Veracode CLI on Windows with a PowerShell script.

Previous updates

2023 updates

2023 updates

October 26, 2023

The Veracode CLI now supports Windows

You can now install the Veracode CLI on Windows with Chocolatey.

June 28, 2023

New command for Veracode Fix

The veracode fix command is a new generative AI feature of the Veracode CLI. It uses the results from a Veracode Pipeline Scan to generate suggested code fixes that you can apply to flaws in your application source code. This feature is currently only available in the Commercial Region. To get started, see the quickstart.

2022 updates

2022 updates

December 30, 2022

Released Veracode Container Security

Veracode Container Security is available. Container Security is a feature of the Veracode CLI that does the following:

• Scans for container vulnerabilities
• Scans for infrastructure as code misconfigurations
• Scans for improperly stored secrets
• Helps developers secure their cloud native applications

For more information about Veracode Container Security, contact your Veracode account representative.