CLI updates
The updates on this page apply to the Veracode CLI. Updates that apply to specific Veracode regions show a region icon.
For updates specific to Veracode Fix, such as language and CWE support, see Fix updates.
March 13, 2025
Veracode CLI v2.38.2
This update includes the following improvements:
-
The
veracode static scan
command no longer includes the--verbose
flag, by default. -
The
veracode package
command includes:- Improved logging and warning messages.
- Support for identifying the Go version specified in the
go.mod
file. - Support for .NET 9.
- Improved support for atypical .NET projects, such as mixed SDK-style.
- Builds that use Microsoft C++ (MSVC) compilers now succeed, even if there are warning messages.
-
The
veracode repository add
command now supports larger data types (Int64).
February 21, 2025
Veracode CLI v2.38.0
This update includes the following improvements:
- Added the
--verbose
flag to theveracode package
command. The--debug
flag is now deprecated, but still available for compatibility. Use--verbose
instead. - The
veracode static scan
command now retries failed scans up to five times when server errors or too many requests occur.
January 13, 2025
Veracode CLI v2.37.0
This update includes the following improvements:
-
You can now install the CLI on Windows using a signed Microsoft Standard Installer (MSI) file.
-
The CLI now prompts you when a new version of the CLI is available.
-
The CLI now displays a progress indicator when commands are running.
-
The
veracode package
command includes:- Auto-packaging for .NET MAUI framework, .NET Blazor WebAssembly, Azure functions in .NET projects, and
.publishproj
file types in .NET frameworks. - Improved logging.
- Auto-packaging for .NET MAUI framework, .NET Blazor WebAssembly, Azure functions in .NET projects, and
-
The
veracode scan
command no longer generates extraneous files in the working directory.
November 20, 2024
Veracode CLI v2.36.0
This update includes the following improvements:
-
The
veracode package
command includes:- Improved logging.
- The auto-packager attempts to generate artifacts for .NET projects even if it encounters warnings.
- The auto-packager now ignores gems when packaging Ruby projects.
-
The
veracode scan
command now takes less time to generate output.
October 24, 2024
Veracode CLI v2.35.0
This update includes the following improvements to the veracode package
command:
- If your Python, JavaScript, or PHP projects do not use a package manager, this command now generates artifacts that include all code files that might be omitted by a package manager. The artifact filename contains
no-pm
. - Minor performance improvements.
October 15, 2024
Veracode CLI v2.34.0
This update includes the following improvements:
-
New
veracode cache
command that clears the cache for all commands -
The
veracode scan
command includes:- To improve secrets detection, adds support for custom keywords and regex patterns, based on the policy for your organization
- If
policy passed
isfalse
, the CLI now exits with code3
- Support for defining a
temp
directory
September 25, 2024
Veracode CLI v2.33.0
This update includes support for installing previous versions of the CLI using Homebrew.
September 16, 2024
Veracode CLI v2.32.0
This update includes the following improvements:
-
The
veracode package
command includes:- Support for PL/SQL and T-SQL
- Improved packaging for Python and PHP
- Improved error handling
- Improved packaging for iOS to support the latest release of gen-ir
- Improved packaging for .NET to include EXE files
- Improved JavaScript packaging on Windows
-
The
veracode scan
command adds a--verbose
flag to show debug logs.
September 09, 2024
Veracode CLI v2.31.0
This update includes the following improvements:
- The
veracode package
command has improved packaging for JavaScript. - The
veracode package
command now excludes nested Go modules when packaging Go projects. - The
veracode scan
command has improved logging for .NET projects. - The
veracode scan
command can now scan SBOMs from an SCA agent-based scan or upload scan. - Added the
proxyUrl
parameter to a CLI installation script for PowerShell. You can use the parameter to configure proxy servers during the installation.
August 28, 2024
Veracode CLI v2.30.1
You can now install and access the CLI using Homebrew.
August 27, 2024
Veracode CLI v2.30.0
This update includes the following improvements to the veracode package
, veracode sbom
and veracode scan
commands:
- Improved language support for Java Maven workflow.
- Improved error handling to show fatal errors in all modes. For debug mode, added guidance to contact Veracode Technical Support.
August 1, 2024
Veracode CLI v2.29.0
This update includes the following improvements to the veracode package
, veracode sbom
and veracode scan
commands:
- Streamlined the log output by removing overly detailed logs that were cluttering the console. This change improves readability and helps users focus on the most relevant information during the execution of commands. Detailed logs are still available using the
--debug
flag. - Windows C/C++ packaging improvements, including parallel project builds, skipping non-C/C++ projects, and enhanced logging for failed builds.
- Improved error messaging.
- Updated the Syft JSON schema from version 13.0.0 to 16.0.4.
- Updated the CycloneDX XML schema from version 1.5 to 1.6.
- URL encoder is applied.
July 25, 2024
Veracode CLI v2.28.0
This update includes the following improvements:
- The
veracode static scan
command has improved error messages that indicate whether API credentials are missing or invalid. - The
veracode configure
command now correctly uses directory paths that contain environment variables. - General performance improvements.
July 2, 2024
Veracode CLI v2.27.1
This update includes the following improvements to the veracode package
command:
- Support for C/C++ Windows, C/C++ Linux, COBOL, and Perl.
- Support for multiple target frameworks defined in the
*.csproj
,Directory.Packages.props
, andDirectory.Build.props
files in .NET projects. - Improved language support for .NET.
June 28, 2024
Veracode CLI v2.26.0
This update includes the following improvements to the veracode package
command:
- Support for .NET Framework 4.6-4.8.
- Support for restoring .NET projects with
<TargetFramework>
. - Improved language support for Flutter, Android, PHP, and .NET.
- More meaningful
--debug
messages if the command is not able to locate required build or packaging tools.
June 18, 2024
Veracode CLI v2.25.0
This update includes the following improvements
- The
veracode package
andveracode scan
commands are now supported on alpine-based environments. - Improved Java, Javascript, and Python language support for the
veracode package
command.
June 12, 2024
Veracode CLI v2.24.0
The veracode static
command now provides improved command output.
June 6, 2024
Veracode CLI v2.23.0
The veracode static
command output now only displays scannable modules once.
June 5, 2024
Veracode CLI v2.22.0
This update adds the veracode dynamic
command. You use this command to run a DAST Essentials dynamic analysis, check the status of the analysis, and output the results.
May 28, 2024
Veracode CLI v2.21.0
The veracode package
command now supports Android, React Native, Dart, and Flutter.
May 6, 2024
Veracode CLI v2.18.0
This update includes the following improvements to the veracode package
command:
- Support for streaming log messages.
- Improved language support for .NET and Python.
April 15, 2024
Veracode CLI v2.16.0
This update includes the following improvements:
- The
veracode package
command now supports iOS, in addition to existing support for Java, JavaScript, .NET, Python, PHP, Scala, Kotlin, Go, and Ruby on Rails. You use this command to auto-package your applications for Static Analysis and Software Composition Analysis (SCA) upload scans. - The packaged artifacts use a Veracode approved filename format.
- Improved error messaging.
- The
veracode package
command output now displays the installed CLI version.