Skip to main content

veracode package

Packages project code as an artifact (archive file) that you can upload to Veracode for Static Analysis or SCA upload and scan. SCA agent-based scanning is not supported. To automate packaging, see About auto-packaging.

Usage

./veracode package --source <string> --trust [environment variables] [flags]

Flags

FlagDescription
-d, --debugDeprecated. Use --verbose. Displays detailed output.
-h, --helpShow help for this command.
-o, --outputOutput directory to place the output artifact file on your local system. Default is the local working directory.
-s, --sourceLocation of the source to package based on the target --type. If the target is directory, enter the path to a local directory. If the target is repo, enter the URL to a Git version control system. If you enter a repository URL, the package command clones the repository to a temporary directory, packages the code, and then deletes the cloned repository after packaging.
-a, --trustAcknowledges that the source project is a trusted source. Required the first time you package a project.
-t, --typeSpecifies the target type you want to package. Values are repo or directory. Default is directory.
-v, --verboseDisplays detailed output.
--strictIf this optional flag is enabled, the exit code 4 indicates build failure during packaging.

Environment variables

All environment variables are optional.

Environment variableDescription
SRCCLR_IOS_SCHEMEFor iOS projects, defines a custom scheme. A scheme is a collection of settings that define how the xcodebuild process builds, runs, and configures an application. By default, the auto-packager creates a scheme for a project based on the project name.
To set this environment variable, run: export SRCCLR_IOS_SCHEME=<custom scheme>
SRCCLR_IOS_DESTINATIONFor iOS projects, defines the destination platform, such as iOS, tvOS, watchOS, or visionOS, for the application. The default is generic/platform=iOS.
To set this environment variable, run: export SRCCLR_IOS_DESTINATION=<custom destination>
SRCCLR_IOS_CONFIGURATIONFor iOS projects, defines the build configuration that the xcodebuild process uses to build the project. Values are Debug or Release. The default is Debug.
To set this environment variable, run: export SRCCLR_IOS_CONFIGURATION=<value>
SRCCLR_MAKE_TARGETSFor Makefiles with C/C++ sources, defines the Make goals (targets) required to build the project and package preprocessed source code. By default, the auto-packager uses the Makefile's default goal.
To override the default goal, run: export SRCCLR_MAKE_TARGETS=<target1 target2 targetN>
SRCCLR_MAKE_JOBSFor Makefiles with C/C++ sources, defines the number of recipes (jobs) to run simultaneously. By default, the auto-packager runs as many jobs concurrently as the system allows.
To set this environment variable, run: export SRCCLR_MAKE_JOBS=<jobs>
SRCCLR_MSVC_PREPROCESSFor Visual Studio solutions with C/C++ projects, defines whether to package preprocessed source code or built debug binaries. By default, the auto-packager packages preprocessed source code.
To package built debug binaries instead of preprocessed source code, run: set SRCCLR_MSVC_PREPROCESS=false
SRCCLR_MSVC_CONFIGURATIONFor Visual Studio solutions with C/C++ projects, defines the solution build configuration that the MSBuild process uses to preprocess or build the solution. The default is the first solution build configuration listed in the solution file that is configured as a debug build, if available.
To set this environment variable, run: set SRCCLR_MSVC_CONFIGURATION=<value>
SRCCLR_MSVC_PLATFORMFor Visual Studio solutions with C/C++ projects, defines the target solution platform, such as x64 or x86. The default is the first solution build configuration listed in the solution file that is configured as a debug build, if available.
To set this environment variable, run: set SRCCLR_MSVC_PLATFORM=<value>

Examples

To package a local directory and place the output in a different directory, run:

./veracode package --source path/to/project --output path/to/output/dir

To package source for a GitHub repository that you trust and place the output in the current directory, run:

./veracode package --source https://github.com/veracode/verademo --type repo --trust

To perform the same action with a custom scheme, run:

SRCCLR_IOS_SCHEME=MyTestProj ./veracode package --source https://example.com/My-iOS-App-repo --type repo --trust