CLI

The Veriva CLI lets you run code analysis from your terminal. Scan local diffs, scan GitHub PRs remotely, export SARIF for CI/CD, and check repository health — all from the command line.

Installation

npm install -g @veriva/cli

Authentication

Some commands (like remote PR analysis) require authentication. The CLI uses GitHub OAuth device flow:

veriva login

This opens your browser to complete GitHub authentication. Your token is stored in a permissions-restricted file at ~/.veriva/credentials.json.

You can also authenticate directly with a token:

veriva login --token <your-token>

# Or via environment variable
export VERIVA_TOKEN=<your-token>

To check your authentication status:

veriva status

To log out and clear stored credentials:

veriva auth logout

Commands

veriva scan

Scan code for AI patterns, security issues, and supply chain risks.

# Scan current git diff (uncommitted changes)
veriva scan

# Scan a specific diff file
veriva scan --file changes.patch

# Scan a GitHub PR (requires login)
veriva scan --pr 123
veriva scan --pr owner/repo/123

# Force local-only analysis (no API, static analysis only)
veriva scan --pr 123 --local

# Output formats
veriva scan --json
veriva scan --sarif
veriva scan --sarif --output results.sarif

# Fail CI if grade is below threshold
veriva scan --fail-on B

veriva analyze

veriva analyze remains available as the advanced command behind veriva scan. It accepts the same flags.

veriva analyze --help

veriva health

Run repository health checks on your project.

veriva health
veriva health --dir /path/to/project
veriva health --json

Checks for:

• Missing lockfile (package-lock.json, pnpm-lock.yaml, yarn.lock)
• Known vulnerable dependencies
• Missing test scripts
• Missing security policy (SECURITY.md)
• Copyleft license dependencies in permissive projects
• Version wildcards (*, latest) in dependencies
• Missing .env.example for environment documentation
• Node.js engine version specification

veriva rules

List all detection rules with their metadata.

veriva rules
veriva rules --category SECURITY
veriva rules --severity HIGH
veriva rules --json

veriva status

Check authentication status, API connectivity, and your plan details.

veriva status

Shows your email, token expiry, API connectivity, plan tier, available analysis layers, usage limits, and auto-fix availability.

veriva config init

Create a .veriva.yml configuration file in your project.

veriva config init
veriva config init --force           # Overwrite existing config
veriva config init --dir ./my-app    # Create in specific directory

See the Configuration page for details on what you can customize.

CI/CD integration

Use the CLI in your CI pipeline to gate merges on code quality. The SARIF output integrates with GitHub Code Scanning.

GitHub Actions

name: Veriva Scan
on: [pull_request]

jobs:
  veriva:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/setup-node@v4
        with:
          node-version: 22

      - run: npm install -g @veriva/cli

      - name: Run Veriva analysis
        run: veriva scan --sarif --output results.sarif --fail-on C
        env:
          VERIVA_TOKEN: ${{ secrets.VERIVA_TOKEN }}

      - name: Upload SARIF
        if: always()
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

Exit codes

Environment variables