# Install cycode with Homebrew

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning. Version 3.17.0 via Homebrew; verified 2026-07-07.

## Install

```sh
sudo av install brew:cycode
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install cycode
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:cycode
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/cycode>
- **Version:** 3.17.0
- **Source summary:** Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
- **Homepage:** <https://github.com/cycodehq/cycode-cli>
- **Repository:** <https://github.com/cycodehq/cycode-cli>
- **Upstream docs:** <https://github.com/cycodehq/cycode-cli#readme>
- **License:** MIT
- **Source archive:** <https://files.pythonhosted.org/packages/32/a0/3a7fc8e4cbc2e4357e0068f6c10c9de00fb621d395a319430deb267d65bf/cycode-3.17.0.tar.gz>
- **Last updated:** 2026-07-07T09:59:01Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- cycode (cli)
- cycode (alias)

## Dependencies

- certifi
- cryptography
- libyaml
- pydantic
- python@3.14
- rpds-py

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.17.0
- Package-manager updated: 2026-07-07
- Local data: ok
- Upstream repository: https://github.com/cycodehq/cycode-cli
- info: No cached GitHub release or tag data was available.
## Project history and usage

Cycode CLI is a local and CI-oriented security scanner for Cycode users, covering secrets, infrastructure-as-code misconfigurations, SCA vulnerabilities, and SAST findings.

### Project history

The cycode-cli repository was created in July 2022 and published early releases later that year. Its README has grown from a scanner guide into a broader command-line manual covering authentication, configuration, pre-commit and pre-push hooks, repository and path scans, SBOM reports, and an experimental MCP server.

### Adoption history

Official installation paths include PyPI, Homebrew, and GitHub Releases, which lets teams choose between Python packaging, macOS package management, and standalone executables. The README also documents pre-commit integration, making the CLI part of developer workflow rather than only a central CI scanner.

### How it is used

Users authenticate with cycode auth, cycode configure, or environment variables, then run scans over repositories, paths, commit history, pre-commit, or pre-push contexts. The CLI stores global credentials and URLs under the user's .cycode directory and local ignore rules in .cycode/config.yaml where scans are run.

### Why package nerds care

For package maintainers, Cycode CLI is a security SaaS client with real local state: packaging needs to expose the cycode executable cleanly while leaving credentials, service URLs, and ignore-rule config in user- or project-owned YAML files.

### Timeline

- 2022: Repository created and early 0.1.x releases published.
- 2023: 0.2.x releases continued the CLI line.
- 2026: 3.x releases remained active with scanner and workflow features documented in the README.

### Related projects

- The CLI integrates with pre-commit and with Cycode's hosted service through client credentials, OIDC tokens, and Cycode API and app URLs.

### Sources

- <https://github.com/cycodehq/cycode-cli/blob/main/README.md>
- <https://api.github.com/repos/cycodehq/cycode-cli>
- <https://github.com/cycodehq/cycode-cli/releases>
- <https://formulae.brew.sh/formula/cycode>


## Security Notes

No matching local secret-handling manifest was found for cycode. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.cycode/config.yaml, ./.cycode/config.yaml

## Credential files

- Unix: ~/.cycode/credentials.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** cycode
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [ggshield](https://www.automicvault.com/pkg/brew/ggshield/) - Shares av.db curated category or tags: cli, devsecops, secrets-scanning, security.
- [gotestwaf](https://www.automicvault.com/pkg/brew/gotestwaf/) - Shares av.db curated category or tags: application-security, cli, security.
- [intercept](https://www.automicvault.com/pkg/brew/intercept/) - Shares av.db curated category or tags: cli, devsecops, sast, security.
- [sqlmap](https://www.automicvault.com/pkg/brew/sqlmap/) - Shares av.db curated category or tags: application-security, cli, security.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, devsecops, security.
- [cdxgen](https://www.automicvault.com/pkg/brew/cdxgen/) - Shares av.db curated category or tags: cli, sca, security.
- [chainloop-cli](https://www.automicvault.com/pkg/brew/chainloop-cli/) - Shares av.db curated category or tags: cli, devsecops, security.
- [detect-secrets](https://www.automicvault.com/pkg/brew/detect-secrets/) - Shares av.db curated category or tags: cli, devsecops, security.
- [snyk-agent-scan](https://www.automicvault.com/pkg/brew/snyk-agent-scan/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, cryptography, libyaml, pydantic.
- [recon-ng](https://www.automicvault.com/pkg/brew/recon-ng/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, libyaml, python, python-3-14.

## Combined YAML source

View the package source record on GitHub. [combined/cycode.yml](https://github.com/automic-vault/db/blob/main/combined/cycode.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
