VERIS is a security analysis tool that scans files and directories for security risks. It produces deterministic reports — the same input always produces the same output. It runs entirely offline with no cloud dependency.
No. VERIS is an investigation platform. It analyzes software artifacts, produces evidence, and assigns risk scores. It does not detect malware in real time or replace antivirus software.
No. The analysis pipeline makes zero network calls. Everything runs locally. AI explanations can use Ollama for a fully offline experience.
No. AI is strictly a consumer of analysis results. It explains findings and summarizes reports — it never participates in detection or scoring.
Contact VERIS sales at veris.com for pricing and licensing information.
Run npx veris-cli to use it immediately, or install globally with
npm install -g veris-cli. See INSTALL for details.
Node.js 18 or later. VERIS works on Windows, macOS, and Linux.
Your npm global bin directory may not be in your PATH. Try npx veris-cli instead,
which requires no installation.
veris scan
or
veris scan ./path/to/target
VERIS analyzes executables (PE, ELF, Mach-O), Office documents (DOCX, XLSX, PPTX), archives (ZIP, TAR, GZ), scripts (Python, JavaScript, Shell, PowerShell), configuration files (JSON, YAML, TOML, INI), and more.
JSON, Markdown, HTML, SARIF 2.1.0, CSV, and JUnit XML.
Run veris explain <finding-id> after a scan. You need an AI provider
configured (OpenAI, Anthropic, or Ollama).
Large directories take longer to scan. Use veris scan --silent to suppress
progress output, or target a specific subdirectory.
If you get different results, check that your files haven't changed between runs. VERIS is deterministic — the same input always produces the same output.
Open a GitHub Issue. Include your
VERIS version (veris --version), operating system, Node.js version, and
steps to reproduce.