Get started with Checks CLI

The Checks CLI brings the functionality of Checks into your development workflow. You can run the CLI locally, in your CI/CD pipeline, or through other types of scripts and automation.

Setting up and using the Checks CLI requires the following steps:

  1. Install the Checks CLI
  2. Authenticate your machine
  3. Integrate and use the Checks CLI by running commands from the command line or integrating the Checks CLI into your CI/CD environment.

Set up the Checks CLI

You can install or update the Checks CLI by using the standalone executables in the tables for either Linux or macOS.

After you install the Checks CLI, you must authenticate. Then you can get started testing and fixing your vulnerabilities, beginning with testing your installation.

Install with standalone executables

Checks provides standalone executable download links for the latest release and for specific versions. The following links, for example, are for macOS and Linux:

For example, to download and run the latest Checks CLI on macOS, run:

curl --compressed -o checks
chmod +x ./checks
mv ./checks /usr/local/bin/
  1. Make sure you've installed your package manager and any required third-party tools.
  2. Download the Checks CLI binary for your platform:





SHA256 Checksum



25.1 MB


Make the binary executable by running chmod +x ./checks. (Optional) Move the binary to a location where you can execute it globally: mv ./checks /usr/local/bin/





SHA256 Checksum



20.3 MB


Make the binary executable by running chmod +x ./checks (Optional) Move the binary to a location where you can execute it globally: mv ./checks /usr/local/bin/





SHA256 Checksum

Windows 8.1 and later and Windows Server 2012 and later


20.3 MB


(Optional) Rename the file to checks.exe so you can run checks commands as documented, for example, checks help.

Update to the latest CLI version

To make sure you're getting the newest features and bug fixes, we recommend you frequently check for updates to the CLI.

You can download the new version from the preceding tables, and then replace the previous version on your system.

Test your installation

After authenticating, you can test your installation. For a quick test, run checks --help.

Additional information

Run checks --help or see the CLI commands and options summary.

Getting support

Send an email to whenever you need help with the Checks CLI or Checks in general.

Authenticate the CLI

After installing the CLI, you must sign in to a Google Account. To authorize the Checks CLI's access to Checks, use either a service account or user account.

A service account is a Google Cloud account associated with your Google Cloud project and not a specific user. Service accounts are useful for setting up Checks in a CI environment.

A user account is a Google Account that has access to your Checks account. This is the best option for using the Checks CLI from your command line.

Authenticate with a service account

  1. Open the Google Cloud console and select your project.
  2. In the API Library, enable the Checks API.
  3. Create a service account for your project by navigating to the IAM Service Accounts page in Google Cloud Console. Click Create Service Account and enter service account details.
    1. Create a private JSON key for your newly created service account and move the key to a location accessible to your build environment. Be sure to keep this file somewhere safe, because it grants administrator access to Checks.
    2. Set the environment variable CHECKS_CREDENTIALS to the path of your private key JSON file.
  4. To grant the Service Account access to your Checks account, add the email address and give it the Owner role on the Checks Console Settings page. For more information on inviting users to your Checks account, see Managing team access.

Authenticate with a user account

Important: If you're connecting through SSH, forward port 9005.

  1. Sign in to Firebase using your Google Account with the following command: checks login

    This command connects your local machine to Checks and grants you access to your Checks accounts.

    • Use checks login --reauth if you have previously signed in, but want to switch to a different Google Account.
    • Use checks logout to sign out.
  2. Open the generated authentication URL in the browser.

  3. Sign in to your Google Account.

  4. Give consent to Checks to access your Checks account.