Standalone Binary
Run Codeward as a standalone binary on Linux, macOS, or Windows — no Docker, no containers, no dependencies.
Download
Pre-built binaries are available from the codeward-io/scan releases page.
| OS | Architecture | Binary Name |
|---|---|---|
| Linux | amd64 | codeward-scan-linux-amd64 |
| Linux | arm64 | codeward-scan-linux-arm64 |
| macOS | amd64 (Intel) | codeward-scan-darwin-amd64 |
| macOS | arm64 (Apple Silicon) | codeward-scan-darwin-arm64 |
| Windows | amd64 | codeward-scan-windows-amd64.exe |
| Windows | arm64 | codeward-scan-windows-arm64.exe |
Quick Install
# Download (replace OS and ARCH for your platform)
curl -L -o codeward-scan \
https://github.com/codeward-io/scan/releases/download/v0.3.0/codeward-scan-linux-amd64
# Make executable
chmod +x codeward-scan
# Move to PATH (optional)
sudo mv codeward-scan /usr/local/bin/
macOS (Apple Silicon):
curl -L -o codeward-scan \
https://github.com/codeward-io/scan/releases/download/v0.3.0/codeward-scan-darwin-arm64
chmod +x codeward-scan
Windows (PowerShell):
Invoke-WebRequest -Uri "https://github.com/codeward-io/scan/releases/download/v0.3.0/codeward-scan-windows-amd64.exe" -OutFile "codeward-scan.exe"
Usage
Basic Scan
Scan the current directory with default policies:
codeward-scan
The scanner looks for .codeward.yaml (or .codeward.json) in the current directory.
Specify Config
codeward-scan --config /path/to/.codeward.yaml
Diff Mode
Compare two directories (e.g., main branch vs feature branch):
CODEWARD_MODE=diff codeward-scan
When running in diff mode locally, the scanner expects:
- Main branch code in the current directory (or a path you configure)
- Feature branch code in a separate directory
With Environment Variables
export CODEWARD_MODE=main
export CODEWARD_LOG_LEVEL=DEBUG
export CODEWARD_CACHE_DIR=~/.codeward-cache
codeward-scan --config .codeward.yaml
SARIF & SBOM Output
# Generate SARIF report
CODEWARD_SARIF_OUTPUT=results.sarif codeward-scan
# Generate SBOM
CODEWARD_SBOM_OUTPUT=sbom.cdx.json codeward-scan
CI Integration (Non-Docker)
Use standalone binaries in CI systems where Docker is unavailable or undesirable.
GitHub Actions (Binary)
name: Codeward (Binary)
on: pull_request
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download Codeward
run: |
curl -L -o codeward-scan \
https://github.com/codeward-io/scan/releases/download/v0.3.0/codeward-scan-linux-amd64
chmod +x codeward-scan
- name: Run scan
run: ./codeward-scan --config .codeward.yaml
env:
CODEWARD_MODE: main
CODEWARD_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEWARD_GITHUB_OWNER: ${{ github.repository_owner }}
CODEWARD_GITHUB_REPOSITORY: ${{ github.event.repository.name }}
CODEWARD_GITHUB_PR_NUMBER: ${{ github.event.number }}
GitLab CI
codeward-scan:
stage: test
before_script:
- curl -L -o codeward-scan
https://github.com/codeward-io/scan/releases/download/v0.3.0/codeward-scan-linux-amd64
- chmod +x codeward-scan
script:
- ./codeward-scan --config .codeward.yaml
variables:
CODEWARD_MODE: main
Azure Pipelines
steps:
- script: |
curl -L -o codeward-scan \
https://github.com/codeward-io/scan/releases/download/v0.3.0/codeward-scan-linux-amd64
chmod +x codeward-scan
./codeward-scan --config .codeward.yaml
env:
CODEWARD_MODE: main
displayName: Run Codeward Scan
Build Details
- Static binary:
CGO_ENABLED=0— pure Go, no C dependencies - Stripped: Symbols and DWARF debug info removed for smaller size
- Self-contained: No runtime dependencies — just download and run
Environment Variables
All environment variables work identically whether using Docker or the standalone binary. See CLI & Environment Variables for the complete reference.
Troubleshooting
| Symptom | Fix |
|---|---|
permission denied | Run chmod +x codeward-scan |
command not found | Add to PATH or use ./codeward-scan |
| macOS Gatekeeper block | Run xattr -d com.apple.quarantine codeward-scan |
| Wrong architecture | Check uname -m and download the matching binary |