This guide helps you diagnose and fix authentication problems when uploading scans to Vibgrate Cloud. It is for developers and CI maintainers whose pushes are failing.
Overview
Most authentication issues fall into a few buckets: the CLI is not signed in locally, a DSN is missing or wrong in CI, or results are going to an unexpected workspace. Local scanning never requires authentication, so if a bare vg works but vg push fails, the problem is specifically with the upload credential.
Local: pushes fail from your machine
If vg push fails interactively, your stored credential may be missing or stale. Reset it cleanly:
vg logout
vg login
This clears the old credential and re-establishes the connection through the browser. Then retry the push.
CI: pushes fail in the pipeline
In automation there is no browser, so uploads rely on a DSN. Check, in order:
- The DSN secret exists in your CI provider and is exposed to the job that pushes.
- The scan actually receives it, for example
vg scan --push --dsn "$VIBGRATE_DSN". - The secret is not empty or truncated, and is not being masked in a way that breaks it.
If the token may have been exposed or no longer works, generate a fresh one with vg dsn create and update the secret.
Results land in the wrong place
If scans upload but appear under an unexpected workspace, confirm you are signed in to the intended account locally (vg logout then vg login), or that the CI DSN belongs to the correct workspace.
Still stuck?
- Confirm local scanning works with a bare
vgto isolate the problem to auth. - Verify your CLI version with
vg --versionand update if needed withvg update. - Make sure secrets are injected through your CI provider rather than hard-coded.
Related
See the vg login and vg logout articles, the CI authentication guide, the environment-variables article, and the dsn create command page.