The Path to Autonomous Security
Corgea’s vision is to make application security fully autonomous — handling the heavy lifting so you can focus on building. Our platform already detects vulnerabilities, reduces false positives, and generates AI-powered fixes automatically. But some tasks still require a developer or security engineer to act on findings, apply fixes, and verify results. That’s where Corgea’s agentic integrations come in. By connecting Corgea directly to the AI coding agents you already use — like Cursor, Claude Code, GitHub Copilot, and OpenAI Codex — you give those agents the context and capabilities they need to handle security tasks on your behalf. The result is a development workflow where security issues are not only found but also resolved with minimal manual effort. Corgea offers two powerful agentic integrations: Corgea Agent Skill and Corgea MCP.Corgea Agent Skill
Agent Skills are an open format for giving AI agents new capabilities. A skill is a structured set of instructions, commands, and context that an agent can discover and use on demand — think of it as a playbook that teaches your agent how to interact with a specific tool. The Corgea Agent Skill teaches your coding agent how to use the Corgea CLI to scan code, list issues, inspect vulnerabilities, view AI-generated fixes, and apply them — all from within your development environment. Unlike MCP (which provides read access to Corgea data), the Agent Skill gives your agent the ability to take action: run scans, retrieve diffs, and apply fixes directly to your codebase. Agent Skills are supported by leading AI development tools including Cursor, Claude Code, OpenAI Codex, GitHub Copilot, VS Code, Roo Code, Windsurf, and many more.
Prerequisites
Before installing the skill, you need the Corgea CLI installed and authenticated on your machine. The skill relies on CLI commands likecorgea scan, corgea ls, and corgea inspect to interact with Corgea.
Install the Corgea CLI
Follow the CLI installation and authentication guide to get set up.
Installation
The Corgea skill file is hosted on GitHub:- Cursor
- Claude Code
- OpenAI Codex
- GitHub Copilot / VS Code
- Windsurf
- Roo Code
- Other Agents
Cursor discovers skills from Once placed, Cursor automatically loads the skill in Agent mode when your request matches a security task. You can also explicitly invoke it using
SKILL.md files placed in designated directories. To install the Corgea skill:- Create the skills directory in your project or home folder:
- Download the skill file:
@corgea in the chat.For project-level skills shared with your team, place the file in .cursor/skills/corgea/SKILL.md within your repository instead.Use Cases
Fix vulnerabilities from a PR scan
Fix vulnerabilities from a PR scan
When Corgea scans your pull request and reports vulnerabilities, you no longer need to manually inspect each finding and write fixes. Open your coding agent (Cursor, Claude Code, etc.) and ask it to fix the issues:
“Fix all the security issues Corgea found in my latest PR scan.”The agent will automatically connect to Corgea, list the issues for your scan, retrieve the AI-generated diffs, and apply the fixes to your codebase — all in one step.
Scan and fix before committing vibe-coded changes
Scan and fix before committing vibe-coded changes
When you’re rapidly iterating on code with AI assistance (vibe coding), security can easily slip through the cracks. Use the agent to run a security check before every commit:
“Scan my uncommitted changes for security issues and fix anything you find.”The agent will run
corgea scan --only-uncommitted, review the results, and apply fixes — ensuring your fast-moving code stays secure without slowing you down.Targeted security scan on specific files
Targeted security scan on specific files
Focus the scan on the files or directories you’ve been working on:
“Scan the src/auth/ directory for security vulnerabilities.”The agent runs a targeted BLAST scan using
--target src/auth/, reviews the findings, and can apply fixes on the spot.Review and understand a vulnerability
Review and understand a vulnerability
When you want to understand a finding before deciding whether to fix it:
“Show me the details and fix for issue ISSUE_ID.”The agent retrieves the full issue details, explains the vulnerability, and presents the AI-generated fix with a diff — letting you make an informed decision.
Corgea MCP
The Model Context Protocol (MCP) is an open standard that lets AI agents securely connect to external tools and data sources. Corgea’s MCP server exposes your scan results, vulnerability details, SCA findings, and blocking rules directly to any MCP-compatible agent. With Corgea MCP, your AI agent can query scan results, retrieve issue details, list vulnerabilities filtered by severity or project, and check policy configurations — all without you having to copy-paste data or switch between tools.Corgea MCP Setup Guide
Full setup instructions, available tools, and client configuration for Claude Desktop, Cursor, and more.
Use Cases
- Contextual code review: Ask your agent “What critical vulnerabilities were found in the last scan?” and get actionable answers grounded in real scan data.
- Vulnerability triage: Let the agent prioritize which issues to fix first based on severity, exploitability, and your organization’s blocking rules.
- Remediation planning: Ask the agent to generate a fix plan for all open high-severity issues in a specific project or scan.
- Dependency risk assessment: Query SCA findings to understand which third-party libraries have known vulnerabilities and what versions to upgrade to.
Agent Skill vs. MCP — When to Use Which
| Corgea Agent Skill | Corgea MCP | |
|---|---|---|
| Best for | Running scans and applying fixes | Querying and analyzing existing scan data |
| Capabilities | Run scans, list issues, inspect findings, apply fix diffs | Read scan results, issues, SCA data, blocking rules |
| Requires | Corgea CLI installed and authenticated | API token + MCP client |
| Agent interaction | Agent executes CLI commands in your terminal | Agent queries Corgea’s API via MCP protocol |
| Ideal workflow | ”Scan and fix my code" | "What vulnerabilities exist?” |
Getting Started
Install the Corgea CLI
Follow the CLI installation guide to install and authenticate.
Install the Corgea Agent Skill
Add the Corgea skill to your coding agent using the installation instructions above.
Set up Corgea MCP
Connect your AI agent to Corgea’s MCP server for security data access. See the MCP setup guide.