Supercharge your security from the command line
Corgea CLI is a powerful developer tool that helps you find and fix security vulnerabilities in your code. Using our AI-powered scanner (BLAST) and platform, Corgea identifies complex security issues like business logic flaws, authentication vulnerabilities, and other hard-to-find bugs. The CLI provides commands to scan your codebase, inspect findings, interact with fixes, and much more - all designed with a great developer experience in mind.
Before using the Corgea CLI, ensure you have:
To install the Corgea CLI tool, you can use Python’s package installer, pip. Open your terminal and run the following command:
This command fetches the Corgea CLI package from PyPI (Python Package Index) and installs it on your system. You can find more details about the package on its PyPI page: https://pypi.org/project/corgea-cli/.
To authenticate with your API token, use the following command:
Customers using a single-tenant instance need to have the CLI point to their instance.
You can also set the URL in an environment variable and the CLI will automatically detect it.
Upload a scan report to Corgea via STDIN or a file:
To scan your current directory using the default BLAST scanner:
To specify a different scanner, such as Semgrep:
You can also set the CLI to fail on a specific severity level:
Or fail based on blocking rules defined in the web app:
By default, the scan command scans the entire project. However, if you only want to scan your changes before committing, you can use the —only-uncommitted option.
The regular BLAST scan includes multiple scans:
By default, all these scans run (if they are enabled for your company account plan). However, the CLI provides the flexibility to run a scan targeting one or more types with the —scan-type option.
or multipe types
To target specific policies with a policyIQ scan, use the —policy option. This allows you to focus on one or more policies by passing their ID(s).
The Corgea CLI allows you to export scan results to a file, which is particularly useful when running the tool within a CI pipeline. You can do this using the —out-format and —out-file options.
The CLI currently supports html and json as output formats.
To wait for the latest in-progress scan:
Or specify a scan ID to wait for:
To list all scans for a current directory (paginated by default):
To list issues for a specific scan:
You can also control the pagination:
Note: The --json
option is available for commands like list
and inspect
to output results in JSON format, which is useful for integrations and automation.
To list SCA for a project or a scan use --sca-issues
or ‘-c’ shorthand
or
To inspect a specific scan:
To inspect issues with detailed output:
For fix explanations or diffs:
To ensure code quality and security, you can integrate Corgea CLI with your Git workflow using pre-commit hooks. This feature allows you to scan your code changes before committing or pushing them. To set up the pre-commit hook, simply run
When setting up the pre-commit hook, you will be prompted to enter your preferred configurations for the scan. To quickly set it up with the default settings, which include scan types for PII and secrets, and fail levels set to CR, HI, ME, and LO, you can run
To bypass the pre-commit check when committing, use the following command:
For more options and commands, use:
For full release notes, please visit our GitHub releases page.
Supercharge your security from the command line
Corgea CLI is a powerful developer tool that helps you find and fix security vulnerabilities in your code. Using our AI-powered scanner (BLAST) and platform, Corgea identifies complex security issues like business logic flaws, authentication vulnerabilities, and other hard-to-find bugs. The CLI provides commands to scan your codebase, inspect findings, interact with fixes, and much more - all designed with a great developer experience in mind.
Before using the Corgea CLI, ensure you have:
To install the Corgea CLI tool, you can use Python’s package installer, pip. Open your terminal and run the following command:
This command fetches the Corgea CLI package from PyPI (Python Package Index) and installs it on your system. You can find more details about the package on its PyPI page: https://pypi.org/project/corgea-cli/.
To authenticate with your API token, use the following command:
Customers using a single-tenant instance need to have the CLI point to their instance.
You can also set the URL in an environment variable and the CLI will automatically detect it.
Upload a scan report to Corgea via STDIN or a file:
To scan your current directory using the default BLAST scanner:
To specify a different scanner, such as Semgrep:
You can also set the CLI to fail on a specific severity level:
Or fail based on blocking rules defined in the web app:
By default, the scan command scans the entire project. However, if you only want to scan your changes before committing, you can use the —only-uncommitted option.
The regular BLAST scan includes multiple scans:
By default, all these scans run (if they are enabled for your company account plan). However, the CLI provides the flexibility to run a scan targeting one or more types with the —scan-type option.
or multipe types
To target specific policies with a policyIQ scan, use the —policy option. This allows you to focus on one or more policies by passing their ID(s).
The Corgea CLI allows you to export scan results to a file, which is particularly useful when running the tool within a CI pipeline. You can do this using the —out-format and —out-file options.
The CLI currently supports html and json as output formats.
To wait for the latest in-progress scan:
Or specify a scan ID to wait for:
To list all scans for a current directory (paginated by default):
To list issues for a specific scan:
You can also control the pagination:
Note: The --json
option is available for commands like list
and inspect
to output results in JSON format, which is useful for integrations and automation.
To list SCA for a project or a scan use --sca-issues
or ‘-c’ shorthand
or
To inspect a specific scan:
To inspect issues with detailed output:
For fix explanations or diffs:
To ensure code quality and security, you can integrate Corgea CLI with your Git workflow using pre-commit hooks. This feature allows you to scan your code changes before committing or pushing them. To set up the pre-commit hook, simply run
When setting up the pre-commit hook, you will be prompted to enter your preferred configurations for the scan. To quickly set it up with the default settings, which include scan types for PII and secrets, and fail levels set to CR, HI, ME, and LO, you can run
To bypass the pre-commit check when committing, use the following command:
For more options and commands, use:
For full release notes, please visit our GitHub releases page.