CLI
Supercharge your security from the command line
Introduction
Corgea CLI is a powerful developer tool that helps you find and fix security vulnerabilities in your code. Using our AI-powered scanner (BLAST) and platform, Corgea identifies complex security issues like business logic flaws, authentication vulnerabilities, and other hard-to-find bugs. The CLI provides commands to scan your codebase, inspect findings, interact with fixes, and much more - all designed with a great developer experience in mind.
Features
- Multiple Scanner Support: Scan with BLAST (our AI-powered scanner), Semgrep, or Snyk.
- Issue Management: List, inspect, and manage security findings.
- Fix Integration: View and apply AI-generated fixes for vulnerabilities right from your terminal.
- Flexible Output: Support for both human-readable and JSON output formats for easier CI integrations.
- CI/CD Integration: Fail builds based on severity levels or custom blocking rules.
- Scan Management: Track scan progress and results across your projects.
Prerequisites
Before using the Corgea CLI, ensure you have:
- Corgea account: An active Corgea account.
- API Token: A valid API token from your Corgea dashboard.
Installation Guide
Install with PIP
To install the Corgea CLI tool, you can use Python’s package installer, pip. Open your terminal and run the following command:
This command fetches the Corgea CLI package from PyPI (Python Package Index) and installs it on your system. You can find more details about the package on its PyPI page: https://pypi.org/project/corgea-cli/.
Install Manually
Authentication
Login with your cli
To authenticate with your API token, use the following command:
Point To A Single-Tenant Instance
Customers using a single-tenant instance need to have the CLI point to their instance.
Usage
Commands and Options
Upload a Scan Report
Upload a scan report to Corgea via STDIN or a file:
Scan Your Codebase
To scan your current directory using the default BLAST scanner:
To specify a different scanner, such as Semgrep:
You can also set the CLI to fail on a specific severity level:
Or fail based on blocking rules defined in the web app:
Wait for a Scan
To wait for the latest in-progress scan:
Or specify a scan ID to wait for:
List Scans or Issues
To list all scans (paginated by default):
To list issues for a specific scan:
You can also control the pagination:
Note: The --json option is available for commands like list and inspect to output results in JSON format, which is useful for integrations and automation.
Inspect a Scan or Issue
To inspect a specific scan:
To inspect issues with detailed output:
For fix explanations or diffs:
Additional Options
For more options and commands, use:
Release Notes
For full release notes, please visit our GitHub releases page.