Harness

Documentation Index

Fetch the complete documentation index at: https://docs.corgea.app/llms.txt

Use this file to discover all available pages before exploring further.

1

Open your Harness profile

Sign in to Harness, then click your username at the bottom-left of the navigation bar and choose Profile Overview.

2

Create a new API key

Scroll down to the My API Keys section of your profile and click + API Key to create a new key.

For production setups we recommend creating a dedicated Service Account in Harness (Account Settings → Access Control → Service Accounts) and generating the API key under that account. This keeps Corgea’s actions clearly attributable and lets you rotate credentials without affecting any individual user.

3

Name your API key

Give the key a descriptive name such as corgea-integration, then click Save.

4

Add a token to the API key

The API key itself does not authenticate requests — you need to generate a token under it. Expand the API key you just created and click + Token.

5

Generate the token

Give the token a name (for example corgea-token) and an expiration date, then click Generate Token.

Harness only displays the token value once. Make sure you copy it before closing the dialog — you will not be able to retrieve it later.

6

Copy the token

Copy the generated token to your clipboard, then close the dialog. Harness tokens follow the format pat.<accountId>.<tokenId>.<secret> — Corgea automatically derives your account ID from the token, so you don’t need to provide it separately.

7

Open the Corgea integrations page

Sign in to Corgea at corgea.app (or {your-instance}.corgea.app for self-hosted deployments) and open the Integrations page from the sidebar. In the Code Repository Integrations section, click the + button next to Harness.

8

Add the integration

Paste the token you copied from Harness into the API Token field.By default Corgea discovers repositories across every Harness organization the token can see. If you want to limit which orgs Corgea looks at, enter a comma-separated list of org identifiers in the Org allowlist field (for example default,my-other-org). Leave it blank to allow all orgs.

9

Optional settings

Expand Optional settings if you need to adjust any of the defaults:

• Name — a friendly label for the integration. Useful when connecting multiple Harness accounts.
• Base URL — defaults to https://app.harness.io for Harness SaaS. Override this if you are connecting to a self-hosted Harness installation.
• Gateway prefix — defaults to /gateway (the SaaS prefix). Some self-hosted deployments drop this prefix; in that case clear the field.

When you’re done, click Connect.

​

How it works

• Repository discovery — Corgea calls the Harness Code API to list every repository under the orgs/projects your token can access (filtered by the allowlist if you set one). New repositories show up automatically; you can force a refresh from the Projects page.
• Pull request scans — when you bind a Corgea project to a Harness repo, Corgea registers a per-repo webhook on Harness Code. Subsequent PR opens, reopens, and pushes trigger an incremental scan and post the results as inline review comments on the diff. Corgea also writes a commit status check (corgea-security-scan) so PR rules can require it before merging.
• Apply fixes as PRs — from any Corgea-detected issue you can click Create Pull Request to have Corgea push the fix to a new Harness branch and open a PR back into the issue’s source branch.
• Corgea Agent — replies to Corgea’s PR comments are routed through the Corgea Agent (when enabled for your company), which can mark issues as false positives, assign them, or answer follow-up questions, threaded under the original review comment.

​

Permissions

​

Supported Harness deployments