Overview

Corgea is an AI-powered platform that revolutionizes code security across multiple programming languages and their popular frameworks. It offers comprehensive support for scanning, false positive detection, and auto-fixing, covering approximately 900 Common Weakness Enumerations (CWEs). This ensures your code remains secure, compliant, and efficient throughout your development lifecycle.

Supported Languages and Frameworks

Here’s a detailed breakdown of the languages and frameworks currently supported by Corgea:

C#

  • Native Language Support: Corgea provides robust support for C# language constructs, including LINQ, async/await patterns, and generics.
  • Frameworks: .NET, ASP.NET Core, Blazor
  • Corgea excels in securing enterprise-level .NET applications, addressing vulnerabilities like improper authentication, insecure deserialization, and CSRF.

Python

  • Native Language Support: Corgea analyzes Python-specific features such as decorators, context managers, and comprehensions.
  • Frameworks: Django, Flask, FastAPI
  • Focuses on both web applications and backend services, tackling issues such as SQL injections, XSS, and insecure direct object references.

Ruby

  • Native Language Support: Corgea understands Ruby’s dynamic nature, including metaprogramming features and blocks.
  • Frameworks: Ruby on Rails, Sinatra
  • Specializes in identifying and fixing Ruby-specific vulnerabilities, including mass assignment issues, unprotected routes, and insecure file uploads.

Go

  • Native Language Support: Corgea analyzes Go-specific constructs like goroutines, channels, and interfaces.
  • Frameworks: Gin, Echo, Fiber
  • Targets Go-specific security concerns, such as race conditions, improper error handling, and insecure use of cryptographic functions.

JavaScript & TypeScript

  • Native Language Support: Corgea supports both JavaScript and TypeScript, including features like async/await, closures, and TypeScript’s type system.
  • Frameworks: Node.js, Express.js, Next.js, NestJS, Angular, React, Vue.js
  • Covers both client-side and server-side security, addressing issues like prototype pollution, insecure dependencies, and DOM-based XSS.

Java

  • Native Language Support: Corgea analyzes Java-specific features such as generics, annotations, and lambda expressions.
  • Frameworks: Spring, Jakarta EE, Play Framework
  • Focuses on enterprise Java ecosystems, tackling vulnerabilities such as XML external entity (XXE) attacks, LDAP injection, and insecure object deserialization.

PHP

  • Native Language Support: Corgea handles PHP’s unique syntax and language constructs, including traits and attributes.
  • Addresses common web application vulnerabilities like remote code execution, file inclusion vulnerabilities, and SQL injection attacks.

Kotlin

  • Native Language Support: Corgea analyzes Kotlin-specific features including null safety, coroutines, and extension functions.
  • Specializes in Android and server-side application security, addressing issues like improper data exposure and insecure communication.

C & C++

  • Native Language Support: Corgea handles low-level programming constructs including pointers, memory management, and templates.
  • Focuses on memory-related vulnerabilities, buffer overflows, and system-level security issues common in C/C++ applications.
  • Enabled for false positive detection and auto-fixing. Coming to scanning soon.

Key Features Across All Supported Languages

  1. Comprehensive Scanning: Corgea’s advanced algorithms scan your codebase to identify potential security vulnerabilities, covering a wide range of CWEs.

  2. Intelligent False Positive Detection: Our AI-powered system accurately distinguishes between genuine vulnerabilities and false positives, saving your team valuable time and resources.

  3. Automated Fixing: Corgea doesn’t just identify issues—it provides actionable, context-aware fixes that can be applied automatically or reviewed before implementation.

  4. Framework-Specific Analysis: Our tool understands the nuances of different frameworks within each language, providing targeted security insights.

  5. Continuous Learning: Corgea’s AI model is constantly updated to address new security threats and CWEs as they emerge.

Roadmap

We’re committed to expanding our language and framework support. Our upcoming roadmap includes:

  • Swift: To enhance security in iOS and macOS application development, including Swift-specific features like optionals and protocol extensions.

Stay tuned for updates as we continue to broaden our support, ensuring Corgea remains at the forefront of code security across diverse development environments.

Vulnerability CoverageBusiness Logic Application Security Testing (Private Beta)