Overview
Corgea is an AI-powered platform that revolutionizes code security across multiple programming languages and their popular frameworks. It offers comprehensive support for scanning, false positive detection, and auto-fixing, covering approximately 900 Common Weakness Enumerations (CWEs). This ensures your code remains secure, compliant, and efficient throughout your development lifecycle.Supported Languages and Frameworks
Here’s a detailed breakdown of the languages and frameworks currently supported by Corgea:C#
- Native Language Support: Corgea provides robust support for C# language constructs, including LINQ, async/await patterns, and generics.
- Frameworks: .NET, ASP.NET Core, Blazor
- Corgea excels in securing enterprise-level .NET applications, addressing vulnerabilities like improper authentication, insecure deserialization, and CSRF.
Python
- Native Language Support: Corgea analyzes Python-specific features such as decorators, context managers, and comprehensions.
- Frameworks: Django, Flask, FastAPI
- Focuses on both web applications and backend services, tackling issues such as SQL injections, XSS, and insecure direct object references.
Ruby
- Native Language Support: Corgea understands Ruby’s dynamic nature, including metaprogramming features and blocks.
- Frameworks: Ruby on Rails, Sinatra
- Specializes in identifying and fixing Ruby-specific vulnerabilities, including mass assignment issues, unprotected routes, and insecure file uploads.
Go
- Native Language Support: Corgea analyzes Go-specific constructs like goroutines, channels, and interfaces.
- Frameworks: Gin, Echo, Fiber
- Targets Go-specific security concerns, such as race conditions, improper error handling, and insecure use of cryptographic functions.
JavaScript & TypeScript
- Native Language Support: Corgea supports both JavaScript and TypeScript, including features like async/await, closures, and TypeScript’s type system.
- Frameworks: Node.js, Express.js, Next.js, NestJS, Angular, React, Vue.js
- Covers both client-side and server-side security, addressing issues like prototype pollution, insecure dependencies, and DOM-based XSS.
Java
- Native Language Support: Corgea analyzes Java-specific features such as generics, annotations, and lambda expressions.
- Frameworks: Spring, Jakarta EE, Play Framework
- Focuses on enterprise Java ecosystems, tackling vulnerabilities such as XML external entity (XXE) attacks, LDAP injection, and insecure object deserialization.
PHP
- Native Language Support: Corgea handles PHP’s unique syntax and language constructs, including traits and attributes.
- Addresses common web application vulnerabilities like remote code execution, file inclusion vulnerabilities, and SQL injection attacks.
Kotlin
- Native Language Support: Corgea analyzes Kotlin-specific features including null safety, coroutines, and extension functions.
- Specializes in Android and server-side application security, addressing issues like improper data exposure and insecure communication.
C & C++
- Native Language Support: Corgea handles low-level programming constructs including pointers, memory management, and templates.
- Focuses on memory-related vulnerabilities, buffer overflows, and system-level security issues common in C/C++ applications.
- Enabled for false positive detection and auto-fixing. Coming to scanning soon.
Key Features Across All Supported Languages
- Comprehensive Scanning: Corgea’s advanced algorithms scan your codebase to identify potential security vulnerabilities, covering a wide range of CWEs.
- Intelligent False Positive Detection: Our AI-powered system accurately distinguishes between genuine vulnerabilities and false positives, saving your team valuable time and resources.
- Automated Fixing: Corgea doesn’t just identify issues—it provides actionable, context-aware fixes that can be applied automatically or reviewed before implementation.
- Framework-Specific Analysis: Our tool understands the nuances of different frameworks within each language, providing targeted security insights.
- Continuous Learning: Corgea’s AI model is constantly updated to address new security threats and CWEs as they emerge.
Roadmap
We’re committed to expanding our language and framework support. Our upcoming roadmap includes:- Swift: To enhance security in iOS and macOS application development, including Swift-specific features like optionals and protocol extensions.