Enriching Corgea with Business Context through Policies
corgea.yaml
file. This configuration file enables the specification of detailed security policies, such as:
Scale
or Enterprise
plan and requires additional enablement. Please contact us at https://corgea.com/contact for more information.
For reference, you can view an example repository here: Example Repository.
You can have - Main Policies for general policy.
Examples of sub-folder specific policies can be found in sub-folders like:
These configurations help identify vulnerabilities by considering the context of each folder’s responsibilities. This is particularly useful for monorepos, allowing developers to configure the right context.
Create Branch and Trigger Scan
Review Policy File
Policy File in Repos
.Review Policies from Policy File
click on `Related issue'
Related Issue
column to see issues triggered from this policy.Update and Experiment or Merge Your PR
type
: type of policy. This can be one of “scan”, “false_positive”, “fix”description
contents of policy. Explain additional context or internal security guidelines to tailor security vulnerabilities findings.cwes
: Only applicable to “fix”, or “false_positive”. It can apply specific policy to specific cwes.
As an example,excludes
: If you want to exclude some paths for a specific policy scan, you can list those files using a glob expression.ignore_paths
: If you want to exclude folders globally from all scans, you can specify them here.
(Note: these file paths are ignored from all scans, not just a specific policy.)path
: Instead of having separate corgea.yaml files under sub-folders, you can manage everything centrally by setting path.On the PolicyIQ page, you will see five policies generated.
You can view all the different policies with their respective paths.