Quickstart
Learn how to start with Corgea.
Quickstart Guide
1. Add Your Project
The first step is to add your project to Corgea. You can do this using the Corgea Dropsite, a web interface that allows you to easily upload your code and security reports.
- Navigate to the Dropsite page by clicking the “Add Project” button in the Corgea dashboard.
- On the Dropsite page, you can choose from several options to add your project:
- Connect Your Repository (Recommended): Connect your GitHub or Azure DevOps repository directly to Corgea.
- Add a Public Repository: If your repository is publicly accessible, provide the URL.
- Web Upload: Upload a ZIP file containing your project’s code.
2. Upload a Security Report
After adding your project, you can proceed to upload a report from a supported security scanner.
- Select the report file (typically a JSON file) from your local machine and drop it into the upload box.
- Once the report is uploaded successfully, Corgea will process your project and report.
- You will be redirected to the Corgea dashboard, where you can view the analysis results for your project.
3. Review Findings and Fixes
Corgea uses AI to analyze potential vulnerabilities and determine if they are likely to be false positives. The false positive analysis considers various factors, such as the context of the code, the nature of the vulnerability, and relevant coding patterns or best practices.
For valid vulnerabilities, Corgea provides a proposed fix, along with an explanation of the issue and the reasoning behind the fix.
4. Apply Fixes
You can apply the proposed fixes in several ways:
- Pull Request Integration: Corgea can automatically create a pull request with the proposed fixes for your repository.
- IDE Integration: Use the Corgea VS Code extension to apply fixes directly within your integrated development environment (IDE).
- Manual Application: Download the proposed fixes as a Git diff or a full file and apply them manually to your codebase.
By following this workflow, you can seamlessly integrate Corgea into your development process, benefiting from AI-powered vulnerability detection, false positive reduction, and automated fix generation.