The first step is to add your project to Corgea. You can do this using the Corgea Dropsite, a web interface that allows you to easily upload your code and security reports.
Navigate to the Dropsite page by clicking the “Add Project” button in the Corgea dashboard.
On the Dropsite page, you can choose from several options to add your project:
Connect Your Repository (Recommended): Connect your GitHub directly to Corgea.
Web Upload: Upload a ZIP file containing your project’s code.
Add a Public Repository: If your repository is publicly accessible, provide the URL.
Corgea is dedicated to maintaining the highest standards in privacy and security.
For more information about our security practices, please visit our security documentation.If you’d like to test Corgea using opensource projects first, here are some great example vulnerable apps:
Once your project is added, you have two options for processing a scan:
Option 1: BLAST EnabledIf you have BLAST enabled—Corgea’s AI-powered security scanner—you can initiate a scan directly within Corgea.
Option 2: Upload 3rd-party ReportIf you are using another security tool, you can upload a scan report from that tool. Just select the report file (typically a JSON file) from your local machine and drop it into the upload box.
After uploading, Corgea will process your project and report, and you’ll be redirected to the dashboard to view the analysis results.
Corgea uses AI to analyze potential vulnerabilities and determine if they are likely to be false positives. The false positive analysis considers various factors, such as the context of the code, the nature of the vulnerability, and relevant coding patterns or best practices.
For valid vulnerabilities, Corgea provides a proposed fix, along with an explanation of the issue and the reasoning behind the fix.
Pull Request Integration: Corgea can automatically create a pull request with the proposed fixes for your repository.
IDE Integration: Use the Corgea VS Code extension to apply fixes directly within your integrated development environment (IDE).
Manual Application: Download the proposed fixes as a Git diff or a full file and apply them manually to your codebase.
By following this workflow, you can seamlessly integrate Corgea into your development process, benefiting from AI-powered vulnerability detection, false positive reduction, and automated fix generation.