> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corgea.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Setup Corgea in less than 5 mins.

## 1. Register with Corgea

Go to [corgea.app](https://www.corgea.app/) and register for a free account with Corgea.

You will be onboarded through our setup flow that'll help you set up everything you need.

## 2. Add Your Project

The first step is to add your project to Corgea. You can do this using the Corgea Dropsite, a web interface that allows you to easily upload your code and security reports.

1. Navigate to the Dropsite page by clicking the "Add Project" button in the Corgea dashboard.

<Frame>
  <img src="https://mintcdn.com/corgea/uxLuQR4653lM43Tj/images/empty_projects.png?fit=max&auto=format&n=uxLuQR4653lM43Tj&q=85&s=73bc2e03ae852e1b7dbb3eea90a9cd3a" style={{ borderRadius: '0.5rem' }} width="2040" height="1180" data-path="images/empty_projects.png" />
</Frame>

2. On the Dropsite page, you can choose from several options to add your project:
   * **Connect Your Repository (Recommended)**: Connect a configured source control integration, such as [GitHub](github), [GitLab](gitlab), [Azure DevOps](azure_devops), [Bitbucket](bitbucket), or [Harness](harness), directly to Corgea.
   * **Web Upload**: Upload a ZIP file containing your project's code.
   * **Add a Public Repository**: If your repository is publicly accessible, provide the URL.

<Frame>
  <img src="https://mintcdn.com/corgea/uxLuQR4653lM43Tj/images/dropsite_add_project.png?fit=max&auto=format&n=uxLuQR4653lM43Tj&q=85&s=9485d69a1856ecf518b80b3e0514e4c9" style={{ borderRadius: '0.5rem' }} width="2434" height="1380" data-path="images/dropsite_add_project.png" />
</Frame>

<Tip>
  Corgea is dedicated to maintaining the highest standards in privacy and security.
  For more information about our security practices, please visit our [security documentation](security).

  If you'd like to test Corgea using opensource projects first, here are some great example vulnerable apps:

  * [JuiceShop](https://github.com/Corgea/juice-shop): Javascript & Typescript
  * [NodeGOAT](https://github.com/OWASP/NodeGoat): Node.js
  * [PyGoat](https://github.com/adeyosemanputra/pygoat): Python/Django
  * [GoVWA](https://github.com/0c34/govwa): Go
  * [RailGoat](https://github.com/smDahlgren/railgoat): Ruby on Rails
  * [WebGoat.NET](https://github.com/Nova-8/Damm-Vulnerable-dotNet-Application): .Net
</Tip>

## 3. Scan

Once your project is added, you have two options for processing a scan:

* **Option 1**: BLAST Enabled

  If you have [**BLAST**](blast) enabled—Corgea’s AI-powered security scanner—you can initiate a scan directly within Corgea.

  <Frame>
    <img src="https://mintcdn.com/corgea/uxLuQR4653lM43Tj/images/blast-start-scan.png?fit=max&auto=format&n=uxLuQR4653lM43Tj&q=85&s=8006abc227b4ea6355b7d54f52786c26" style={{ borderRadius: '0.5rem' }} width="2394" height="1108" data-path="images/blast-start-scan.png" />
  </Frame>

* **Option 2**: Upload 3rd-party Report

  If you are using another security tool, you can upload a scan report from that tool. Just select the report file (typically a JSON file) from your local machine and drop it into the upload box.

  <Frame>
    <img src="https://mintcdn.com/corgea/mpJUc1GyXtnVYEyT/images/upload_report.png?fit=max&auto=format&n=mpJUc1GyXtnVYEyT&q=85&s=ac858a4bdf28e8cc2e46552db583208a" style={{ borderRadius: '0.5rem' }} width="2512" height="2040" data-path="images/upload_report.png" />
  </Frame>

After uploading, Corgea will process your project and report, and you’ll be redirected to the dashboard to view the analysis results.

## 4. Review Findings and Fixes

Corgea uses AI to analyze potential vulnerabilities and determine if they are likely to be false positives. The false positive analysis considers various factors, such as the context of the code, the nature of the vulnerability, and relevant coding patterns or best practices.

<Frame>
  <img src="https://mintcdn.com/corgea/uxLuQR4653lM43Tj/images/false_positive.png?fit=max&auto=format&n=uxLuQR4653lM43Tj&q=85&s=8163d9351fc1e80845f8c5459bf87550" style={{ borderRadius: '0.5rem' }} width="3300" height="1708" data-path="images/false_positive.png" />
</Frame>

For valid vulnerabilities, Corgea provides a proposed fix, along with an explanation of the issue and the reasoning behind the fix.

## 5. Apply Fixes

You can apply the proposed fixes in several ways:

* **Pull Request Integration**: Corgea can automatically create a pull request with the proposed fixes for your repository.
* **IDE Integration**: Use the Corgea VS Code extension to apply fixes directly within your integrated development environment (IDE).
* **Manual Application**: Download the proposed fixes as a Git diff or a full file and apply them manually to your codebase.

By following this workflow, you can seamlessly integrate Corgea into your development process, benefiting from AI-powered vulnerability detection, false positive reduction, and automated fix generation.