Uploading Scans
Start generating fixes for your repository
Users have a choice between two options: the Corgea Dropsite and the Corgea CLI.
Prerequisite You registered in Corgea
SAST Scanner You have a SAST scanner like Checkmarx, CodeQL, Semgrep, Fortify, or Snyk. Corgea currently supports these scanners, with Veracode and Sonarqube support on the roadmap.
Corgea Dropsite
The Corgea Dropsite is a web interface that allows you to easily add your project to Corgea for analysis. It provides several options to upload your code and reports from various security scanners.
Adding a Project
To add a project to Corgea, follow these steps: Navigate to the Dropsite page by clicking on the “Add Project” button in the Corgea Projects page or the Scans page.
On the Dropsite page, you will see several options to add your project:
Connect Your Repository (Recommended)
This option allows you to connect your code repository directly to Corgea. Currently, GitHub and Azure DevOps are supported. Click on the GitHub or Azure DevOps button to authorize Corgea to access your repositories. Select the repository you want to add to Corgea.
Add a Public Repository
If your repository is publicly accessible, you can provide the URL to add it to Corgea. Click on the “Add a public repository” accordion. 2. Enter the URL of your public repository in the input field. Click the “Add” button.
Web Upload
This option allows you to upload a ZIP file containing your project’s code. Click on the “Web upload” accordion. Click the “Upload” button and select the ZIP file containing your project’s code.
After adding your project, you can proceed to the next step to upload a report from a supported security scanner.
Uploading a Report
Upload the report
Select the report file (typically a JSON file) from your local machine, and drop it into the upload box.
Processing
Once the report is uploaded successfully, Corgea will process your project and report.
View results
You will be redirected to the Corgea dashboard, where you can view the analysis results for your project.
By following these steps, you can easily add your project and upload security reports to Corgea for analysis and remediation.
Corgea CLI
The Corgea CLI (Command-Line Interface) provides advanced features for integrating Corgea with your CI/CD pipeline, performing custom scans, and uploading large projects (>1GB). Click on the “Corgea CLI” accordion to learn more about installing and using the CLI.
You can install the Corgea CLI using pip:
Upload with the CLI
Go to repository
Go to the repository you want to scan:
Run the scan
See Results
Once a scan is completed a scan report will be generated in the repository folder and a copy will be sent to Corgea for processing.
Issue Fixes
Depending on the size of the results in the scan, it may take sometime for results to show up. For a couple of hundred findings, it should take 10 mins.
Go to fixes to learn more.