Scanning your repository

To upload vulnerability data and code to Corgea using the Corgea CLI, you first need to generate a report from your existing Static Application Security Testing (SAST) scanner, such as Snyk or Semgrep. Once you have the report, you can use the corgea upload command followed by the path to the report file. The CLI will then upload the vulnerability data and the affected code snippets to Corgea for analysis and fixing. Here’s a brief example:

Prerequisite You registered in Corgea

SAST Scanner You have a SAST scanner like Snyk, Semgrep, etc.

1

Go to repository

Go to the repository you want to scan:

cd <<Respository Name>>
2

Run the scan

corgea scan semgrep
3

See Results

Once a scan is completed a scan report will be generated in the repository folder and a copy will be sent to Corgea for processing.

4

Issue Fixes

Depending on the size of the results in the scan, it may take sometime for results to show up. For a couple of hundred findings, it should take 10 mins.

Go to fixes to learn more.

Troubleshooting

Install the CLIFixes