Skip to main content
Security Review is currently in beta and must be enabled for your company. If you do not see Security Review in the sidebar, contact your Corgea administrator or Corgea contact.
Security Review helps teams assess PRDs, specifications, and design documents before implementation. Corgea reviews the design against the selected project context and returns security recommendations that your team can accept, reject, or keep pending. Use Security Review when you want to catch design-level security risks early, such as missing authentication or authorization requirements, unsafe data handling, risky third-party dependencies, API security gaps, or infrastructure concerns.

Start a Review

1

Open Security Review

In Corgea, select Security Review from the sidebar.
2

Create a review

Click New Review. If this is your first review, the empty state may show Start a review instead.
3

Add design details

Enter a title and paste the design document, PRD, or technical specification into the Design Document field.The current beta supports the Custom document source. Confluence, Google Docs, and Notion sources are planned for a future release.
4

Add context

Use Additional Context for constraints, business requirements, architecture notes, or security expectations that are not already in the design document.
5

Select projects

Select one or more projects when the design maps to existing repositories. Project selection gives Corgea more context for the review.
6

Submit the review

Click Start Review. The review is created with a pending status and moves through processing until recommendations are available.

Review Results

The review detail page shows the original design document, additional context, selected projects, status, and security recommendations. Security recommendations include a category, criticality, status, title, and description. Recommendations are ordered by criticality so the highest-impact items appear first. Recommendation statuses:
  • Pending: The recommendation has not been triaged yet.
  • Accepted: The recommendation is relevant and should be addressed.
  • Rejected: The recommendation is not applicable for this design.
Users with permission to update Security Review recommendations can accept, reject, or reset each recommendation from the review detail page.

Review Statuses

  • Pending: The review has been submitted and is waiting to be processed.
  • Processing: Corgea is analyzing the design and selected project context.
  • Completed: Recommendations are available.
  • Failed: The review could not be completed. Review the error shown on the detail page or contact your Corgea administrator.

Access

Security Review access is controlled by your company’s plan and user permissions. Users may need permission to view security reviews, create new reviews, or update recommendation status.