> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corgea.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Uploading Scans

> Start generating fixes for your repository

Users have a choice between two options: the Corgea Dropsite and the Corgea CLI.

<Info>
  **Prerequisite** You registered in Corgea

  **SAST Scanner** You have a SAST scanner like Checkmarx, CodeQL, Semgrep, Fortify, Coverity, or Snyk. Corgea currently supports these scanners, with Veracode and Sonarqube support on the roadmap.
</Info>

## Corgea Dropsite

The Corgea Dropsite is a web interface that allows you to easily add your project to Corgea for analysis. It provides several options to upload your code and reports from various security scanners. The Dropsite has a file size limit of 200MB. For larger projects, please use the Corgea CLI.

### Adding a Project

To add a project to Corgea, follow these steps:
Navigate to the Dropsite page by clicking on the "Add Project" button in the Corgea Projects page or the Scans page.

<Frame>
  <img src="https://mintcdn.com/corgea/uxLuQR4653lM43Tj/images/add_project.png?fit=max&auto=format&n=uxLuQR4653lM43Tj&q=85&s=a5c3236d7c3b96e8dd8098a04db3d612" style={{ borderRadius: '0.5rem' }} width="1098" height="730" data-path="images/add_project.png" />
</Frame>

On the Dropsite page, you will see several options to add your project:

<Frame>
  <img src="https://mintcdn.com/corgea/uxLuQR4653lM43Tj/images/dropsite_add_project.png?fit=max&auto=format&n=uxLuQR4653lM43Tj&q=85&s=9485d69a1856ecf518b80b3e0514e4c9" style={{ borderRadius: '0.5rem' }} width="2434" height="1380" data-path="images/dropsite_add_project.png" />
</Frame>

#### Connect Your Repository (Recommended)

This option allows you to connect your code repository directly to Corgea using a configured source control integration, including GitHub, GitLab, Azure DevOps, Bitbucket, or Harness.
Click the appropriate source control integration to authorize Corgea to access your repositories.
Select the repository you want to add to Corgea.

#### Add a Public Repository

If your repository is publicly accessible, you can provide the URL to add it to Corgea.
Click on the "Add a public repository" accordion.
2\. Enter the URL of your public repository in the input field.
Click the "Add" button.

#### Web Upload

This option allows you to upload a ZIP file containing your project's code.
Click on the "Web upload" accordion.
Click the "Upload" button and select the ZIP file containing your project's code.

<Tip>
  To reduce file size and improve processing speed, exclude third-party libraries and build artifacts (e.g., node\_modules, vendor, dist) when uploading your project. This can be done by downloading a zip from your repository directly.
</Tip>

<Warning>
  Remember that the web upload has a 200MB file size limit. For larger projects, use the Corgea CLI.
</Warning>

After adding your project, you can proceed to the next step to upload a report from a supported security scanner.

#### Uploading a Report

<Frame>
  <img src="https://mintcdn.com/corgea/mpJUc1GyXtnVYEyT/images/upload_report.png?fit=max&auto=format&n=mpJUc1GyXtnVYEyT&q=85&s=ac858a4bdf28e8cc2e46552db583208a" style={{ borderRadius: '0.5rem' }} width="2512" height="2040" data-path="images/upload_report.png" />
</Frame>

<Steps>
  <Step title="Upload the report">
    Select the report file (typically a JSON file) from your local machine, and drop it into the upload box.
    <Info>Corgea supports Checkmarx (JSON), CodeQL (JSON), Snyk (SARIF), Semgrep (JSON), Fortify (FPR), and Coverity (XML) scans.</Info>
  </Step>

  <Step title="Processing">
    Once the report is uploaded successfully, Corgea will process your project and report.
  </Step>

  <Step title="View results">
    You will be redirected to the Corgea dashboard, where you can view the analysis results for your project.
  </Step>
</Steps>

By following these steps, you can easily add your project and upload security reports to Corgea for analysis and remediation.

### Corgea CLI

The Corgea CLI (Command-Line Interface) provides advanced features for integrating Corgea with your CI/CD pipeline, performing custom scans, and uploading large projects (>200MB).
Click on the "Corgea CLI" accordion to learn more about installing and using the [CLI](install_cli).

You can install the Corgea CLI using pip:

```bash theme={null}
pip install corgea-cli
```

[More on the CLI here](install_cli)

#### Upload with the CLI

<Steps>
  <Step title="Go to repository">
    Go to the repository you want to scan:

    <CodeGroup>
      ```bash Bash theme={null}
      cd <<Respository Name>>
      ```
    </CodeGroup>
  </Step>

  <Step title="Run the scan">
    <CodeGroup>
      ```bash Semgrep theme={null}
      corgea scan semgrep
      ```

      ```bash Snyk theme={null}
      corgea scan snyk
      ```

      ```bash Custom project name theme={null}
      corgea upload report.json --project-name my-service
      ```

      ```bash Checkmarx theme={null}
      # Create a scan with a JSON output for example:
      cx scan create --project-name juice-shop -s . --branch master --scan-types sast --report-format json --output-name report

      #Upload the vulnerability report to Corgea
      corgea upload report.json
      ```

      ```bash CodeQL theme={null}
      corgea upload <scan report in json>
      ```

      ```bash Fortify theme={null}
      corgea upload <scan report in FPR>
      ```

      ```bash Coverity theme={null}
      corgea upload <scan report in XML>
      ```
    </CodeGroup>
  </Step>

  <Step title="See Results">
    Once a scan is completed a scan report will be generated in the repository folder and a copy will be sent to Corgea for processing.

    <Frame>
      <img src="https://mintcdn.com/corgea/uxLuQR4653lM43Tj/images/completed-scan.png?fit=max&auto=format&n=uxLuQR4653lM43Tj&q=85&s=5e7ee36166bd94cddeb3f918c2bc53bc" style={{ borderRadius: '0.5rem' }} width="1194" height="205" data-path="images/completed-scan.png" />
    </Frame>
  </Step>

  <Step title="Issue Fixes">
    Depending on the size of the results in the scan, it may take sometime for results to show up. For a couple of hundred findings, it should take 10 mins.

    Go to [fixes](fixes) to learn more.
  </Step>
</Steps>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Command Not Found">
    This error happens because you haven't installed the Corega CLI or its not available in your PATH.

    ```
    bash: corgea: command not found
    ```

    Follow the instructions in the [install CLI section](http://localhost:3001/install_cli) to install the CLI.
  </Accordion>

  <Accordion title="Invalid token provided.">
    Double check you have logged into the CLI with the correct token from [https://www.corgea.app/integrations/](https://www.corgea.app/integrations/)
  </Accordion>

  <Accordion title="Not Logged In">
    You might receive an error that you're not logged into your SAST/SCA tool.

    Some tools require you to login to use the tool. For example, you can login to Semgrep with the following command:

    ```
      semgrep login
    ```
  </Accordion>

  <Accordion title="Git Show Failed to Run">
    You might receive an error that you're not logged into your SAST/SCA tool.

    Some tools require you to login to use the tool. For example, you can login to Semgrep with the following command:

    ```
      Command failed with output:
      fatal: not a git repository (or any of the parent directories): .git


      Failed to run 'git show -s --format=%B'. Possible reasons:

      - the git binary is not available
      - the current working directory is not a git repository
      - the current working directory is not marked as safe
          (fix with `git config --global --add safe.directory $(pwd)`)

      Try running the command yourself to debug the issue.
      Could not start scan Command failed with exit code: 128
    ```
  </Accordion>
</AccordionGroup>