Corgea

Automatically find and fix your code

4.5
4 reviews

269 followers

Corgea is an AI-powered security code scanner that finds business logic flaws, broken authentication, API vulnerabilities, and more. Unlike other tools, users have reported a <5% false positive rate, so developers don’t get buried in noise. Plus, it automatically writes security fixes for them to approve. What makes Corgea unique is our use of LLMs to detect, triage, and fix vulnerabilities—and teams can even customize Corgea using natural language.
Corgea gallery image
Corgea gallery image
Corgea gallery image
Corgea gallery image
Corgea gallery image
Corgea gallery image
Free Options
Launch Team

What do you think? …

Ahmad Sadeddin
Hello PH, 👋 we're thrilled to launch Corgea - a platform that fixes your vulnerable source code. 🛠️ Why did we build Corgea? - Insecure software is everywhere, and hackers know this. - Developers are overburdened expensive resources that want to ship ship ship. - Security teams are buried in alerts and need help fixing vulnerabilities. We thought, why can't developers just receive the fix rather than a security ticket? So, we built Corgea. It's a way for developers to receive security fixes for review, rather than security tickets. What makes Corgea special? 🪄 Corgea increases application security and reduces up to 80% of the engineering work needed to fix an issue. 👩🏽‍💻 First-class dev experience: Most security tools add developer friction; Corgea meets them where they are. Developers receive pull requests for fixes as if they were from another engineer. 🦟 Coverage for most security bugs: Corgea can issue fixes for over 900 CWEs (Common Weaknesses and Exposures). 💬 We speak your language: Corgea supports Python, Java, JavaScript, Ruby, Go, C#, and their frameworks. More coming soon! 🔍 Scanner support like Snyk, Semgrep, and CodeQL, with many more coming soon. Since launching in mid-December, we've received hundreds of sign-ups, and have received great feedback. The team is grinding to ship new features constantly. Special Offer for the PH Community: 🎉 As a thank you, we're giving you a 75% discount on our Team plan if you sign up in March! Don't miss out on upgrading your application security. Use Corgea for free at: https://corgea.app Thank you, @mwseibel, for hunting us!
Andrew_Leader
Hey there! I'm really intrigued by Corgea's ability to automatically fix code vulnerabilities. Can you share more about the technology behind the automated fixes? Also, have you conducted any security assessments to measure the effectiveness of these fixes? Looking forward to learning more about how Corgea can revolutionize application security!
Ahmad Sadeddin
@andrew_leader Thanks for the comment, and great questions! Behind the scenes we leverage LLM's like OpenAI and various pre-processing and post-processing techniques to make sure we produce great fixes. We actually parse code using static code analysis techniques before we fix it to make sure it's valid. We don't want to fix a broken file. Afterwards, the LLM produces fixes, and we weave them through out the affected file, placing imports in the correct places, and fixes only the affected lines without damaging other parts of the file. The part I just described is the trickiest. We test the file's validity after the fix, and validate that the fix was correct using AI. At any point, if any of our checks fail, Corgea does not produce a fix. You can tell from the above our goal is make sure the fix is great. The way we measure effectiveness is 2 ways. Would we issue a PR from this fix? Did the issue get resolved on the next scan? The team and I run QA checks on Corgea several times a month to see it's performance, and to iterate. We will be publishing performance reports soon on all of this! Hope this answers your question!
Daoud Al Rihani
Good luck on your journey! Seems like a great tool for us to use moving forward. Will definitely be keeping tabs as you enhance your solution.
Ahmad Sadeddin
@daoud_al_rihani thank you! Please feel free to use it and let me know if we can help :)