Corgea

Automatically find and fix your code

4.5•4 reviews•

269 followers

Automatically find and fix your code

4.5•4 reviews•

269 followers

Visit website

Corgea is an AI-powered security code scanner that finds business logic flaws, broken authentication, API vulnerabilities, and more. Unlike other tools, users have reported a <5% false positive rate, so developers don’t get buried in noise. Plus, it automatically writes security fixes for them to approve. What makes Corgea unique is our use of LLMs to detect, triage, and fix vulnerabilities—and teams can even customize Corgea using natural language.

Free Options

Launch tags:

Developer Tools•Artificial Intelligence•Security

Launch Team

Ahmad Sadeddin

Corgea

Maker

📌

Hello PH, 👋 we're thrilled to launch Corgea - a platform that fixes your vulnerable source code. 🛠️ Why did we build Corgea? - Insecure software is everywhere, and hackers know this. - Developers are overburdened expensive resources that want to ship ship ship. - Security teams are buried in alerts and need help fixing vulnerabilities. We thought, why can't developers just receive the fix rather than a security ticket? So, we built Corgea. It's a way for developers to receive security fixes for review, rather than security tickets. What makes Corgea special? 🪄 Corgea increases application security and reduces up to 80% of the engineering work needed to fix an issue. 👩🏽‍💻 First-class dev experience: Most security tools add developer friction; Corgea meets them where they are. Developers receive pull requests for fixes as if they were from another engineer. 🦟 Coverage for most security bugs: Corgea can issue fixes for over 900 CWEs (Common Weaknesses and Exposures). 💬 We speak your language: Corgea supports Python, Java, JavaScript, Ruby, Go, C#, and their frameworks. More coming soon! 🔍 Scanner support like Snyk, Semgrep, and CodeQL, with many more coming soon. Since launching in mid-December, we've received hundreds of sign-ups, and have received great feedback. The team is grinding to ship new features constantly. Special Offer for the PH Community: 🎉 As a thank you, we're giving you a 75% discount on our Team plan if you sign up in March! Don't miss out on upgrading your application security. Use Corgea for free at: https://corgea.app Thank you, @mwseibel, for hunting us!

Report

1yr ago

Andrew_Leader

Hey there! I'm really intrigued by Corgea's ability to automatically fix code vulnerabilities. Can you share more about the technology behind the automated fixes? Also, have you conducted any security assessments to measure the effectiveness of these fixes? Looking forward to learning more about how Corgea can revolutionize application security!

Report

1yr ago

Ahmad Sadeddin

Corgea

Maker

@andrew_leader Thanks for the comment, and great questions! Behind the scenes we leverage LLM's like OpenAI and various pre-processing and post-processing techniques to make sure we produce great fixes. We actually parse code using static code analysis techniques before we fix it to make sure it's valid. We don't want to fix a broken file. Afterwards, the LLM produces fixes, and we weave them through out the affected file, placing imports in the correct places, and fixes only the affected lines without damaging other parts of the file. The part I just described is the trickiest. We test the file's validity after the fix, and validate that the fix was correct using AI. At any point, if any of our checks fail, Corgea does not produce a fix. You can tell from the above our goal is make sure the fix is great. The way we measure effectiveness is 2 ways. Would we issue a PR from this fix? Did the issue get resolved on the next scan? The team and I run QA checks on Corgea several times a month to see it's performance, and to iterate. We will be publishing performance reports soon on all of this! Hope this answers your question!

Report

1yr ago