Blog
Security writing from Corgea
Engineering-focused posts on code security, remediation workflows, and product updates.
Changelog - June 4, 2026
This week's Corgea changelog highlights faster project tag management, more resilient large scan uploads, and more reliable GitHub App pull request scanning.
10 Best SonarQube Alternatives in 2026 (Ranked by Accuracy & Auto-Fix)
The 10 best SonarQube alternatives in 2026, ranked by detection accuracy, auto-remediation, and coverage, with real before-and-after auto-fix examples.
Changelog - May 28, 2026
This week's Corgea changelog highlights SCA support in SLA Management, Security Design Review beta, and broader API and MCP access to security data.
Changelog - May 21, 2026
This week's Corgea changelog highlights scheduled scan webhook filters, project-tag scoped PR rules, and broader, cleaner scan analysis.
Changelog - May 13, 2026
This week's Corgea changelog highlights Harness Code integration, sharper secret scanning, and stronger endpoint discovery in the scanning engine.
SonarQube vs Snyk: Full Comparison + Why Teams Are Choosing Corgea
Compare SonarQube and Snyk side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.
See how Corgea fixes vulnerabilities
AI-powered scanning with auto-fix. Start securing your code in minutes.
Snyk vs Checkmarx: Full Comparison + Why Teams Are Choosing Corgea
Compare Snyk and Checkmarx side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.
SonarQube vs Checkmarx: Full Comparison + Why Teams Are Choosing Corgea
Compare SonarQube and Checkmarx side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.
SonarQube vs Veracode: Full Comparison + Why Teams Are Choosing Corgea
Compare SonarQube and Veracode side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.
Mythos: Given Enough Inference, All Bugs Are Shallow
Anthropic's Mythos showed that given enough inference, all bugs are shallow. But who pays for the inference? We benchmarked Claude Opus 4.6 against Corgea v1 and v2 to show why purpose-built scanner architecture beats raw model capability on precision, recall, cost, and speed.
Snyk vs Semgrep: Full Comparison + Why Teams Are Choosing Corgea
Compare Snyk and Semgrep side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.
Corgea Reporting: Security and Developer Insights in One View
Track code, dependency, code quality, IaC, scan activity, aging, and developer insights in one place. Filter reporting by project, tags, and time to see trends clearly.
New Integration: Bitbucket
Connect Corgea to Bitbucket in a day with an API-native integration—no CI/CD setup. Scan repos, get PR feedback, use Corgea Agent in Bitbucket, and open fix pull requests automa...
New in Corgea: Container Scanning + IaC Scanning
Scan container images for known CVEs and catch IaC misconfigurations before deploy. Corgea adds container/image scanning and Infrastructure as Code scanning for AppSec and devel...
New Feature: Corgea Agent
Corgea Agent brings security into pull requests so developers can triage findings without leaving their workflow. Security teams get auditable feedback history and insights in t...
New Product: Code Quality
Code Quality in Corgea finds high-confidence code quality issues using multi-file context and CWE-based categorization, with optional automated fixes. Try it now or book a demo.
AI Application Security: How AI Is Transforming AppSec in 2026
Codebases are growing faster than security headcount, scanner output is a firehose of noise, and developers treat security findings like spam. AI application security is the fir...
Best Java Static Code Analyzer: Top Tools Ranked
Best Java static analyzer tools ranked for security and CI/CD, comparison table, pitfalls, configs, and a worked example.
Here's what happening the last 72-hours: 700+ Packages Compromised from Shai-Hulud 2.0 Worm (November 25, 2025)
Critical npm worm compromises 700+ packages including Zapier, PostHog, and Postman. 25,000+ GitHub repos infected, exposing 775+ tokens. Immediate mitigation steps inside.
Sha1-Hulud: The Second Wave of npm Supply-Chain Attacks
Researchers uncovered a fast-moving npm supply-chain worm named Shai-Hulud. The malware injected malicious JavaScript (bundle.js) into popular packages.
Introducing Smarter Auto-Fixing for SAST Findings
Corgea’s improved auto-fixing now delivers self-healing fixes, stronger quality checks, and 8% higher accuracy. Supports HTML, JSP, and integrates with Checkmarx, Fortify, Semgr...
Introducing Extended APIs: Enhanced Security Management for Developers
Discover Corgea's new Extended APIs for scans, issues, blocking rules, and scan operations. Automate security workflows, integrate with CI/CD pipelines, and build custom securit...
Introducing Corgea Dependency Scanning
Stay ahead of open-source risks with Corgea’s new Dependency Scanning. Automatically detect vulnerabilities, enforce licenses, and apply grouped fix versions across multiple eco...
Announcing Reachability Analysis: Endpoint-Aware SAST in Corgea
Corgea’s new Reachability Analysis connects SAST findings to real web endpoints, showing which vulnerabilities are actually reachable from your API surface. Automatically maps e...
Automate Your Security: Introducing Corgea's Scheduled Scans
Automate your security workflows with Corgea's new Scheduled Scans feature. Set up recurring SAST, SCA, secrets, and PII scans across projects with flexible scheduling, intellig...
The Three Waves of SAST: From Rules to AI-Native Analysis
Explore the evolution of Static Application Security Testing (SAST) — from legacy Fortify and Checkmarx, to developer-first tools like Snyk and Semgrep, and now AI-native SAST r...
Whitepaper: Javascript Security Scanning
java script security scanning
Introducing the new Scan Details Page
Corgea’s Scan Details page gives security teams deep insight and control with an interactive dashboard to analyze and manage code vulnerabilities effectively.
Introducing Source and Sink Tracing for Smarter Security
Corgea’s Source & Sink Analysis maps untrusted data flow end-to-end, bringing intelligent, enterprise-grade vulnerability analysis to your development workflow.
Improved Multi-File Analysis and False Positive Reduction
Corgea’s upgraded multi-file analysis engine redefines static analysis by mapping your codebase context, analyzing file relationships, and understanding true system behavior.
Introducing Policy YAML: Security Policies as Code, Built for Scale
Corgea’s Policy-as-Code lets you define and enforce security standards as YAML in your repo, turning policies into actionable, automated code.
AI-Powered Policy Creation, Optimization, and Testing — All in One Place
Corgea’s Policy Playground & Optimizer empower security teams to craft AI-enhanced policies that catch real issues and cut noise, all in one seamless environment.
Introducing BLAST: The Future of Security Testing is Here
Corgea launches BLAST: an AI-powered platform to uncover and fix hidden business logic vulnerabilities, protecting enterprises from advanced cyber threats.
Corgea Named Best SAST Auto-Fixing Solution in Recent Analyst Report
We’re excited to share that Corgea has been recognized as the best SAST auto-fixing solution in the latest Actually Useful Product Guide report for Q1 2025. This recognition val...
Streamline Security Response with Corgea's New SLA Management
Effective security requires more than just finding vulnerabilities - it's about having processes in place to prioritize and respond to issues based on their severity and potenti...
Introducing PolicyIQ: Contextual Security Analysis for Smarter, More Accurate Results
Corgea is excited to announce the release of PolicyIQ, a groundbreaking new feature that addresses the limitations of traditional static application security testing (SAST) tool...
Announcing Beagle: The Next Generation of AppSec LLMs
We are proud to introduce Beagle, the latest version of Corgea's fine-tuned AppSec LLM. Beagle represents a groundbreaking leap in automated vulnerability management, combining...
New Integrations for Streamlined Workflows
We're thrilled to announce the release of our new integrations for JIRA, Slack, Zapier, and webhooks! These powerful integrations are designed to seamlessly integrate Corgea int...
Corgea Announces GitLab Integration
Corgea, the leading automated code security platform, is excited to announce its integration with GitLab, the popular web-based DevOps lifecycle tool. This integration allows de...
Corgea Expands Language Support: C, C++, Kotlin, and PHP for Enhanced Code Security
Corgea is excited to announce the expansion of its language support to include C, C++, Kotlin, and PHP. We know how critical comprehensive language and framework support is for...
Whitepaper: BLAST, the AI-powered SAST scanner
Corgea: AI-powered app security that detects hidden flaws, cuts false positives by 30%, and accelerates fixes by 80%. Built for secure, fast devs.
Introducing Corgea CodeIQ: Smarter Detection, Triaging, and Fixing of Insecure Code
Introducing Corgea CodeIQ: Understand your codebase deeply, map code to the broader system, and revolutionize secure code analysis for developers and security teams.
The Future of SAST: A Shift to AI-Powered Security
Static Application Security Testing (SAST) has long been a foundational tool in the arsenal of software security. Designed to scrutinize codebases and identify vulnerabilities b...
Corgea Announces Integration with Fortify to Enhance Application Security for Enterprises
Corgea partners with Fortify to bring AI-driven triage and remediation to enterprise SAST, helping complex organizations strengthen app security at scale.
Corgea Recognized as an IDC Innovator for DevSecOps Automated Remediation
Corgea named an IDC Innovator for DevSecOps Automated Remediation, recognized for pioneering AI-driven secure code automation and innovation.
Introducing Corgea's New Visual Studio 2022 Plugin: AI-Generated Fixes for Developers
Corgea for Visual Studio 2022: Identify, analyze, and fix code vulnerabilities seamlessly with powerful in-editor security management.
Introducing Corgea's AppSec LLM: Precision, Privacy, and Performance for Enterprise Security
Introducing Corgea’s AppSec LLM: a private, enterprise-grade language model delivering precise vulnerability detection and secure, privacy-focused remediation.
New Product: BLAST - Business Logic Application Security Testing
Corgea launches BLAST: Business Logic Application Security Testing to help devs and security teams uncover critical business logic flaws in apps.
Fine-Tuning for Precision and Privacy: How Corgea's LLM Enhances Enterprise Application Security
Corgea: AI-powered AppSec engineer for enterprises, cutting false positives by 30% and speeding remediation by 80% with secure, private fine-tuned models.
How Corgea Improves Fix Accuracy and Coverage?
Corgea explains how its AI-driven platform improves SAST fix accuracy and coverage, delivering precise code fixes and reducing false positives for developers.
Introducing Corgea Reporting
Corgea launches a powerful reporting feature for AppSec and software engineers to track security posture, spot patterns, and drive measurable savings.
Introducing: Corgea's Advanced False Positive Detection
Corgea introduces Advanced False Positive Detection for SAST, helping developers and security teams save time by reducing noise and focusing on real issues.
Introducing Corgea's New Visual Studio Code Plugin: AI-Generated Fixes
Boost productivity & secure your code with Corgea's Visual Studio IDE Plugin. Detect & fix vulnerabilities automatically with AI-generated fixes.
Corgea Integration with Azure DevOps: Enhancing Code Security Through AI
Corgea now integrates with Azure DevOps, enabling seamless, AI-powered code correction and security directly in your DevOps workflows.
Announcing Corgea's GitHub App for automated PR fixes
Corgea’s GitHub app brings enterprise-level security to small teams by detecting vulnerabilities and suggesting fixes—like your own in-house security engineer
Corgea's New GitHub Action
Corgea now integrates with GitHub Actions, empowering developers to detect and fix vulnerable code seamlessly within their CI/CD workflow.
Announcing New Language Support: C# and .Net for Automated Vulnerability Fixes
Corgea now supports automated code fixes for C# and .NET apps, extending our commitment to secure development across popular languages and frameworks.
Corgea Announces New Integration with CodeQL Reports to Streamline Security Fixes
Corgea now supports fixing CodeQL-detected vulnerabilities with seamless, automated remediation integrated directly into your workflow.
Corgea Now Supports Vulnerability Fixes in Java, Go, and Ruby
Corgea expands automated code fixes to Java, Go, and Ruby, ensuring comprehensive security coverage for widely-used programming languages.
Introducing "Corgea's GitHub App"
Corgea launches its GitHub App, delivering automated vulnerability patches via pull requests—seamlessly integrated into your team’s development workflow.
Introducing "Download Fix"
Corgea’s new 'Download Fix' feature lets developers instantly download patches for vulnerabilities detected by SAST tools like Snyk and Semgrep."
How does Corgea work?
Corgea connects to SAST tools like Snyk & Semgrep, writes AI-powered fixes with explanations, saving security teams 80% effort & speeding up patching.
Introducing Corgea
Corgea launches! Automatically secure vulnerable source code with AI-powered fixes, reducing effort by 80% and accelerating secure development.
No matching content found.