Announcing New Language Support: C# and .Net for Automated Vulnerability Fixes

February 24, 2024

We at Corgea are excited to announce the latest expansion of our automated code fix capabilities, now including support for C# and .Net applications. This addition underscores our commitment to providing comprehensive security solutions across a broad spectrum of programming languages and frameworks, recognizing the critical role of C# and .Net in the development community.

The Drive Behind the Expansion

Our mission at Corgea extends beyond merely identifying security vulnerabilities; it's about actively resolving them and enhancing the security posture of your applications. This expansion into C# and .Net territories is driven by our ongoing effort to make Corgea the most inclusive platform for automated security fixes, catering to the diverse programming needs of modern enterprises. Corgea also supports Python, Java, Javascript, Go, Ruby and their frameworks; making Corgea the most comprehensive code vulnerability remediation platform on the market.

With the growing complexity of applications and the increasing reliance on a mix of technologies, it's more important than ever for companies to ensure broad security coverage across all their development projects.

How It Works with C# and .Net

Integrating C# and .Net into our platform signifies a major leap towards achieving complete programming language support, alongside our existing capabilities for Python, JavaScript, Java, Go, and Ruby. Here’s a glimpse into how our enhanced AI-driven solution operates with C# and .Net:

1. Detection: Corgea interfaces with leading Static Application Security Testing (SAST) scanners, such as Snyk, CodeQL, and Semgrep, to pinpoint vulnerabilities within C# and .Net codebases.

2. Analysis: Upon identifying a vulnerability, our AI meticulously analyzes the code's context and the specific nature of the vulnerability within the C# or .Net framework.

3. Automated Fixes: Employing sophisticated AI algorithms, Corgea autonomously generates a precise fix for the detected vulnerability, specifically tailored to the unique characteristics of C# and .Net, including their extensive frameworks and libraries.

4. Review and Integration: The proposed fix is then reviewed by the development team. Once approved, it can be effortlessly integrated into the existing codebase, facilitating a smooth and uninterrupted development workflow.

Showing It In Action

The screenshot below shows a .Net application with an SQL injection vulnerability that was detected by Semgrep. Corgea generated a fix and an explanation to educate the developer on what it did. This information will be sent within the pull-request.

Looking Ahead

Our vision for Corgea does not stop with the addition of C# and .Net support. We are on a continuous journey to broaden our platform's capabilities, aiming to include more programming languages and frameworks. Our goal is to ensure that Corgea remains at the forefront of automated security solutions in software development, providing developers and companies with the tools they need to secure their applications effectively.