Corgea's New GitHub Action

February 27, 2024

An image of GitHub actions

Our mission at Corgea has always been to provide developers with cutting-edge tools to identify and rectify vulnerable source code effectively. Today, we're taking a giant leap forward by making our solution an integral part of your development process, specifically through GitHub Actions.

Introducing Corgea's GitHub Action: How It Works

We've developed a reusable GitHub Action available on the GitHub Marketplace, designed to blend smoothly into your existing workflows. Here's how it elevates your code security game:

  1. Seamless Integration: This action is designed to work with your existing GitHub workflows, making it a natural extension of your development process.

  2. Comprehensive SAST Scanner Support: Our action initiates by running your preferred Static Application Security Testing (SAST) scanner. We currently support leading scanners, including CodeQL, Snyk, and Semgrep.

  3. AI-Powered Fixes on the Fly: Upon detecting vulnerabilities, Corgea pinpoints the compromised lines of code, and suggests actionable, precise fix diffs directly in the GitHub pull request comments. This immediate feedback loop enables developers to address security issues before they escalate or merge into the main codebase.

  4. Extensive Language and Framework Support: Our AI model supports broad spectrum of programming languages and their respective frameworks, including Python, Java, Ruby, Go, JavaScript, and C#. Moreover, Corgea's intelligence spans over 900 Common Weakness Enumerations (CWEs), ensuring comprehensive coverage and support for a vast array of security vulnerabilities.

Why Integrate Corgea Into Your GitHub Actions?

  • Preventive Security: By integrating Corgea, you're not just detecting issues; you're preventing them from becoming part of your codebase. This proactive approach ensures vulnerabilities are addressed before they can impact your project's security posture.

  • Developer-Friendly Experience: We believe in empowering developers, not hindering them. Corgea's GitHub Action is designed to be a developer's ally, offering intuitive, actionable fixes without disrupting the coding flow. This enhances productivity and fosters a security-aware culture within your team.

  • Harmonious Workflow Integration: Corgea is not about reinventing the wheel but enhancing it. By fitting into your existing GitHub Actions and workflows, we ensure a smooth, frictionless integration, preserving your team's efficiency and workflow preferences.

  • Scanner Flexibility: Your choice of SAST scanner should not limit your ability to secure your codebase. Corgea's support for multiple leading scanners ensures you can leverage the best tools in the market without sacrificing compatibility or coverage.

By bridging the gap between security and development, we're not just fixing code; we're building a foundation for safer, more reliable software for everyone. Stay ahead of vulnerabilities and elevate your code security with Corgea's GitHub integration.