At Corgea, we help companies detect false positives and automatically fix SAST (Static Application Security Testing) findings. Our AI-driven platform assists software engineers by providing accurate code fixes for valid vulnerabilities, such as XSS, and identifying false positives, such as hard-coded passwords in test suites. This means that accuracy and coverage needs to be extremely high. We frequently get asked, "How does Corgea improve fix accuracy and coverage?" Here's a straightforward breakdown of what we do and don't do to achieve this.

What We Don't Do:

• No Training on Your Data: We respect your data privacy. None of our models are trained using your data. This is crucial because it ensures that your sensitive information remains confidential and is not used to enhance our algorithms. By not relying on customer data, we eliminate any risk of data leakage and ensure your proprietary code and information stay secure.

What We Do:

To solve for this problem, we developer our own internal tooling and techniques to continuously iterate and experiment.

• Continuous Iteration: Every week, we run new experiments to improve our security context engines. These experiments focus on various aspects, such as static code analysis, internal rules, prompt engineering, syntax and semantic checks, security fix checks, and false positive detection.

• Extensive Testing: Just this week, we conducted eight experiments on 18,500 vulnerabilities across multiple languages including Go, Ruby, Python, JavaScript, TypeScript, Java, and C#. We’ve built a comprehensive library of issues over time (without using customer data).

  

• Performance Monitoring: We meticulously track performance indicators like fix accuracy, syntax accuracy, semantic accuracy, and false positive accuracy. If an experiment doesn't improve Corgea, we don’t ship it. If it does, we manually validate the improvements.

• Rigorous Validation: Only changes that pass our stringent checks are included in the next deployment of Corgea.

What This Means for You:

• High-Quality Fixes: Our process ensures you receive highly accurate fixes and robust false positive detection without any AI-generated errors.

• Increased Coverage: You benefit from broader issue coverage.

• Enterprise-Grade Assurance: Every change in Corgea is thoroughly tested to meet enterprise standards.

• Data Privacy: Your data is never used to train or enhance our models.

• Rapid Improvements: Our quick iteration process means you get new features and improvements frequently, often on a weekly basis.

We've applied this rigorous process to hundreds of thousands of vulnerabilities. Personally, I’ve reviewed tens of thousands of these manually to ensure the highest quality standards. This dedication is what sets Corgea apart, giving you confidence in our solution.