Introducing Corgea Dependency Scanning

We're proud to announce that Corgea now automatically detects and reports vulnerabilities in your open-source dependencies. Every scan, manual or scheduled, checks for security, licensing, and version risks across your codebase so you can stay ahead of threats.

How It Works

During each scan, Corgea runs an OSV scan that identifies all third-party libraries used in your repositories and matches them against multiple vulnerability databases, such as the GitHub Advisory Database, PyPI, and Go Vulnerability Database.

The platform consolidates these findings into one view with clear fix versions and severity levels. When several CVEs share the same patch version, Corgea groups them together, letting you fix multiple vulnerabilities with a single upgrade.

Dependency Scanning runs automatically but can also be scheduled for continuous monitoring or triggered in CI/CD pipelines using the Corgea CLI. All data is available over API for integration with your existing tools.

What You Can Do With It

• See all dependency vulnerabilities across projects in one dashboard.

• Identify the exact packages, versions, and available fixes.

• Track license compliance and enforce your organization’s open-source policies.

• Schedule recurring scans to monitor new CVEs over time.

• Integrate Corgea directly into your pipeline to fail builds with critical issues.

Why It Matters

Dependency Scanning gives you visibility and control over the open-source components your applications rely on, without adding new tools or workflows. You’ll fix faster, reduce noise, and keep your projects compliant and secure.