Introducing Smarter Auto-Fixing for SAST Findings

We’ve taken Corgea’s auto-fix capabilities to the next level. Our goal has always been simple, not just to find vulnerabilities, but to fix them accurately and automatically.

What’s New

• Self-Healing Fixes: Auto-fixes now re-attempt when they fail quality checks, improving success rates on complex issues.

• Stronger Quality Checks: Enhanced verification ensures that low-quality or incomplete fixes never get applied.

• Improved False Positive Detection: Fewer unnecessary fixes, more confidence in what gets patched.

• Higher Quality, Same Coverage: Coverage remains around 85% of vulnerabilities, but overall fix quality is up 8%.

• Smarter for Complex Scenarios: Handles deeper and more intricate code paths with better context awareness.

• Expanded Language Support: Now includes HTML and JSP, extending coverage across ecosystems like Python, Java, and JavaScript.

• Broad Scanner Compatibility: Works seamlessly with Corgea’s scanners and third-party tools including Checkmarx, Fortify, GitHub Advanced Security, Semgrep, and Snyk.

Why It Matters

This update means faster, safer, and more reliable remediation for your developers, with fewer false alarms and higher-quality fixes out of the box. Corgea continues to lead the way in AI-powered application security automation, helping teams not just find vulnerabilities, but eliminate them.