FAQ
Harness integration questions teams ask
Short answers on discovery, scans, status checks, and fixes inside Harness Code.
How does Corgea discover my Harness repositories?
Corgea calls the Harness Code API to list every repository under the orgs and projects your token can access, filtered by an allowlist if you configure one. New repositories appear automatically, and you can force a refresh from the Projects page.
What happens when a pull request is opened?
When you bind a Corgea project to a Harness repo, Corgea registers a per-repo webhook on Harness Code. Subsequent PR opens, reopens, and pushes trigger an incremental scan and post the results as inline review comments on the diff.
Can I require Corgea scans before merging?
Yes. Corgea writes a corgea-security-scan commit status check on each pull request, so your Harness PR rules can require it to pass before a merge is allowed.
Can Corgea fix issues automatically?
From any Corgea-detected issue you can click Create Pull Request, and Corgea pushes the fix to a new Harness branch and opens a PR back into the issue’s source branch.
Can my team reply to Corgea’s review comments?
Yes. When the Corgea Agent is enabled for your company, replies to Corgea’s PR comments are routed through it. The agent can mark issues as false positives, assign them, or answer follow-up questions, threaded under the original review comment.