Corgea Launch Week starts March 2nd
New Product: Code Quality
Deeper reviews, not linting: multi-file, framework-aware analysis that finds correctness, maintainability, and performance issues that basic tools miss.
High trust by design: CWE-based categorization plus a ≥90% confidence bar and false-positive filtering to keep noise low.
Fixes as part of the workflow: when we’re confident, Corgea proposes a patch you can review and merge, no blank-page refactors.
New Feature: Corgea Agent
Take action by replying in the PR: mark false positive, accept risk, ask for more info, mark fixed/duplicate/in progress—right where the finding shows up.
No new workflow to learn: in many cases, developers don’t even need to @mention the agent; a normal in-thread reply is enough.
Better oversight for security teams: every interaction is logged (filterable by action/user/date), plus a web chat to quickly ask questions about posture, trends, and blockers.
New Feature: Container & IaC Scanning
Automatic discovery, minimal setup: detects Dockerfiles/docker-compose and common IaC files and scans them by default.
Real coverage of “last mile” risk: flags image-layer CVEs and IaC issues like public resources, over-permissive IAM, exposed secrets, and insecure Kubernetes configs.
Actionable results: prioritized findings with severity and remediation guidance so teams focus on the few fixes that matter.
New Integration: BitBucket
Zero CI/CD setup: no pipeline YAML, no runners, no config drift—Corgea auto-configures webhooks and keeps scans tied to repos + PRs.
Fixes as real PRs: open pull requests for code fixes directly from Corgea (no copy/paste patches that die in a ticket).
Corgea Agent in Bitbucket: interact in PR comments to mark false positives, accept risk, or confirm fixes—plus web chat for broader questions.
New Reporting views
Security posture at a glance: See vulnerability counts, severity distribution, and risk across projects in one place.
Track trends over time: Monitor new vs. resolved vulnerabilities and understand how your security posture evolves.
Export and share results: Generate reports or export findings for stakeholders, audits, or external tools.
Announcements
coming soon