Meet Corgea: an AI-powered startup that helps companies fix vulnerable source codes

When scanning their code for vulnerabilities, companies often find numerous findings. It takes companies an average of three months to fix a vulnerability, and 60% of victims were aware of the unpatched vulnerability being used. Engineers tend to focus less on security patches and instead focus on work that makes money. Fixing vulnerabilities is extremely expensive for companies, with each fix costing between $400 and $4,000, which is totally unacceptable given the prevalence and sophistication of security breaches in the modern era.

Security teams were constantly concerned that their dozens and dozens of security technologies only served to notify them of problems rather than automatically remediate them. As a result, security teams were left to fend for themselves.

Meet CorgeaCorgea is a startup that uses ai to automate the finding and addressing of software vulnerabilities. Corgea integrates well with existing security solutions to automatically scan codebases for potential vulnerabilities. However, Corgea goes beyond simple detection. Its ability to generate fixes with the help of ai is its greatest strength. This frees up a lot of time and energy for security staff to focus on what they need to do: strategic projects.

Corgea’s integration with current static application security testing (SAST) tools such as Snyk or Semgrep automatically fixes any vulnerabilities found in the code. Security teams can submit a pull request for the patch without interfering with any processes. The code fix is ​​sent to engineers for evaluation, along with clear explanations to help them understand the changes. To address SQL injection, path traversal, SSRF, and many other vulnerabilities, Corgea can rewrite the code and release patches. Here is a quick demo of Corgea’s features.

How does Corgea work?

The three main steps of Corgea's operation are as follows:

Corgea supports the most popular security scanners and continuous integration and delivery pipelines, making vulnerability detection easy. That way, you can detect emerging vulnerabilities in codebases. Corgea can find any security issues in code using static application security testing (SAST) tools. It can also work with software composition analysis (SCA) technologies to find security flaws in libraries used by third parties.

ai-assisted fix generation: Corgea does not just find vulnerabilities. Potential code fixes are generated using its powerful ai capabilities. These fixes aim to close the vulnerability and keep the code usable. A large collection of code and security patches is used to train Corgea’s ai model, allowing it to provide highly accurate fix suggestions.

Corgea generates a potential fix, produces a pull request in the code repository, and then reviews it. In addition to the code modification, this pull request describes in detail the vulnerability and the reason for the proposed patch. After reviewing the changes, developers can decide whether they are suitable for inclusion in the codebase.

Key Benefits

With Corgea, companies can secure their products and reduce fixed times to hours without putting engineers through the wringer, among other benefits. Engineers can save up to 80% of the time spent resolving security issues because Corgea issues the code fix. Instead of being a hindrance, security can now facilitate engineering. Research also indicates that fixing a single vulnerability can cost between $400 and $4,000. Corgea can reduce these expenses by up to 80%. Several companies can save at least $10 million in direct development expenses. Savings from preventing breaches are not included in this.

In conclusion

When it comes to software protection, Corgea represents a major step forward. Previously, Corgea performed security tasks exclusively by humans, but now it automates them using artificial intelligence. This not only makes security processes more efficient and effective, but also frees up important human resources to work on more strategic projects.