Blog

Security writing from Corgea

Engineering-focused posts on code security, remediation workflows, and product updates.

Showing 20 of 73 posts

Corgea vs. Snyk: We benchmarked SAST on a deliberately vulnerable repo

On the same fixed benchmark basis as our Aikido comparison, Corgea found 42 of 47 confirmed issues and led on precision, recall, and F1. Snyk found 26, missing 21 of the confirmed set.

Corgea Security Team Corgea Security Team
Jul 2, 2026 • Research
benchmarksastsnyk

Corgea vs. Aikido: We benchmarked SAST on a deliberately vulnerable repo

Aikido was slightly more precise in this benchmark, but missed 34 of 47 confirmed issues. Corgea found 42, reached 89.36% recall, and delivered the stronger F1 score.

Corgea Security Team Corgea Security Team
Jul 2, 2026 • Research
benchmarksastaikido

Changelog - July 2, 2026

This week's Corgea changelog highlights AI Penetration Testing, new dependency inventory workflows in the Corgea Agent, and better documentation for project-level scan exclusions.

Corgea Security Team Corgea Security Team
Jul 2, 2026 • Product
ChangelogProduct

Changelog - June 25, 2026

This week's Corgea changelog post highlights the latest public release notes, including the Skills Registry, policy API access, and bulk Content Access Management workflows.

Corgea Security Team Corgea Security Team
Jun 25, 2026 • Product
ChangelogProduct

Changelog - June 18, 2026

This week's Corgea changelog highlights the new Skills Registry, policy API access, and SLA-aware vulnerability search.

Corgea Security Team Corgea Security Team
Jun 18, 2026 • Product
ChangelogProduct

Introducing Corgea AI Pentesting

Autonomous penetration testing that thinks like a pentesting team. Multi-agent architecture. Code-aware, not black-box. 4-8 hours instead of 2 weeks.

Ahmad Ahmad
Jun 18, 2026 • Product
Launch WeekAI PentestingProduct

See how Corgea fixes vulnerabilities

AI-powered scanning with auto-fix. Start securing your code in minutes.

Corgea Auto-Discovery and Learning

Corgea now studies your codebase before scanning it, and learns from every developer feedback action. No more generic scanners. No more repeating the same false positives.

Ahmad Ahmad
Jun 16, 2026 • Product
Launch WeekAuto-DiscoveryLearning

Introducing Corgea Skill Scanning

Corgea scans custom agent skills before developers can install them, blocking unsafe SKILL.md instructions and distributing only approved versions through the governed Skills Registry.

Ahmad Ahmad
Jun 16, 2026 • Product
Launch WeekSkill ScanningSkills Registry

Introducing Corgea Security Design Reviews

Most security tools only find bugs after they're written. Corgea Security Design Reviews catch design-level risks before a single line of code is committed.

Ahmad Ahmad
Jun 15, 2026 • Product
Launch WeekDesign ReviewsProduct

Changelog - June 11, 2026

This week's Corgea changelog highlights on-demand fix generation, branch-level reporting filters, and richer SCA advisory details.

Corgea Security Team Corgea Security Team
Jun 11, 2026 • Product
ChangelogProduct

Changelog - June 4, 2026

This week's Corgea changelog highlights faster project tag management, more resilient large scan uploads, and more reliable GitHub App pull request scanning.

Corgea Security Team Corgea Security Team
Jun 4, 2026 • Product
ChangelogProduct

10 Best SonarQube Alternatives in 2026 (Ranked by Accuracy & Auto-Fix)

The 10 best SonarQube alternatives in 2026, ranked by detection accuracy, auto-remediation, and coverage, with real before-and-after auto-fix examples.

Corgea Security Team Corgea Security Team
Jun 2, 2026 • Comparison
SonarQubeSASTAppSec

Changelog - May 28, 2026

This week's Corgea changelog highlights SCA support in SLA Management, Security Design Review beta, and broader API and MCP access to security data.

Corgea Security Team Corgea Security Team
May 28, 2026 • Product
ChangelogProduct

Changelog - May 21, 2026

This week's Corgea changelog highlights scheduled scan webhook filters, project-tag scoped PR rules, and broader, cleaner scan analysis.

Corgea Security Team Corgea Security Team
May 21, 2026 • Product
ChangelogProduct

Changelog - May 13, 2026

This week's Corgea changelog highlights Harness Code integration, sharper secret scanning, and stronger endpoint discovery in the scanning engine.

Corgea Security Team Corgea Security Team
May 13, 2026 • Product
ChangelogProduct

SonarQube vs Snyk: Full Comparison + Why Teams Are Choosing Corgea

Compare SonarQube and Snyk side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.

Corgea Security Team Corgea Security Team
May 9, 2026 • Comparison
SonarQubeSnykCorgea

Snyk vs Checkmarx: Full Comparison + Why Teams Are Choosing Corgea

Compare Snyk and Checkmarx side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.

Corgea Security Team Corgea Security Team
May 5, 2026 • Comparison
SnykCheckmarxCorgea

SonarQube vs Checkmarx: Full Comparison + Why Teams Are Choosing Corgea

Compare SonarQube and Checkmarx side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.

Corgea Security Team Corgea Security Team
May 5, 2026 • Comparison
SonarQubeCheckmarxCorgea

SonarQube vs Veracode: Full Comparison + Why Teams Are Choosing Corgea

Compare SonarQube and Veracode side by side on security coverage, developer experience, accuracy, pricing, and auto-remediation. See how Corgea stacks up.

Corgea Security Team Corgea Security Team
May 5, 2026 • Comparison
SonarQubeVeracodeCorgea

Mythos: Given Enough Inference, All Bugs Are Shallow

Anthropic's Mythos showed that given enough inference, all bugs are shallow. But who pays for the inference? We benchmarked Claude Opus 4.6 against Corgea v1 and v2 to show why purpose-built scanner architecture beats raw model capability on precision, recall, cost, and speed.

Ahmad Ahmad
Apr 14, 2026 • Product