In order to fully utilize Corgea's performance, the following points should be noted:
- Privilege Configuration::
- GitHub apps need to grant code read and PR creation permissions
- Enterprise Edition may require additional configuration of SSO access control
- network requirement::
- Real-time scanning requires a stable network connection
- Self-hosted versions need to ensure connectivity to the CI/CD pipeline
- version restriction::
- Free version 10 scans per month, beyond that need to be upgraded
- Some high-level language features may require Enterprise Edition support
Recommended Best Practices:
- Scanning non-core branches to verify effectiveness when first used
- Used in conjunction with existing SAST tools (e.g. Snyk's Dependency Scanning + Corgea's Business Logic Inspection)
- Regularly review false alarm statistics to adjust tagging policies
This answer comes from the articleCorgea: an AI security platform that automatically fixes code vulnerabilitiesThe
May not be reproduced without permission:AI productivity tools " What are some of the things I need to pay special attention to when using Corgea?
English 
简体中文 
日本語 
Deutsch 
Português do Brasil