EveryDev.ai
Subscribe
Home
Tools

3,076+ AI tools

  • New
  • Trending
  • Featured
  • Compare
  • Arena
Categories
  • Agents2063
  • Coding1441
  • Infrastructure665
  • Marketing524
  • Projects470
  • Research437
  • Design408
  • Analytics371
  • MCP268
  • Security265
  • Testing255
  • Data249
  • Integration183
  • Prompts183
  • Communication172
  • Learning166
  • Extensions163
  • Voice146
  • Commerce132
  • DevOps115
  • Web84
  • Finance24
AI Tools by Topic
  • AI Coding Assistants
  • Agent Frameworks
  • MCP Servers
  • AI Prompt Tools
  • Vibe Coding Tools
  • AI Design Tools
  • AI Database Tools
  • AI Website Builders
  • AI Testing Tools
  • LLM Evaluations
Follow Us
  • X / Twitter
  • LinkedIn
  • Reddit
  • Discord
  • Threads
  • Bluesky
  • Mastodon
  • YouTube
  • GitHub
  • Instagram
Get Started
  • About
  • Editorial Standards
  • Corrections & Disclosures
  • Community Guidelines
  • Advertise
  • Contact Us
  • Newsletter
  • Submit a Tool
  • Start a Discussion
  • Write A Blog
  • Share A Build
  • Terms of Service
  • Privacy Policy
Explore with AI
  • ChatGPT
  • Gemini
  • Claude
  • Grok
  • Perplexity
Agent Experience
  • llms.txt
Theme
With AI, Everyone is a Dev. EveryDev.ai © 2026
    1. Home
    2. Tools
    3. Corgea
    Corgea icon

    Corgea

    Application Security

    AI-native application security platform that finds and fixes vulnerabilities in code, dependencies, infrastructure, and containers with developer-ready fixes.

    Visit Website

    At a Glance

    Pricing
    Free tier available

    For individual developers. Includes core scanning capabilities for up to 2 team members and 10 repositories.

    Growth: $31/mo
    Scale: $39/mo
    Enterprise: Custom/contact

    Engagement

    Available On

    Windows
    Web
    API
    VS Code
    JetBrains

    Resources

    WebsiteDocsllms.txt

    Topics

    Application SecurityCode SecurityCode Review

    Alternatives

    SonarQubeHackerOne CodeGuardix
    Developer
    CorgeaSan Francisco, CAEst. 2023$3.17M raised

    Listed Jul 2026

    About Corgea

    Corgea is an AI-native application security (AppSec) platform built for developers, security engineers, and DevOps teams. Backed by Y Combinator and investors including Shorooq Partners, Decacorn, Unbound Ventures, and Propeller Ventures, Corgea positions itself as a unified security control plane that replaces fragmented point scanners. The platform delivers findings and developer-ready fixes across code, packages, infrastructure, and containers — all from a single interface.

    What It Is

    Corgea is a cloud-based AppSec suite that combines AI-powered static analysis (SAST), dependency scanning, secrets detection, container scanning, infrastructure-as-code (IaC) scanning, code quality scanning, attack surface mapping, and autonomous AI pentesting. Unlike traditional SAST tools that generate high volumes of false positives, Corgea's stated design goal is higher-signal detection paired with accurate, review-ready fixes that developers can apply directly in their IDE or pull request workflow.

    Core Product Suite

    Corgea's platform spans multiple scanning disciplines under one control plane:

    • AI SAST — Static analysis that detects business logic flaws, broken authentication, missing authorization checks, and other code-level vulnerabilities, with auto-generated fixes.
    • Dependency Scanning — Reachability-aware package risk assessment with upgrade guidance.
    • Secrets Scanning — Detection of leaked credentials before they become incidents.
    • Container Scanning — Image-level risk prioritization for modern delivery pipelines.
    • IaC Scanning — Shift-left cloud policy checks for Terraform and other infrastructure-as-code formats.
    • Code Quality Scanning — Maintainable code standards with developer-friendly feedback.
    • Attack Surface Mapping — Reachable endpoint mapping tied to real vulnerabilities, tracing paths from public routes to exploitable code and packages.
    • AI Pentest — Autonomous pentesting with auditor-ready reports (launched during Corgea's Launch Week).
    • Security Design Review — Design-stage risk review grounded in the repository.
    • Skills Scanning & Registry — Security review and governed distribution for AI agent skills.

    Developer Workflow Integration

    Corgea integrates directly into the tools developers already use. On the source control side, it supports GitHub, GitLab, Azure DevOps, Bitbucket, and Harness. For IDEs, it offers extensions for Visual Studio Code, Cursor, Visual Studio 2022, and IntelliJ. The platform also exposes an MCP server for agent-powered workflows and integrates with AI coding agents including Claude Code, GitHub Copilot, and OpenAI Codex. JIRA, Slack, webhooks, and a REST API round out the integration surface for security and DevOps teams.

    Audience and Use Cases

    Corgea targets a broad set of roles across the software delivery lifecycle:

    • CISOs — Unified reporting, compliance controls (SOC 2 Type II certified), SSO/SCIM, and audit logs.
    • Security Engineers — Custom and blocking rules, SLA management, RBAC, and team management.
    • Developers — IDE-native findings, PR scanning, and auto-fix suggestions that reduce context switching.
    • DevOps — CI/CD pipeline integration, scheduled scans, and container/IaC coverage.
    • AI Agents — Skills scanning and registry for securing agentic workflows.

    Industry verticals called out on the site include Fintech & Financial Services, Enterprise SaaS, Healthcare & Biotech, Energy, Startups, Consumer & Retail, and Hardware & Manufacturing.

    Update: Launch Week — AI Pentest and Skills Scanning

    Corgea's most recent product movement, highlighted prominently on the homepage, is "Launch Week Day 4: AI-Pentesting" — the release of an autonomous pentesting product that generates auditor-ready reports. Alongside this, the company launched Security Design Review (design-stage risk analysis grounded in the repo) and Skills Scanning & Registry (security review for AI agent skills). The blog shows a changelog entry dated June 25, 2026, indicating active product development and regular release cadence. The platform also publishes real-time CVE research and security advisories through its research program.

    Corgea - 1

    Community Discussions

    Be the first to start a conversation about Corgea

    Share your experience with Corgea, ask questions, or help others learn from your insights.

    Pricing

    FREE

    Free

    For individual developers. Includes core scanning capabilities for up to 2 team members and 10 repositories.

    • AI SAST
    • Logic and Auth Scanning
    • Dependency Scanning
    • Secrets Detection
    • Container Scanning

    Growth

    For teams shipping secure code. Everything in Free plus PR scanning, code quality, and integrations.

    $31/mo
    billed annually
    $39/mo monthly
    • Everything in Free
    • PR Scanning (unlimited)
    • Code Quality
    • Corgea Agent
    • JIRA Integration
    • License Enforcement
    • Up to 100 repositories
    • Minimum 5 seats
    • 50 SAST auto-fixes

    Scale

    Popular

    A true security program with custom rules, reporting, and team management.

    $39/mo
    billed annually
    $49/mo monthly
    • Everything in Growth
    • Custom Rules
    • Blocking Rules
    • Reporting & Analytics
    • Team Management
    • APIs / Webhooks
    • Up to 200 repositories
    • Minimum 20 seats
    • 200 SAST auto-fixes

    Enterprise

    Enterprise controls with SSO, single-tenant deployment, SLA management, and premium support.

    Custom
    contact sales
    • Everything in Scale
    • SSO & SCIM
    • Single-tenant deployment
    • SLA Management
    • Audit Logs
    • Premium Support
    • Unlimited repositories
    • Unlimited team size
    • Unlimited SAST auto-fixes
    View official pricing

    Capabilities

    Key Features

    • AI SAST with auto-fix generation
    • Logic flaw and broken auth detection
    • Dependency scanning with reachability analysis
    • Secrets scanning
    • Container scanning
    • IaC misconfiguration scanning
    • Code quality scanning
    • Attack surface mapping
    • AI pentesting with auditor-ready reports
    • Security design review
    • Skills scanning and registry for AI agents
    • PR scanning
    • Scheduled scans
    • Custom and blocking rules
    • RBAC and team management
    • SLA management
    • Reporting and analytics
    • JIRA integration
    • Slack integration
    • REST API and webhooks
    • MCP server
    • IDE extensions (VS Code, Cursor, Visual Studio, IntelliJ)
    • SCM integrations (GitHub, GitLab, Azure DevOps, Bitbucket, Harness)
    • SBOM and license enforcement
    • SSO and SCIM (Enterprise)
    • Single-tenant deployment (Enterprise)
    • SOC 2 Type II compliance

    Integrations

    GitHub
    GitLab
    Azure DevOps
    Bitbucket
    Harness
    Visual Studio Code
    Cursor
    Visual Studio 2022
    IntelliJ
    Claude Code
    GitHub Copilot
    OpenAI Codex
    JIRA
    Slack
    Terraform
    API Available
    View Docs

    Ratings & Reviews

    No ratings yet

    Be the first to rate Corgea and help others make informed decisions.

    Developer

    Corgea Team

    Corgea builds an AI-native application security platform that finds and fixes vulnerabilities across code, dependencies, infrastructure, and containers. Founded by Ahmad Sadeddin and backed by Y Combinator, Shorooq Partners, Decacorn, Unbound Ventures, and Propeller Ventures, the company focuses on reducing false positives and delivering developer-ready fixes that integrate directly into existing IDE and SCM workflows. Corgea maintains SOC 2 Type II compliance and publishes active security research and CVE advisories.

    Founded 2023
    San Francisco, CA
    $3.17M raised
    10 employees

    Used by

    Global Fortune 20 corporation (unnamed)
    Read more about Corgea Team
    WebsiteLinkedInX / Twitter
    1 tool in directory

    Similar Tools

    SonarQube icon

    SonarQube

    SonarQube is a static code analysis platform that detects bugs, security vulnerabilities, code smells, and secrets across 40+ programming languages to ensure code quality and security.

    HackerOne Code icon

    HackerOne Code

    Expert code review and security guidance platform that catches vulnerabilities earlier in development with AI and human expert review.

    Guardix icon

    Guardix

    AI-powered Solidity smart contract audit platform with multi-model analysis, architecture mapping, and exploit verification on forked chains.

    Browse all tools

    Related Topics

    Application Security

    AI tools for securing software applications and identifying vulnerabilities.

    98 tools

    Code Security

    Tools that analyze code for security vulnerabilities and issues.

    44 tools

    Code Review

    Tools that help review, analyze, and improve code quality.

    90 tools
    Browse all topics
    Back to all toolsSuggest an edit
    ratings
    discussions