diff --git a/.vscode/corgea.extension.log b/.vscode/corgea.extension.log
index 56ccaec..81f79fd 100644
--- a/.vscode/corgea.extension.log
+++ b/.vscode/corgea.extension.log
@@ -98,3 +98,157 @@
[2025-10-06T17:31:21.168Z] Response Status: 200
[2025-10-06T17:31:21.168Z] Response Headers: {"date":"Mon, 06 Oct 2025 17:31:21 GMT","server":"WSGIServer/0.2 CPython/3.12.11","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
[2025-10-06T17:31:21.168Z] Response Data: {"status":"no_project_found"}
+[2025-10-15T16:44:24.246Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-15T16:44:24.246Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"593559fc-10da-4d43-998d-d7eb3aba4718"}
+[2025-10-15T16:44:24.246Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-15T16:44:24.246Z] Request Data: undefined
+[2025-10-15T16:44:24.387Z] Response Status: 200
+[2025-10-15T16:44:24.387Z] Response Headers: {"date":"Wed, 15 Oct 2025 16:44:24 GMT","server":"WSGIServer/0.2 CPython/3.12.11","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-15T16:44:24.387Z] Response Data: {"status":"no_project_found"}
+[2025-10-15T16:44:24.387Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-15T16:44:24.387Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"593559fc-10da-4d43-998d-d7eb3aba4718"}
+[2025-10-15T16:44:24.387Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-15T16:44:24.387Z] Request Data: undefined
+[2025-10-15T16:44:24.447Z] Response Status: 200
+[2025-10-15T16:44:24.447Z] Response Headers: {"date":"Wed, 15 Oct 2025 16:44:24 GMT","server":"WSGIServer/0.2 CPython/3.12.11","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-15T16:44:24.447Z] Response Data: {"status":"no_project_found"}
+[2025-10-15T16:58:44.266Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-15T16:58:44.267Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"593559fc-10da-4d43-998d-d7eb3aba4718"}
+[2025-10-15T16:58:44.267Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-15T16:58:44.267Z] Request Data: undefined
+[2025-10-15T16:58:44.291Z] Response Status: 200
+[2025-10-15T16:58:44.292Z] Response Headers: {"date":"Wed, 15 Oct 2025 16:58:44 GMT","server":"WSGIServer/0.2 CPython/3.12.11","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-15T16:58:44.292Z] Response Data: {"status":"no_project_found"}
+[2025-10-15T16:58:44.292Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-15T16:58:44.292Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"593559fc-10da-4d43-998d-d7eb3aba4718"}
+[2025-10-15T16:58:44.292Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-15T16:58:44.292Z] Request Data: undefined
+[2025-10-15T16:58:44.303Z] Response Status: 200
+[2025-10-15T16:58:44.304Z] Response Headers: {"date":"Wed, 15 Oct 2025 16:58:44 GMT","server":"WSGIServer/0.2 CPython/3.12.11","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-15T16:58:44.304Z] Response Data: {"status":"no_project_found"}
+[2025-10-17T18:17:34.585Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-17T18:17:34.585Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"593559fc-10da-4d43-998d-d7eb3aba4718"}
+[2025-10-17T18:17:34.585Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-17T18:17:34.585Z] Request Data: undefined
+[2025-10-17T18:17:34.621Z] Response Status: 200
+[2025-10-17T18:17:34.621Z] Response Headers: {"date":"Fri, 17 Oct 2025 18:17:34 GMT","server":"WSGIServer/0.2 CPython/3.12.11","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-17T18:17:34.621Z] Response Data: {"status":"no_project_found"}
+[2025-10-17T18:17:34.622Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-17T18:17:34.622Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"593559fc-10da-4d43-998d-d7eb3aba4718"}
+[2025-10-17T18:17:34.622Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-17T18:17:34.622Z] Request Data: undefined
+[2025-10-17T18:17:34.649Z] Response Status: 200
+[2025-10-17T18:17:34.650Z] Response Headers: {"date":"Fri, 17 Oct 2025 18:17:34 GMT","server":"WSGIServer/0.2 CPython/3.12.11","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-17T18:17:34.650Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:17:26.551Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:17:26.551Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:17:26.552Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:17:26.552Z] Request Data: undefined
+[2025-10-21T03:17:26.571Z] Response Status: 200
+[2025-10-21T03:17:26.571Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:17:26 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:17:26.571Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:17:26.572Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:17:26.572Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:17:26.572Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:17:26.572Z] Request Data: undefined
+[2025-10-21T03:17:26.610Z] Response Status: 200
+[2025-10-21T03:17:26.611Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:17:26 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:17:26.611Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:27:29.681Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:27:29.681Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:27:29.681Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:27:29.681Z] Request Data: undefined
+[2025-10-21T03:27:29.696Z] Response Status: 200
+[2025-10-21T03:27:29.696Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:27:29 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:27:29.697Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:27:29.697Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:27:29.697Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:27:29.697Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:27:29.697Z] Request Data: undefined
+[2025-10-21T03:27:29.706Z] Response Status: 200
+[2025-10-21T03:27:29.706Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:27:29 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:27:29.706Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:37:56.514Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:37:56.514Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:37:56.514Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:37:56.514Z] Request Data: undefined
+[2025-10-21T03:37:56.565Z] Response Status: 200
+[2025-10-21T03:37:56.565Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:37:56 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:37:56.565Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:37:56.565Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:37:56.565Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:37:56.565Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:37:56.565Z] Request Data: undefined
+[2025-10-21T03:37:56.582Z] Response Status: 200
+[2025-10-21T03:37:56.583Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:37:56 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:37:56.583Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:48:08.293Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:48:08.294Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:48:08.294Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:48:08.294Z] Request Data: undefined
+[2025-10-21T03:48:08.325Z] Response Status: 200
+[2025-10-21T03:48:08.325Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:48:08 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:48:08.325Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:48:08.326Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:48:08.326Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:48:08.326Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:48:08.326Z] Request Data: undefined
+[2025-10-21T03:48:08.339Z] Response Status: 200
+[2025-10-21T03:48:08.339Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:48:08 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:48:08.339Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:58:20.108Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:58:20.108Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:58:20.108Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:58:20.108Z] Request Data: undefined
+[2025-10-21T03:58:20.122Z] Response Status: 200
+[2025-10-21T03:58:20.122Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:58:20 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:58:20.122Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T03:58:20.122Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T03:58:20.123Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T03:58:20.123Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T03:58:20.123Z] Request Data: undefined
+[2025-10-21T03:58:20.135Z] Response Status: 200
+[2025-10-21T03:58:20.135Z] Response Headers: {"date":"Tue, 21 Oct 2025 03:58:20 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T03:58:20.135Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T04:09:04.773Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T04:09:04.773Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T04:09:04.773Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T04:09:04.773Z] Request Data: undefined
+[2025-10-21T04:09:04.807Z] Response Status: 200
+[2025-10-21T04:09:04.807Z] Response Headers: {"date":"Tue, 21 Oct 2025 04:09:04 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T04:09:04.807Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T04:09:04.807Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T04:09:04.807Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T04:09:04.807Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T04:09:04.808Z] Request Data: undefined
+[2025-10-21T04:09:04.821Z] Response Status: 200
+[2025-10-21T04:09:04.821Z] Response Headers: {"date":"Tue, 21 Oct 2025 04:09:04 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T04:09:04.821Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T04:21:43.797Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T04:21:43.797Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T04:21:43.797Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T04:21:43.797Z] Request Data: undefined
+[2025-10-21T04:21:43.826Z] Response Status: 200
+[2025-10-21T04:21:43.826Z] Response Headers: {"date":"Tue, 21 Oct 2025 04:21:43 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T04:21:43.826Z] Response Data: {"status":"no_project_found"}
+[2025-10-21T04:21:43.826Z] Request: GET http://127.0.0.1:8030/api/v1/issues
+[2025-10-21T04:21:43.826Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"ae2605ff-2380-4e50-b7ce-489429d2d856"}
+[2025-10-21T04:21:43.826Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-21T04:21:43.826Z] Request Data: undefined
+[2025-10-21T04:21:43.838Z] Response Status: 200
+[2025-10-21T04:21:43.838Z] Response Headers: {"date":"Tue, 21 Oct 2025 04:21:43 GMT","server":"WSGIServer/0.2 CPython/3.12.12","content-type":"application/json","x-frame-options":"DENY","content-length":"30","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin"}
+[2025-10-21T04:21:43.838Z] Response Data: {"status":"no_project_found"}
+[2025-10-23T23:29:00.705Z] Request: GET https://wf.corgea.app/api/v1/issues
+[2025-10-23T23:29:00.705Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"447a3567-ffb2-4094-a21b-7bc182097715"}
+[2025-10-23T23:29:00.705Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-23T23:29:00.705Z] Request Data: undefined
+[2025-10-23T23:29:15.690Z] Response Status: 200
+[2025-10-23T23:29:15.691Z] Response Headers: {"date":"Thu, 23 Oct 2025 23:29:15 GMT","content-type":"application/json","transfer-encoding":"chunked","connection":"close","nel":"{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}","server":"cloudflare","x-frame-options":"DENY","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin","cf-cache-status":"DYNAMIC","strict-transport-security":"max-age=0","report-to":"{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4FnmsCRYPsU1Q9fWj2s9%2Bc7V9Q8IwG049Dw%2BRms7Oak8CA5s%2BWvrKilNXMJvHk3xN8%2F6H4RcZ8B1LWb4EQHy3nBQfW7zQOyqiQUHiQ%3D%3D\"}]}","set-cookie":["AWSALB=lFkFWp2CHEekCoSAlNb7kGCOsvN8U9RChMCuE754fPvK35cV2XVCPakQcMbGToYZwat0QSs82wBnzL4P9rcvBaPKw3C5BZo+UcsaYox10odQLcfAXqMOhvgxFuo9; Path=/; Expires=Thu, 30 Oct 2025 23:29:15 GMT","AWSALBCORS=lFkFWp2CHEekCoSAlNb7kGCOsvN8U9RChMCuE754fPvK35cV2XVCPakQcMbGToYZwat0QSs82wBnzL4P9rcvBaPKw3C5BZo+UcsaYox10odQLcfAXqMOhvgxFuo9; SameSite=None; Secure; Path=/; Expires=Thu, 30 Oct 2025 23:29:15 GMT"],"cf-ray":"993503f8bbed7aeb-SJC"}
+[2025-10-23T23:29:15.691Z] Response Data: {"status":"no_project_found"}
+[2025-10-23T23:29:15.691Z] Request: GET https://wf.corgea.app/api/v1/issues
+[2025-10-23T23:29:15.691Z] Request Headers: {"Accept":"application/json, text/plain, */*","CORGEA-TOKEN":"447a3567-ffb2-4094-a21b-7bc182097715"}
+[2025-10-23T23:29:15.691Z] Request Params: {"project":"docs","page":1,"page_size":50}
+[2025-10-23T23:29:15.691Z] Request Data: undefined
+[2025-10-23T23:29:15.932Z] Response Status: 200
+[2025-10-23T23:29:15.932Z] Response Headers: {"date":"Thu, 23 Oct 2025 23:29:15 GMT","content-type":"application/json","transfer-encoding":"chunked","connection":"close","nel":"{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}","server":"cloudflare","x-frame-options":"DENY","vary":"Cookie","x-content-type-options":"nosniff","referrer-policy":"same-origin","cross-origin-opener-policy":"same-origin","cf-cache-status":"DYNAMIC","strict-transport-security":"max-age=0","report-to":"{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZnB0plukOeUTWrMWWAcA2YmVFlOPiiF5E48JxOwqyi9QlbEtNtH46E1pni3p5NuRPk2Sb28yXARJDI%2B0X656BkIg7zvCmFG6nERFkQ%3D%3D\"}]}","set-cookie":["AWSALB=1aVNISb1dMUjtQJRLXidQROtzEtbEfEpUFWq1VASwjhjkZBxIkKVf1/hka1al705eI++c8JdZ1n6ocnR4pTryPUBiWifQeC8qpnQYWf73mh2xgGfG2ONOv+S72ZP; Path=/; Expires=Thu, 30 Oct 2025 23:29:15 GMT","AWSALBCORS=1aVNISb1dMUjtQJRLXidQROtzEtbEfEpUFWq1VASwjhjkZBxIkKVf1/hka1al705eI++c8JdZ1n6ocnR4pTryPUBiWifQeC8qpnQYWf73mh2xgGfG2ONOv+S72ZP; SameSite=None; Secure; Path=/; Expires=Thu, 30 Oct 2025 23:29:15 GMT"],"cf-ray":"993503fa2d047aeb-SJC"}
+[2025-10-23T23:29:15.932Z] Response Data: {"status":"no_project_found"}
diff --git a/api-reference/authentication.mdx b/api-reference/authentication.mdx
index 0145f58..e999e86 100644
--- a/api-reference/authentication.mdx
+++ b/api-reference/authentication.mdx
@@ -1,60 +1,156 @@
---
title: 'Authentication'
-description: 'Corgea API Endpoints'
+description: 'Corgea API Authentication and Token Verification'
---
+# Authentication
-# Authentication and Token Verification
+## Overview
-## Introduction
+The Corgea API uses API key authentication to secure access to all endpoints. Authentication is done via a custom header that must be included with every API request.
-Authentication is a crucial part of interacting with the Corgea CLI API. The API uses token-based authentication to ensure secure access to its endpoints. This section covers how to verify your token using the provided endpoint.
+## Authentication Method
-## Verify Token
+### API Key Header
+
+All API requests require authentication using the `CORGEA-TOKEN` header:
+
+- **Header Name**: `CORGEA-TOKEN`
+- **Type**: API Key
+- **Location**: Request Header
+- **Required**: Yes (for all endpoints)
+
+### Getting Your API Token
+
+You can obtain your API token from the Corgea web application:
+
+1. Log in to your Corgea account at [https://www.corgea.app](https://www.corgea.app)
+2. Navigate to Settings → API Keys
+3. Generate a new API key or copy an existing one
+4. Store it securely - treat it like a password
+
+
+Never share your API token or commit it to version control. Use environment variables or secure secret management systems to store your tokens.
+
+
+## Making Authenticated Requests
+
+Include your API token in the `CORGEA-TOKEN` header with every request:
+
+
+
+```bash cURL
+curl -X GET "https://www.corgea.app/api/v1/verify" \
+ -H "CORGEA-TOKEN: your_api_token_here"
+```
+
+```python Python
+import requests
+
+headers = {
+ "CORGEA-TOKEN": "your_api_token_here"
+}
+
+response = requests.get(
+ "https://www.corgea.app/api/v1/verify",
+ headers=headers
+)
+```
-The Verify Token endpoint allows you to check the validity of your token. This is the first step in ensuring you have the necessary permissions to access other API endpoints.
+```javascript JavaScript
+const headers = {
+ 'CORGEA-TOKEN': 'your_api_token_here'
+};
+
+fetch('http://github.com/service/https://www.corgea.app/api/v1/verify', {
+ method: 'GET',
+ headers: headers
+})
+ .then(response => response.json())
+ .then(data => console.log(data));
+```
+
+
+
+## Verify Token
### Endpoint
-- **URL**: `https://corgea.app/api/cli/verify/{token}`
-- **Method**: `GET`
+Verify the validity of your API token and optionally retrieve user information.
-### Parameters
+- **URL**: `https://www.corgea.app/api/v1/verify`
+- **Method**: `GET`
+- **Authentication**: Required (CORGEA-TOKEN header)
-| Name | In | Type | Required | Description |
-|-------|------|--------|----------|-----------------------|
-| token | path | string | yes | The token to be verified |
+### Query Parameters
-### Request Example
+| Name | Type | Required | Default | Description |
+|-----------|---------|----------|---------|------------------------------------------------|
+| user_info | boolean | No | false | Whether to include user information in response |
-The `` component works similar to CodeGroup, but displays the request content on the right sidebar. Thus, you can put multiple code blocks inside ``.
+### Request Examples
-```shell
-# cURL
-curl -X GET "https://corgea.app/api/cli/verify/your_token_here"
+```bash Basic Verification
+curl -X GET "https://www.corgea.app/api/v1/verify" \
+ -H "CORGEA-TOKEN: your_api_token_here"
+```
+
+```bash With User Info
+curl -X GET "https://www.corgea.app/api/v1/verify?user_info=true" \
+ -H "CORGEA-TOKEN: your_api_token_here"
```
-```http
-# HTTP Request
-GET /cli/verify/your_token_here HTTP/1.1
-Host: corgea.app
+```python Python
+import requests
+
+headers = {
+ "CORGEA-TOKEN": "your_api_token_here"
+}
+
+# Basic verification
+response = requests.get(
+ "https://www.corgea.app/api/v1/verify",
+ headers=headers
+)
+
+# With user info
+response = requests.get(
+ "https://www.corgea.app/api/v1/verify",
+ headers=headers,
+ params={"user_info": True}
+)
```
+### Response Examples
+
-```json
-# Success Response
+```json Basic Response
{
"status": "ok"
}
```
-```json
-# Error Response
+```json With User Info
+{
+ "status": "ok",
+ "user": {
+ "id": 12345,
+ "email": "user@example.com",
+ "name": "John Doe",
+ "company": {
+ "id": 67890,
+ "name": "Acme Corporation"
+ }
+ }
+}
+```
+
+```json Invalid Token
{
"status": "error"
}
@@ -64,30 +160,61 @@ Host: corgea.app
### Response Codes
-- `200 OK`: The token is valid.
-- `400 Bad Request`: The token is invalid.
+| Status Code | Description |
+|-------------|---------------------------------------|
+| 200 | Token is valid |
+| 401 | Invalid or missing authentication token |
-### Usage
+## Common Authentication Errors
-To use this endpoint, replace `your_token_here` with the actual token you wish to verify. This will return a JSON response indicating whether the token is valid or not.
+### Missing Token
-### Example Scenario
+If you don't include the `CORGEA-TOKEN` header, you'll receive a `401 Unauthorized` response:
-#### Step-by-Step Example
+```json
+{
+ "status": "error"
+}
+```
-1. **Prepare the request**:
- - Ensure you have your token ready.
- - Use the `curl` command or any HTTP client to send a GET request to the endpoint.
+### Invalid Token
-2. **Send the request**:
- - Execute the request in your terminal or HTTP client.
+If your token is invalid or expired, you'll receive a `401 Unauthorized` response:
-3. **Check the response**:
- - If the response status is `200 OK` and `status` is `ok`, your token is valid.
- - If the response status is `400 Bad Request` and `status` is `error`, your token is invalid.
+```json
+{
+ "status": "error"
+}
+```
-### Notes
+## Best Practices
+
+
+
+ Store API tokens in environment variables or secure secret management systems, never in code.
+
+
+ Regularly rotate your API tokens to maintain security.
+
+
+ Create separate tokens for different applications or environments.
+
+
+ Regularly review API token usage and revoke unused tokens.
+
+
+
+## Testing Your Token
+
+Use the verify endpoint to test your token before making other API calls:
+
+```bash
+curl -X GET "https://www.corgea.app/api/v1/verify?user_info=true" \
+ -H "CORGEA-TOKEN: your_api_token_here"
+```
-- Always ensure your token is kept secure and not exposed in public repositories or logs.
-- Use this endpoint as the first step before making requests to other endpoints to confirm your token's validity.
+If successful, you'll see your user information, confirming that:
+- ✅ Your token is valid
+- ✅ Your token is properly formatted in the header
+- ✅ You can proceed with other API requests
diff --git a/api-reference/introduction.mdx b/api-reference/introduction.mdx
index c1377ef..aefd841 100644
--- a/api-reference/introduction.mdx
+++ b/api-reference/introduction.mdx
@@ -1,292 +1,176 @@
---
-title: 'Introduction'
-description: 'Corgea API Endpoints'
+title: 'API Reference'
+description: 'Get started with the Corgea API'
---
-# Corgea CLI API Documentation
-
-## Introduction
-
-Welcome to the Corgea CLI API Documentation. This API enables you to interact with the Corgea platform programmatically, allowing for various operations such as verifying tokens, uploading scans, managing issues, and more. Below you will find a comprehensive guide to all available endpoints, including the necessary parameters, request bodies, and responses.
+# Welcome to the Corgea API
+
+The Corgea API allows you to programmatically interact with Corgea's application security platform. Automate vulnerability scanning, retrieve security issues, manage fixes, and integrate Corgea into your development workflow.
+
+## What can you do with the Corgea API?
+
+
+
+ Initiate security scans, upload scan results, and monitor scan progress
+
+
+ Retrieve vulnerability details, manage issue status, and track remediation
+
+
+ Access AI-generated security fixes and patches for identified vulnerabilities
+
+
+ Integrate security scanning into your continuous integration pipelines
+
+
+
+## API Capabilities
+
+### Authentication & Authorization
+- **Token Verification**: Verify API tokens and retrieve user information
+- **Authorization Flow**: Exchange authorization codes for API tokens
+
+### Scanning APIs
+- **Start Scan**: Initiate new blast scans with chunked file uploads for large codebases
+- **Upload Scan Results**: Submit scan reports from external security tools
+- **Get Scans**: Retrieve scan history with filtering and pagination
+- **Get Scan Details**: Access detailed information about specific scans
+- **Scan Reports**: Generate HTML or SARIF reports for scans
+
+### Issue Management APIs
+- **Get Issues**: List all security issues with filtering options
+- **Get Issue Details**: Retrieve comprehensive information about specific vulnerabilities
+- **SCA Issues**: Access Software Composition Analysis (SCA) vulnerabilities
+- **Issue Filtering**: Filter by project, repository, urgency, and more
+
+### Policy Management
+- **Blocking Rules**: Define and manage security policies
+- **Rule Validation**: Check if scans violate blocking rules
+- **Policy Enforcement**: Prevent deployments based on security policies
## Base URL
-All endpoints referenced in this documentation have the following base URL:
-
-```
-https://corgea.app/api/
-```
-
-## Authentication
-
-The Corgea CLI API uses token-based authentication. Ensure you include the token in your requests as required by specific endpoints. Unauthorized requests will result in a 401 status code.
+All API requests should be made to either:
-## Endpoints Overview
+Our multi-tenant environment
-### Authentication
-
-- **Verify Token**: Verify the validity of a given token.
- - `GET /cli/verify/{token}`
-
- This endpoint checks if the provided token is valid and returns the status of the verification.
-
-#### Example Request
-
-```http
-GET /cli/verify/your-token-here HTTP/1.1
-Host: corgea.app
```
-
-#### Example Response
-
-```json
-{
- "status": "ok"
-}
+https://www.corgea.app/api/v1
```
-### Scan Upload
+Or your single tenant environment
-- **Upload Scan**: Upload scan data for a specific run.
- - `POST /cli/scan-upload`
-
- This endpoint allows you to upload a JSON report of a security scan for a specific run, identified by a run ID.
-
-#### Example Request
-
-```http
-POST /cli/scan-upload?token=your-token-here&run_id=run123&engine=engineName&project=projectName HTTP/1.1
-Host: corgea.app
-Content-Type: application/json
-
-{
- "report": {
- "data": "example report data"
- }
-}
```
-
-#### Example Response
-
-```json
-{
- "status": "ok"
-}
+https://.corgea.app/api/v1
```
-### Git Configuration
-
-- **Upload Git Config**: Upload git configuration data.
- - `POST /cli/git-config-upload`
-
- This endpoint allows you to upload git configuration data for a specific run, identified by a run ID.
-
-#### Example Request
-
-```http
-POST /cli/git-config-upload?token=your-token-here&run_id=run123 HTTP/1.1
-Host: corgea.app
-Content-Type: text/plain
-
-your-git-config-content
-```
+## Authentication
-#### Example Response
+The Corgea API uses API key authentication. Include your API token in the request header:
-```json
-{
- "status": "ok"
-}
+```bash
+CORGEA-TOKEN: your_api_token_here
```
-### Code Upload
+### Getting Started with Authentication
-- **Upload Code**: Upload code files for analysis.
- - `POST /cli/code-upload`
-
- This endpoint allows you to upload code files for security analysis, for a specific run, identified by a run ID.
+1. **Obtain an API Token**: Get your API token from your Corgea account settings
+2. **Verify Your Token**: Use the `/verify` endpoint to confirm your token is valid
+3. **Optional User Info**: Include `?user_info=true` to get user and company details
-#### Example Request
+### Authentication Methods
-```http
-POST /cli/code-upload?token=your-token-here&run_id=run123&path=path/to/code HTTP/1.1
-Host: corgea.app
-Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
-
-------WebKitFormBoundary7MA4YWxkTrZu0gW
-Content-Disposition: form-data; name="file"; filename="example.py"
-Content-Type: text/x-python
-
-# example code content
-print("Hello, world!")
-------WebKitFormBoundary7MA4YWxkTrZu0gW--
+**Header-based Authentication** (Recommended):
+```bash
+curl -H "CORGEA-TOKEN: your_api_token_here" \
+ https://www.corgea.app/api/v1/verify
```
-#### Example Response
-
-```json
-{
- "status": "ok"
-}
+**Path-based Authentication** (Deprecated):
+```bash
+curl https://www.corgea.app/api/v1/verify/your_token_here
```
-### CI Data
+### Authorization Flow
-- **Upload CI Data**: Upload Continuous Integration (CI) data.
- - `POST /cli/ci-data-upload`
-
- This endpoint allows you to upload CI-related data for a specific run, identified by a run ID.
+For applications that need to authenticate users:
+1. Redirect users to Corgea's authorization page
+2. Users authorize your application and receive an authorization code
+3. Exchange the code for an API token using `/authorize?code=your_code`
-#### Example Request
+
+Some endpoints (like `/verify/{token}` and `/authorize`) don't require authentication. Check individual endpoint documentation for specific requirements.
+
-```http
-POST /cli/ci-data-upload?token=your-token-here&run_id=run123&platform=ci-platform HTTP/1.1
-Host: corgea.app
-Content-Type: application/json
-{
- "data": {
- "ci_key": "ci_value"
- }
-}
-```
+## Response Format
-#### Example Response
+All API responses are returned in JSON format. Successful responses include a `status` field:
```json
{
- "status": "ok"
+ "status": "ok",
+ "data": { }
}
```
-### Issues Management
-
-- **Get All Issues**: Retrieve all issues related to a project.
- - `GET /cli/issues`
-
- This endpoint retrieves a list of all security issues related to a specified project.
-
-#### Example Request
-
-```http
-GET /cli/issues?token=your-token-here&project=projectName HTTP/1.1
-Host: corgea.app
-```
-
-#### Example Response
+Error responses include descriptive messages:
```json
{
- "status": "ok",
- "issues": [
- {
- "id": "issue1",
- "classification": "CWE-79",
- "urgency": "high",
- "project": "projectName",
- "created_at": "2023-07-29T12:34:56Z",
- "hold_fix": false,
- "hold_reason": null,
- "file_path": "path/to/file",
- "line_num": 42
- }
- ]
+ "status": "error",
+ "message": "Description of the error"
}
```
-- **Get Issues Tree**: Retrieve a hierarchical representation of issues.
- - `GET /cli/issues-tree`
-
- This endpoint retrieves a hierarchical representation of issues, grouped by file paths.
+## HTTP Status Codes
-#### Example Request
+The API uses standard HTTP status codes:
-```http
-GET /cli/issues-tree?token=your-token-here&project=projectName HTTP/1.1
-Host: corgea.app
-```
+| Code | Description |
+|------|-------------|
+| `200` | Request successful |
+| `400` | Bad request - invalid parameters or request body |
+| `401` | Unauthorized - invalid or missing authentication |
+| `404` | Resource not found |
+| `429` | Rate limit exceeded |
+| `500` | Internal server error |
-#### Example Response
+## Pagination
-```json
-{
- "status": "ok",
- "project": "projectName",
- "issues": [
- {
- "file_path": "path/to/file",
- "vulnerabilities": [
- {
- "id": "issue1",
- "classification": "CWE-79",
- "urgency": "high",
- "line_num": 42,
- "status": "fix_available"
- }
- ]
- }
- ]
-}
-```
+Endpoints that return lists support pagination using query parameters:
-- **Get Issue**: Retrieve detailed information for a specific issue.
- - `GET /cli/issue/{issue_id}`
-
- This endpoint retrieves detailed information for a specific issue, including its status and any available fixes.
+- `page`: Page number (default: 1)
+- `page_size`: Number of results per page (default: 20, max: 50)
-#### Example Request
-
-```http
-GET /cli/issue/issue1?token=your-token-here HTTP/1.1
-Host: corgea.app
-```
-
-#### Example Response
+Paginated responses include:
```json
{
"status": "ok",
- "issue": {
- "id": "issue1",
- "urgency": "high",
- "description": "Example issue description",
- "classification": "CWE-79",
- "file_path": "path/to/file",
- "line_num": 42,
- "on_hold": false,
- "hold_reason": null,
- "explanation": "Detailed explanation of the issue",
- "false_positive": {
- "result": "no",
- "reasoning": "not applicable"
- },
- "status": "fix_available"
- },
- "fix": {
- "id": "fix1",
- "diff": "example diff",
- "explanation": "Detailed explanation of the fix"
- }
+ "page": 1,
+ "total_pages": 5,
+ "data": []
}
```
-## Error Handling
-
-The API uses standard HTTP status codes to indicate the success or failure of an API request. Common status codes include:
-
-- `200 OK`: The request was successful.
-- `400 Bad Request`: The request was invalid or cannot be otherwise served.
-- `401 Unauthorized`: Authentication failed or user does not have permissions for the requested operation.
-- `404 Not Found`: The requested resource could not be found.
+## Need Help?
-## Getting Started
+
+
+ Learn how to authenticate your API requests
+
+
+ Contact our support team for assistance
+
+
-To get started with the Corgea CLI API:
+## Quick Start
-1. **Authenticate**: Verify your token using the `/cli/verify/{token}` endpoint.
-2. **Upload Scans**: Use the `/cli/scan-upload` endpoint to upload your scan data.
-3. **Manage Issues**: Retrieve and manage issues using the provided endpoints.
+Get started with the Corgea API in three steps:
-For detailed information on each endpoint, refer to the specific sections in this documentation.
+1. **Get your API token** from your Corgea account settings
+2. **Verify your token** using the `/verify` endpoint with header authentication
+3. **Make your first request** to retrieve scans or issues
-We hope this documentation helps you effectively utilize the Corgea CLI API. If you have any questions or need further assistance, please contact our support team.
+Explore the API endpoints in the sidebar to learn more about available functionality.
diff --git a/api-reference/openapi.json b/api-reference/openapi.json
index 1c5f6ec..0d583bf 100644
--- a/api-reference/openapi.json
+++ b/api-reference/openapi.json
@@ -1,14 +1,29 @@
{
"openapi": "3.0.0",
"info": {
- "title": "Corgea CLI API",
- "version": "1.0.0"
+ "title": "Corgea API",
+ "version": "1.0.0",
+ "description": "API for interacting with Corgea's scanning and vulnerability management features"
},
+ "servers": [
+ {
+ "url": "https://www.corgea.app/api/v1",
+ "description": "Production server"
+ }
+ ],
+ "security": [
+ {
+ "CorgeaToken": []
+ }
+ ],
"paths": {
- "/cli/verify/{token}": {
+ "/verify/{token}": {
"get": {
- "summary": "Verify Token",
- "operationId": "verifyToken",
+ "summary": "Verify Token (Deprecated)",
+ "operationId": "verifyTokenDeprecated",
+ "tags": ["Authentication"],
+ "security": [],
+ "deprecated": true,
"parameters": [
{
"name": "token",
@@ -17,19 +32,20 @@
"schema": {
"type": "string"
},
- "description": "Token to be verified"
+ "description": "The token to be verified"
}
],
"responses": {
"200": {
- "description": "Token verified",
+ "description": "Token is valid",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "ok"
}
}
}
@@ -44,7 +60,8 @@
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "error"
}
}
}
@@ -54,64 +71,61 @@
}
}
},
- "/cli/scan-upload": {
- "post": {
- "summary": "Upload Scan",
- "operationId": "cliScanUpload",
+ "/verify": {
+ "get": {
+ "summary": "Verify Token",
+ "operationId": "verifyToken",
+ "tags": ["Authentication"],
+ "description": "Verify the API token and optionally return user information",
"parameters": [
{
- "name": "token",
- "in": "query",
- "required": true,
- "schema": {
- "type": "string"
- }
- },
- {
- "name": "run_id",
- "in": "query",
- "required": true,
- "schema": {
- "type": "string"
- }
- },
- {
- "name": "engine",
- "in": "query",
- "required": true,
- "schema": {
- "type": "string"
- }
- },
- {
- "name": "project",
+ "name": "user_info",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
- "type": "string"
- }
+ "type": "boolean",
+ "default": false
+ },
+ "description": "Whether to include user information in the response"
}
],
- "requestBody": {
- "required": true,
- "content": {
- "application/json": {
- "schema": {
- "type": "object"
- }
- }
- }
- },
"responses": {
"200": {
- "description": "Scan uploaded",
+ "description": "Token is valid",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "ok"
+ },
+ "user": {
+ "type": "object",
+ "description": "User information (only included if user_info=true)",
+ "properties": {
+ "id": {
+ "type": "integer"
+ },
+ "email": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "company": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "integer"
+ },
+ "name": {
+ "type": "string"
+ }
+ }
+ }
+ }
}
}
}
@@ -119,14 +133,15 @@
}
},
"401": {
- "description": "Unauthorized",
+ "description": "Invalid or missing token",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "error"
}
}
}
@@ -136,78 +151,180 @@
}
}
},
- "/cli/git-config-upload": {
- "post": {
- "summary": "Upload Git Config",
- "operationId": "cliGitConfigUpload",
+ "/scans": {
+ "get": {
+ "summary": "Get Scans",
+ "operationId": "getScans",
+ "tags": ["Scans"],
+ "description": "Retrieves a list of scans for the authenticated user's company",
"parameters": [
{
- "name": "token",
+ "name": "project",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
"type": "string"
- }
+ },
+ "description": "Filter scans by project name"
},
{
- "name": "run_id",
+ "name": "page",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
- "type": "string"
- }
+ "type": "integer",
+ "default": 1
+ },
+ "description": "The page number for pagination"
+ },
+ {
+ "name": "page_size",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 20,
+ "maximum": 50
+ },
+ "description": "The number of results per page"
}
],
- "requestBody": {
- "required": true,
- "content": {
- "text/plain": {
- "schema": {
- "type": "string"
- }
- }
- }
- },
"responses": {
"200": {
- "description": "Git config uploaded",
+ "description": "Scans retrieved successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "ok"
+ },
+ "page": {
+ "type": "integer"
+ },
+ "total_pages": {
+ "type": "integer"
+ },
+ "scans": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "engine": {
+ "type": "string",
+ "example": "corgea"
+ },
+ "project": {
+ "type": "string"
+ },
+ "created_at": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "repo": {
+ "type": "string"
+ },
+ "branch": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string",
+ "enum": ["completed", "in_progress", "failed"]
+ },
+ "pull_request_id": {
+ "type": "integer",
+ "nullable": true
+ }
+ }
+ }
}
}
}
}
}
- },
- "400": {
- "description": "Invalid content",
+ }
+ }
+ }
+ },
+ "/scan/{scan_id}": {
+ "get": {
+ "summary": "Get Scan",
+ "operationId": "getScan",
+ "tags": ["Scans"],
+ "description": "Retrieves details of a specific scan",
+ "parameters": [
+ {
+ "name": "scan_id",
+ "in": "path",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The ID of the scan"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Scan details retrieved successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
+ "type": "string",
+ "example": "ok"
+ },
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "project": {
+ "type": "string"
+ },
+ "repo": {
+ "type": "string"
+ },
+ "branch": {
+ "type": "string"
+ },
+ "scan_status": {
+ "type": "string",
+ "enum": ["completed", "in_progress", "failed"]
+ },
+ "engine": {
"type": "string"
+ },
+ "created_at": {
+ "type": "string",
+ "format": "date-time"
}
}
}
}
}
},
- "401": {
- "description": "Unauthorized",
+ "404": {
+ "description": "Scan not found",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "Scan doesn't exist"
}
}
}
@@ -217,92 +334,115 @@
}
}
},
- "/cli/code-upload": {
- "post": {
- "summary": "Upload Code",
- "operationId": "cliCodeUpload",
+ "/scan/{scan_id}/report": {
+ "get": {
+ "summary": "Get Scan Report",
+ "operationId": "getScanReport",
+ "tags": ["Scans", "Reports"],
+ "description": "Retrieve scan report in HTML or SARIF format",
"parameters": [
{
- "name": "token",
- "in": "query",
+ "name": "scan_id",
+ "in": "path",
"required": true,
"schema": {
- "type": "string"
- }
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The ID of the scan"
},
{
- "name": "run_id",
+ "name": "format",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
- "type": "string"
- }
+ "type": "string",
+ "enum": ["sarif", "html"],
+ "default": "sarif"
+ },
+ "description": "Report format (html or sarif)"
},
{
- "name": "path",
+ "name": "view",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
- "type": "string"
- }
+ "type": "string",
+ "default": "cwe"
+ },
+ "description": "View type for HTML reports"
+ },
+ {
+ "name": "urgency",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string",
+ "enum": ["CR", "HI", "ME", "LO"]
+ },
+ "description": "Filter by urgency level"
}
],
- "requestBody": {
- "required": true,
- "content": {
- "multipart/form-data": {
- "schema": {
- "type": "object",
- "properties": {
- "file": {
- "type": "string",
- "format": "binary"
- }
- }
- }
- }
- }
- },
"responses": {
"200": {
- "description": "Code uploaded",
+ "description": "Report retrieved successfully",
"content": {
"application/json": {
"schema": {
- "type": "object",
- "properties": {
- "status": {
- "type": "string"
- }
- }
+ "description": "SARIF report when format=sarif",
+ "type": "object"
+ }
+ },
+ "text/html": {
+ "schema": {
+ "type": "string",
+ "description": "HTML report when format=html"
+ }
+ }
+ },
+ "headers": {
+ "Content-Disposition": {
+ "description": "Filename for download when format=sarif",
+ "schema": {
+ "type": "string"
}
}
}
},
- "400": {
- "description": "Invalid content",
+ "404": {
+ "description": "Scan not found",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "Scan not found"
}
}
}
}
}
},
- "401": {
- "description": "Unauthorized",
+ "500": {
+ "description": "Report generation failed",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "SARIF export failed. Please try again later or contact support."
}
}
}
@@ -312,71 +452,107 @@
}
}
},
- "/cli/ci-data-upload": {
- "post": {
- "summary": "Upload CI Data",
- "operationId": "cliCiDataUpload",
+ "/scan/{scan_id}/check_blocking_rules": {
+ "get": {
+ "summary": "Check Blocking Rules",
+ "operationId": "checkBlockingRules",
+ "tags": ["Scans", "Policies"],
+ "description": "Check if scan issues violate any blocking rules",
"parameters": [
{
- "name": "token",
- "in": "query",
+ "name": "scan_id",
+ "in": "path",
"required": true,
"schema": {
- "type": "string"
- }
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The ID of the scan"
},
{
- "name": "run_id",
+ "name": "page",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
- "type": "string"
- }
+ "type": "integer",
+ "default": 1
+ },
+ "description": "The page number for pagination"
},
{
- "name": "platform",
+ "name": "page_size",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
- "type": "string"
- }
+ "type": "integer",
+ "default": 20,
+ "maximum": 50
+ },
+ "description": "The number of results per page"
}
],
- "requestBody": {
- "required": true,
- "content": {
- "application/json": {
- "schema": {
- "type": "object"
- }
- }
- }
- },
"responses": {
"200": {
- "description": "CI data uploaded",
+ "description": "Blocking rules check completed",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
- "status": {
- "type": "string"
+ "block": {
+ "type": "boolean",
+ "description": "Whether the scan is blocked by any rules"
+ },
+ "blocking_issues": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "triggered_by_rules": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ },
+ "stats": {
+ "type": "object",
+ "properties": {
+ "total_issues": {
+ "type": "integer"
+ },
+ "blocked_issues": {
+ "type": "integer"
+ }
+ }
+ },
+ "page": {
+ "type": "integer"
+ },
+ "total_pages": {
+ "type": "integer"
}
}
}
}
}
},
- "401": {
- "description": "Unauthorized",
+ "404": {
+ "description": "Scan not found",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
- "status": {
- "type": "string"
+ "error": {
+ "type": "string",
+ "example": "SAST scan not found"
}
}
}
@@ -386,70 +562,1226 @@
}
}
},
- "/cli/issues": {
+ "/issues": {
"get": {
- "summary": "Get All Issues",
- "operationId": "cliGetAllIssues",
+ "summary": "List All Issues",
+ "operationId": "listIssues",
+ "tags": ["Issues"],
+ "description": "Retrieve a list of all security issues for the authenticated user's company",
"parameters": [
{
- "name": "token",
+ "name": "project",
"in": "query",
- "required": true,
+ "required": false,
"schema": {
"type": "string"
- }
+ },
+ "description": "Filter issues by project name"
},
{
- "name": "project",
+ "name": "repo",
"in": "query",
"required": false,
"schema": {
"type": "string"
- }
+ },
+ "description": "Filter issues by repository URL"
+ },
+ {
+ "name": "page",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 1
+ },
+ "description": "The page number for pagination"
+ },
+ {
+ "name": "page_size",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 20,
+ "maximum": 50
+ },
+ "description": "The number of results per page"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Issues retrieved successfully or no project found",
+ "content": {
+ "application/json": {
+ "schema": {
+ "oneOf": [
+ {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "ok"
+ },
+ "page": {
+ "type": "integer"
+ },
+ "total_pages": {
+ "type": "integer"
+ },
+ "total_issues": {
+ "type": "integer"
+ },
+ "issues": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/Issue"
+ }
+ }
+ }
+ },
+ {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "no_project_found"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/scan/{scan_id}/issues": {
+ "get": {
+ "summary": "Get Issues for Scan",
+ "operationId": "getScanIssues",
+ "tags": ["Issues"],
+ "description": "Retrieves a list of issues for a specific scan",
+ "parameters": [
+ {
+ "name": "scan_id",
+ "in": "path",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The ID of the scan"
+ },
+ {
+ "name": "page",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 1
+ },
+ "description": "The page number for pagination"
+ },
+ {
+ "name": "page_size",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 20,
+ "maximum": 50
+ },
+ "description": "The number of results per page"
+ },
+ {
+ "name": "urgency",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by urgency levels (comma-separated). Valid values: CR, HI, ME, LO",
+ "example": "CR,HI"
+ },
+ {
+ "name": "status",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by status (comma-separated). Valid values: fixed, false_positive, accepted_risk, open, fix_in_progress, duplicate",
+ "example": "open,fix_in_progress"
+ },
+ {
+ "name": "confidence",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by confidence levels (comma-separated). Valid values: HI, ME, LO",
+ "example": "HI,ME"
+ },
+ {
+ "name": "language",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by programming language (case-insensitive)",
+ "example": "python"
+ },
+ {
+ "name": "file_path",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by file path (partial match)",
+ "example": "src/auth"
+ },
+ {
+ "name": "classification",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by classification/CWE (partial match)",
+ "example": "CWE-89"
+ },
+ {
+ "name": "sla_status",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by SLA status (comma-separated). Valid values: overdue, escalated",
+ "example": "overdue"
+ },
+ {
+ "name": "sort_by",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string",
+ "enum": [
+ "created_at",
+ "-created_at",
+ "urgency",
+ "-urgency",
+ "status",
+ "-status",
+ "classification",
+ "-classification"
+ ]
+ },
+ "description": "Sort results by field (prefix with '-' for descending order)",
+ "example": "-created_at"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Issues retrieved successfully",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "ok"
+ },
+ "page": {
+ "type": "integer"
+ },
+ "total_pages": {
+ "type": "integer"
+ },
+ "total_issues": {
+ "type": "integer"
+ },
+ "issues": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/Issue"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Scan not found",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "Scan not found"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/issue/{issue_id}": {
+ "get": {
+ "summary": "Get Issue",
+ "operationId": "getIssue",
+ "tags": ["Issues"],
+ "description": "Retrieves details of a specific issue",
+ "parameters": [
+ {
+ "name": "issue_id",
+ "in": "path",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The ID of the issue"
+ },
+ {
+ "name": "show_full_code",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "boolean",
+ "default": false
+ },
+ "description": "Whether to include the full code in the response"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Issue details retrieved successfully",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "ok"
+ },
+ "issue": {
+ "$ref": "#/components/schemas/IssueDetail"
+ }
+ }
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Issue not found",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "Issue not found"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/issues/sca": {
+ "get": {
+ "summary": "Get SCA Issues",
+ "operationId": "listScaIssues",
+ "tags": ["Issues", "SCA"],
+ "description": "Retrieve a list of Software Composition Analysis (SCA) issues",
+ "parameters": [
+ {
+ "name": "project",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter SCA issues by project name"
+ },
+ {
+ "name": "repo",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter SCA issues by repository URL"
+ },
+ {
+ "name": "page",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 1
+ },
+ "description": "The page number for pagination"
+ },
+ {
+ "name": "page_size",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 20,
+ "maximum": 50
+ },
+ "description": "The number of results per page"
+ },
+ {
+ "name": "severity",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by severity levels (comma-separated). Valid values: CRITICAL, HIGH, MEDIUM, LOW",
+ "example": "CRITICAL,HIGH"
+ },
+ {
+ "name": "package",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by package name (partial match)",
+ "example": "lodash"
+ },
+ {
+ "name": "ecosystem",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by package ecosystem (case-insensitive)",
+ "example": "npm"
+ },
+ {
+ "name": "cve",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by CVE identifier (partial match)",
+ "example": "CVE-2021"
+ },
+ {
+ "name": "path",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by file path (partial match)",
+ "example": "package.json"
+ },
+ {
+ "name": "has_fix",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "boolean"
+ },
+ "description": "Filter by whether a fix is available (true/false)",
+ "example": true
+ },
+ {
+ "name": "sort_by",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string",
+ "enum": [
+ "created_at",
+ "-created_at",
+ "severity",
+ "-severity",
+ "package",
+ "-package",
+ "ecosystem",
+ "-ecosystem"
+ ]
+ },
+ "description": "Sort results by field (prefix with '-' for descending order)",
+ "example": "-severity"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "SCA issues retrieved successfully or no project found",
+ "content": {
+ "application/json": {
+ "schema": {
+ "oneOf": [
+ {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "ok"
+ },
+ "page": {
+ "type": "integer"
+ },
+ "total_pages": {
+ "type": "integer"
+ },
+ "total_issues": {
+ "type": "integer"
+ },
+ "issues": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/SCAIssue"
+ }
+ }
+ }
+ },
+ {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "no_project_found"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/scan/{scan_id}/issues/sca": {
+ "get": {
+ "summary": "Get SCA Issues for Scan",
+ "operationId": "getScanScaIssues",
+ "tags": ["Issues", "SCA"],
+ "description": "Retrieve SCA issues for a specific scan",
+ "parameters": [
+ {
+ "name": "scan_id",
+ "in": "path",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The ID of the scan"
+ },
+ {
+ "name": "page",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 1
+ },
+ "description": "The page number for pagination"
+ },
+ {
+ "name": "page_size",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "default": 20,
+ "maximum": 50
+ },
+ "description": "The number of results per page"
+ },
+ {
+ "name": "severity",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by severity levels (comma-separated). Valid values: CRITICAL, HIGH, MEDIUM, LOW",
+ "example": "CRITICAL,HIGH"
+ },
+ {
+ "name": "package",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by package name (partial match)",
+ "example": "lodash"
+ },
+ {
+ "name": "ecosystem",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by package ecosystem (case-insensitive)",
+ "example": "npm"
+ },
+ {
+ "name": "cve",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by CVE identifier (partial match)",
+ "example": "CVE-2021"
+ },
+ {
+ "name": "path",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Filter by file path (partial match)",
+ "example": "package.json"
+ },
+ {
+ "name": "has_fix",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "boolean"
+ },
+ "description": "Filter by whether a fix is available (true/false)",
+ "example": true
+ },
+ {
+ "name": "sort_by",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string",
+ "enum": [
+ "created_at",
+ "-created_at",
+ "severity",
+ "-severity",
+ "package",
+ "-package",
+ "ecosystem",
+ "-ecosystem"
+ ]
+ },
+ "description": "Sort results by field (prefix with '-' for descending order)",
+ "example": "-severity"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "SCA issues retrieved successfully",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "ok"
+ },
+ "page": {
+ "type": "integer"
+ },
+ "total_pages": {
+ "type": "integer"
+ },
+ "total_issues": {
+ "type": "integer"
+ },
+ "issues": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/SCAIssue"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Scan not found",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "Scan not found"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/start-scan": {
+ "post": {
+ "summary": "Start New Scan",
+ "operationId": "startScan",
+ "tags": ["Starting Corgea Scan"],
+ "description": "Initiates a new BLAST scan with file upload. Accepts one or more files for scanning.",
+ "requestBody": {
+ "required": true,
+ "content": {
+ "multipart/form-data": {
+ "schema": {
+ "type": "object",
+ "required": ["scan_type", "files"],
+ "properties": {
+ "scan_type": {
+ "type": "string",
+ "enum": ["blast"],
+ "default": "blast",
+ "description": "Currently only blast scan is supported"
+ },
+ "repo_url": {
+ "type": "string",
+ "description": "The URL of the repository (optional)"
+ },
+ "branch": {
+ "type": "string",
+ "description": "The branch to be scanned (optional)"
+ },
+ "sha": {
+ "type": "string",
+ "description": "The commit SHA to be scanned (optional)"
+ },
+ "files": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "format": "binary"
+ },
+ "description": "Source code files to be scanned. For BLAST scans, only a single file is currently supported."
+ }
+ }
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "description": "Scan initiated successfully",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "message": {
+ "type": "string",
+ "example": "Successfully initiated upload at /tmp/uploads/transfer_id"
+ },
+ "transfer_id": {
+ "type": "string",
+ "format": "uuid",
+ "example": "c9b0a8c7-f9b4-4c10-9d58-cd4c7e1c9c52"
+ },
+ "status": {
+ "type": "string",
+ "enum": ["OK"],
+ "example": "OK"
+ }
+ }
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Bad request - validation errors",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "No files uploaded for blast"
+ }
+ }
+ },
+ "examples": {
+ "no_files": {
+ "summary": "No files uploaded",
+ "value": {
+ "status": "error",
+ "message": "No files uploaded for blast"
+ }
+ },
+ "multiple_files": {
+ "summary": "Multiple files for BLAST scan",
+ "value": {
+ "status": "error",
+ "message": "Multiple files uploaded for blast"
+ }
+ },
+ "scan_not_enabled": {
+ "summary": "Scan type not enabled",
+ "value": {
+ "status": "error",
+ "message": "Only Blast scan is currently enabled by the API"
+ }
+ },
+ "file_validation_error": {
+ "summary": "File validation failed",
+ "value": {
+ "status": "error",
+ "message": "File validation error: Invalid file type or size"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/start-scan/{transfer_id}": {
+ "patch": {
+ "summary": "Continue Scan Upload",
+ "operationId": "continueScanUpload",
+ "tags": ["Starting Corgea Scan"],
+ "description": "Continue uploading chunks for an existing scan",
+ "parameters": [
+ {
+ "name": "transfer_id",
+ "in": "path",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The transfer ID from the initial scan request"
+ },
+ {
+ "name": "Upload-Offset",
+ "in": "header",
+ "required": true,
+ "schema": {
+ "type": "integer"
+ },
+ "description": "Current byte offset of the upload"
+ },
+ {
+ "name": "Upload-Length",
+ "in": "header",
+ "required": true,
+ "schema": {
+ "type": "integer"
+ },
+ "description": "Total size of the file in bytes"
+ },
+ {
+ "name": "Upload-Name",
+ "in": "header",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Name of the file being uploaded"
+ }
+ ],
+ "requestBody": {
+ "required": true,
+ "content": {
+ "multipart/form-data": {
+ "schema": {
+ "type": "object",
+ "required": ["chunk_data"],
+ "properties": {
+ "chunk_data": {
+ "type": "string",
+ "format": "binary",
+ "description": "The next chunk of data for the scan"
+ },
+ "project_name": {
+ "type": "string"
+ },
+ "branch": {
+ "type": "string"
+ },
+ "repo_url": {
+ "type": "string"
+ },
+ "sha": {
+ "type": "string"
+ },
+ "partial_scan": {
+ "type": "boolean"
+ },
+ "files_to_scan": {
+ "type": "string",
+ "description": "Comma-separated list of files to scan"
+ }
+ }
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "description": "Chunk uploaded successfully",
+ "headers": {
+ "Upload-Offset": {
+ "schema": {
+ "type": "integer"
+ },
+ "description": "Current upload offset after this chunk"
+ }
+ },
+ "content": {
+ "application/json": {
+ "schema": {
+ "oneOf": [
+ {
+ "type": "object",
+ "properties": {
+ "transfer_id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "status": {
+ "type": "string",
+ "example": "success"
+ },
+ "message": {
+ "type": "string",
+ "example": "Chunk uploaded successfully."
+ }
+ }
+ },
+ {
+ "type": "object",
+ "description": "Returned when upload is complete",
+ "properties": {
+ "scan_id": {
+ "type": "string",
+ "format": "uuid",
+ "example": "1a5afaa3-72ac-458f-a492-ac40ffc88e76"
+ },
+ "status": {
+ "type": "string",
+ "example": "success"
+ },
+ "message": {
+ "type": "string",
+ "example": "Chunk uploaded successfully."
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Bad request",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "Invalid request: 'chunk_data' file not found."
+ },
+ "internal_detail": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "head": {
+ "summary": "Check Upload Status",
+ "operationId": "checkUploadStatus",
+ "tags": ["Starting Corgea Scan"],
+ "description": "Check the current status of an upload",
+ "parameters": [
+ {
+ "name": "transfer_id",
+ "in": "path",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "description": "The transfer ID to check"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Upload status retrieved",
+ "headers": {
+ "Upload-Offset": {
+ "schema": {
+ "type": "integer"
+ },
+ "description": "Current upload offset"
+ }
+ },
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "enum": ["success", "error"],
+ "example": "success"
+ },
+ "message": {
+ "type": "string",
+ "example": "Offset calculated"
+ }
+ }
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid transfer ID",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "Invalid transfer ID."
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/scan-upload": {
+ "post": {
+ "summary": "Upload Scan",
+ "operationId": "scanUpload",
+ "tags": ["Uploading 3rd Party Scan"],
+ "description": "Upload a completed scan report from CLI tools. This endpoint receives pre-generated scan results from Semgrep, Snyk, Checkmarx, CodeQL, and Fortify and integrates them into the system.",
+ "parameters": [
+ {
+ "name": "run_id",
+ "in": "query",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "description": "The ID of the run associated with the scan report"
+ },
+ {
+ "name": "engine",
+ "in": "query",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "enum": ["checkmarx", "codeql", "fortify", "semgrep", "snyk"]
+ },
+ "description": "The engine used for the scan"
+ },
+ {
+ "name": "project",
+ "in": "query",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "description": "The name of the project"
+ },
+ {
+ "name": "repo_data",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ },
+ "description": "Base64-encoded JSON string containing repository information (branch_name, integration_url, etc.)"
+ }
+ ],
+ "requestBody": {
+ "required": true,
+ "description": "The scan report content as UTF-8 text (typically SARIF or JSON format)",
+ "content": {
+ "text/plain": {
+ "schema": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "description": "Scan report uploaded successfully",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "ok"
+ }
+ }
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid request or content",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "invalid content"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/git-config-upload": {
+ "post": {
+ "summary": "Upload Git Config",
+ "operationId": "gitConfigUpload",
+ "tags": ["Uploading 3rd Party Scan"],
+ "description": "Upload Git configuration data for a specific scan run to help with repository URL parsing and analysis.",
+ "parameters": [
+ {
+ "name": "run_id",
+ "in": "query",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "description": "The scan run ID associated with this Git configuration"
+ }
+ ],
+ "requestBody": {
+ "required": true,
+ "description": "Raw Git configuration data as UTF-8 text",
+ "content": {
+ "text/plain": {
+ "schema": {
+ "type": "string"
+ }
+ }
}
- ],
+ },
"responses": {
"200": {
- "description": "List of issues",
+ "description": "Git config uploaded successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
- },
- "issues": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "id": { "type": "string" },
- "classification": { "type": "string" },
- "urgency": { "type": "string" },
- "project": { "type": "string" },
- "created_at": { "type": "string", "format": "date-time" },
- "hold_fix": { "type": "boolean" },
- "hold_reason": { "type": "string" },
- "file_path": { "type": "string" },
- "line_num": { "type": "integer" }
- }
- }
+ "type": "string",
+ "enum": ["ok"],
+ "example": "ok"
}
- }
+ },
+ "required": ["status"]
}
}
}
},
- "401": {
- "description": "Unauthorized",
+ "400": {
+ "description": "Bad request - validation errors",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"status": {
- "type": "string"
+ "type": "string",
+ "example": "missing run_id"
+ }
+ }
+ },
+ "examples": {
+ "missing_run_id": {
+ "summary": "Missing run_id parameter",
+ "value": {
+ "status": "missing run_id"
+ }
+ },
+ "invalid_content": {
+ "summary": "Content validation failed",
+ "value": {
+ "status": "invalid content"
}
}
}
@@ -459,73 +1791,106 @@
}
}
},
- "/cli/issues-tree": {
- "get": {
- "summary": "Get Issues Tree",
- "operationId": "cliGetIssuesTree",
+ "/code-upload": {
+ "post": {
+ "summary": "Upload Source Code File",
+ "operationId": "codeUpload",
+ "tags": ["Uploading 3rd Party Scan"],
+ "description": "Upload individual source code files for a specific scan run. This is used to upload the actual source files that will be analyzed.",
"parameters": [
{
- "name": "token",
+ "name": "run_id",
"in": "query",
"required": true,
"schema": {
"type": "string"
- }
+ },
+ "description": "The scan run ID associated with this file"
},
{
- "name": "project",
+ "name": "path",
"in": "query",
- "required": false,
+ "required": true,
"schema": {
"type": "string"
- }
+ },
+ "description": "The repository path of the file being uploaded"
}
],
+ "requestBody": {
+ "required": true,
+ "content": {
+ "multipart/form-data": {
+ "schema": {
+ "type": "object",
+ "required": ["file"],
+ "properties": {
+ "file": {
+ "type": "string",
+ "format": "binary",
+ "description": "The source code file to upload"
+ }
+ }
+ }
+ }
+ }
+ },
"responses": {
"200": {
- "description": "Issues tree",
+ "description": "Source code file uploaded successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
- "status": { "type": "string" },
- "project": { "type": "string" },
- "issues": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "file_path": { "type": "string" },
- "vulnerabilities": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "id": { "type": "string" },
- "classification": { "type": "string" },
- "urgency": { "type": "string" },
- "line_num": { "type": "integer" },
- "status": { "type": "string" }
- }
- }
- }
- }
- }
+ "status": {
+ "type": "string",
+ "enum": ["ok"],
+ "example": "ok"
}
- }
+ },
+ "required": ["status"]
}
}
}
},
- "401": {
- "description": "Unauthorized",
+ "400": {
+ "description": "Bad request - validation errors",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
- "status": { "type": "string" }
+ "status": {
+ "type": "string",
+ "example": "missing run_id"
+ }
+ }
+ },
+ "examples": {
+ "missing_run_id": {
+ "summary": "Missing run_id parameter",
+ "value": {
+ "status": "missing run_id"
+ }
+ },
+ "missing_path": {
+ "summary": "Missing path parameter",
+ "value": {
+ "status": "missing path"
+ }
+ },
+ "no_file_provided": {
+ "summary": "No file uploaded",
+ "value": {
+ "status": "no_file_provided"
+ }
+ },
+ "invalid_content": {
+ "summary": "File content validation failed",
+ "value": {
+ "status": "invalid content"
+ }
}
}
}
@@ -534,66 +1899,124 @@
}
}
},
- "/cli/issue/{issue_id}": {
- "get": {
- "summary": "Get Issue",
- "operationId": "cliGetIssue",
+ "/ci-data-upload": {
+ "post": {
+ "summary": "Upload CI/CD Data",
+ "operationId": "ciDataUpload",
+ "tags": ["Uploading 3rd Party Scan"],
+ "description": "Upload CI/CD pipeline metadata and context information for a specific scan run.",
"parameters": [
{
- "name": "token",
+ "name": "run_id",
"in": "query",
"required": true,
"schema": {
"type": "string"
- }
+ },
+ "description": "The scan run ID associated with this CI data"
},
{
- "name": "issue_id",
- "in": "path",
+ "name": "platform",
+ "in": "query",
"required": true,
"schema": {
"type": "string"
},
- "description": "ID of the issue"
+ "description": "The CI/CD platform name (e.g., jenkins, github-actions, gitlab-ci)"
}
],
+ "requestBody": {
+ "required": true,
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "description": "CI/CD pipeline metadata and context information",
+ "additionalProperties": true
+ }
+ }
+ }
+ },
"responses": {
"200": {
- "description": "Issue details",
+ "description": "CI data uploaded successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
- "status": { "type": "string" },
- "issue": {
- "type": "object",
- "properties": {
- "id": { "type": "string" },
- "urgency": { "type": "string" },
- "description": { "type": "string" },
- "classification": { "type": "string" },
- "file_path": { "type": "string" },
- "line_num": { "type": "integer" },
- "on_hold": { "type": "boolean" },
- "hold_reason": { "type": "string" },
- "explanation": { "type": "string" },
- "false_positive": {
- "type": "object",
- "properties": {
- "result": { "type": "string" },
- "reasoning": { "type": "string" }
- }
- },
- "status": { "type": "string" }
- }
+ "status": {
+ "type": "string",
+ "enum": ["ok"],
+ "example": "ok"
+ }
+ },
+ "required": ["status"]
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Bad request - JSON parsing error",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "error"
},
- "fix": {
- "type": "object",
- "properties": {
- "id": { "type": "string" },
- "diff": { "type": "string" },
- "explanation": { "type": "string" }
+ "message": {
+ "type": "string",
+ "example": "Invalid JSON format"
+ }
+ }
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Scan not found for the provided run_id",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "unable to find scan associated to this run id"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/blocking-rules": {
+ "get": {
+ "summary": "List Blocking Rules",
+ "operationId": "listBlockingRules",
+ "tags": ["Policies"],
+ "description": "Retrieve all blocking rules for the authenticated user's company",
+ "responses": {
+ "200": {
+ "description": "Blocking rules retrieved successfully",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "example": "ok"
+ },
+ "blocking_rules": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/BlockingRule"
}
}
}
@@ -602,13 +2025,36 @@
}
},
"401": {
- "description": "Unauthorized",
+ "description": "Invalid or missing token",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "properties": {
+ "error": {
+ "type": "string",
+ "example": "Missing or invalid authorization header"
+ }
+ }
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
- "status": { "type": "string" }
+ "status": {
+ "type": "string",
+ "example": "error"
+ },
+ "message": {
+ "type": "string",
+ "example": "An error occurred while fetching blocking rules"
+ }
}
}
}
@@ -617,5 +2063,314 @@
}
}
}
+ },
+ "components": {
+ "securitySchemes": {
+ "CorgeaToken": {
+ "type": "apiKey",
+ "in": "header",
+ "name": "CORGEA-TOKEN",
+ "description": "API key for authentication"
+ }
+ },
+ "schemas": {
+ "Issue": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "classification": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "example": "CWE-123"
+ },
+ "name": {
+ "type": "string",
+ "example": "Vulnerability Name"
+ },
+ "description": {
+ "type": "string"
+ }
+ }
+ },
+ "urgency": {
+ "type": "string",
+ "enum": ["critical", "high", "medium", "low"]
+ },
+ "created_at": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "status": {
+ "type": "string",
+ "enum": [
+ "open",
+ "in_progress",
+ "fixed",
+ "accepted_risk",
+ "false_positive"
+ ]
+ },
+ "sla_status": {
+ "type": "string",
+ "enum": ["on_track", "due", "overdue"]
+ },
+ "location": {
+ "$ref": "#/components/schemas/IssueLocation"
+ },
+ "auto_triage": {
+ "$ref": "#/components/schemas/AutoTriage"
+ },
+ "auto_fix_suggestion": {
+ "$ref": "#/components/schemas/AutoFixSuggestion"
+ }
+ }
+ },
+ "IssueDetail": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "scan_id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "status": {
+ "type": "string",
+ "enum": [
+ "open",
+ "in_progress",
+ "fixed",
+ "accepted_risk",
+ "false_positive"
+ ]
+ },
+ "urgency": {
+ "type": "string",
+ "enum": ["critical", "high", "medium", "low"]
+ },
+ "created_at": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "classification": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "example": "CWE-123"
+ },
+ "name": {
+ "type": "string",
+ "example": "Vulnerability Name"
+ },
+ "description": {
+ "type": "string"
+ }
+ }
+ },
+ "location": {
+ "$ref": "#/components/schemas/IssueLocation"
+ },
+ "details": {
+ "type": "object",
+ "properties": {
+ "explanation": {
+ "type": "string"
+ }
+ }
+ },
+ "auto_triage": {
+ "$ref": "#/components/schemas/AutoTriage"
+ },
+ "auto_fix_suggestion": {
+ "$ref": "#/components/schemas/AutoFixSuggestion"
+ }
+ }
+ },
+ "IssueLocation": {
+ "type": "object",
+ "properties": {
+ "file": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "language": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ }
+ },
+ "project": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "branch": {
+ "type": "string"
+ },
+ "git_sha": {
+ "type": "string"
+ }
+ }
+ },
+ "line_number": {
+ "type": "integer"
+ }
+ }
+ },
+ "AutoTriage": {
+ "type": "object",
+ "properties": {
+ "false_positive_detection": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "type": "string",
+ "enum": ["valid", "false_positive", "pending"]
+ },
+ "reasoning": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ },
+ "AutoFixSuggestion": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "status": {
+ "type": "string",
+ "enum": ["fix_available", "fix_not_available", "pending"]
+ },
+ "patch": {
+ "type": "object",
+ "properties": {
+ "diff": {
+ "type": "string",
+ "description": "Unified diff format patch"
+ },
+ "explanation": {
+ "type": "string",
+ "description": "Explanation of how the fix addresses the vulnerability"
+ }
+ }
+ }
+ }
+ },
+ "SCAIssue": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "created_at": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "description": {
+ "type": "string"
+ },
+ "details": {
+ "type": "string"
+ },
+ "severity": {
+ "type": "string",
+ "enum": ["critical", "high", "medium", "low"]
+ },
+ "cve": {
+ "type": "string",
+ "description": "CVE identifier if available"
+ },
+ "package": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "ecosystem": {
+ "type": "string"
+ },
+ "fix_version": {
+ "type": "string",
+ "description": "Version that fixes the vulnerability"
+ }
+ }
+ },
+ "location": {
+ "type": "object",
+ "properties": {
+ "path": {
+ "type": "string",
+ "description": "Path to the file containing the vulnerable package"
+ }
+ }
+ }
+ }
+ },
+ "BlockingRule": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "integer"
+ },
+ "name": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "urgencies": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "enum": ["critical", "high", "medium", "low"]
+ }
+ },
+ "classifications": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "projects": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "active": {
+ "type": "boolean"
+ },
+ "created_at": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "updated_at": {
+ "type": "string",
+ "format": "date-time"
+ }
+ }
+ }
+ }
}
-}
\ No newline at end of file
+}
diff --git a/changelog.mdx b/changelog.mdx
index 133979f..3187dc4 100644
--- a/changelog.mdx
+++ b/changelog.mdx
@@ -1,93 +1,236 @@
---
-title: 'Changelog'
-description: 'Latest updates from Corgea.'
+title: "Changelog"
+description: "Product updates and announcements"
---
-## 2024-08-01
-* New scans page to view all scans with filters
-* Filtering on the reporting page
-* Fix feedback redesign
-* New Dropsite
-* New User management views
-* Admin and user token rotation
-
-## 2024-07-14
-* New reporting page
-* Signin redesign
-* Registration redesign
-
-## 2024-06-28
-* New issue view. View by CWE, File or all the issues.
-* Diff viewer line-by-line or side-by-side
-
-## 2024-06-04
-* Added Additional Instructions to inform engineers of additional steps needed
-* Advanced False Positive Detection
-
-## 2024-05-06
-* Launched Corgea [VS Code](/vsc_extension) plugin
-
-
-## 2024-04-29
-* Support to fix Checkmarx SAST scan findings
-* New Dropsite to upload code and vulnerability data without the Corgea CLI
-
-
-## 2024-04-22
-* Added [Azure DevOps Integration](/azure_devops)
-* Updated Github PR comment
-* Added Projects pagination
-* Corgea CLI [pypi package](https://pypi.org/project/corgea-cli/)
-
-
-## 2024-04-15
-* Improvements that increased fix coverage by 10%
-
-
-## 2024-04-08
-* New Projects view to see all projects
-* Introduced Corgea Verified to show quality checks
-* Improved fix quality
-* White consistency improvements
-* CLI improvements
-* Added filter tags for Date & Issue type on the Issues table
-
-
-## 2024-04-01
-* Introduction of Single tennant support
-
-
-## 2024-03-25
-* CLI authentication checks before scan
-
-## 2024-03-18
-* Shortened Fix explanations to improve legibility
-* Security fixes
-
-
-## 2024-03-11
-* GitHub Oauth login and registration
-* [GitHub App for Corgea](https://github.com/apps/corgea)
-* Improved how to fix vulnerable code in large functions
-* Updated Fix and Quality models to increase fix quality
-* Added Projects to the filter criteria on the Issues list page
-
-
-## 2024-02-16
-* C# language support
-* Sorting and filtering of issues
-* New CLI tool
-* Additional fix quality checks
-* CodeQL support
-
-## 2024-01-17
-* Github integration for issuing fixes
-* Ruby language support
-* Java language support
-* Go language support
-
-## 2024-01-04
-* Added download fix as a git diff and a full file
-* Added email notification when fixes are available
-* Added ability to delete issue
-* Code integrity improvements
\ No newline at end of file
+
+ **New Features:**
+ - Vulnerability Source from OSV: Added detailed vulnerability source information powered by the OSV database, enhancing transparency and traceability in scan results.
+
+ **Improvements:**
+ - History View: Enhanced the history view for a clearer, more streamlined experience.
+ - Commenting Experience: Improved commenting interface and added AI-powered LLM explanations for better context understanding.
+ - Repository Dropdown: Fixed overlapping UI elements between the repository dropdown and navigation bar.
+ - Search Bar on Projects Page: Refined search functionality for smoother navigation and quicker access to projects.
+ - Case-Insensitive Branch Search: Dropsite branch search is now case-insensitive for easier usability.
+
+ **Bug Fixes & Stability:**
+ - Resolved issues with project list visibility for GitHub repositories.
+ - Improved handling of missing Git user info to prevent failures.
+ - Addressed GitLab "branch not found" errors gracefully.
+ - General bug fixes and performance improvements.
+
+
+
+ **New Features:**
+ - Scan Audit History: Added a dedicated tab for viewing detailed scan audit history.
+
+ **Improvements:**
+ - Enhanced messaging and consistency across various pages.
+ - Displayed a proper 404 error page for invalid scan or issue links.
+
+ **Bug Fixes & Stability:**
+ - Fixed inaccurate counts on the scan page for non-BLAST scans.
+ - Improved API handling for invalid or missing scan IDs.
+ - Stability fixes for integration tests and backend reliability.
+
+
+
+ **Bug Fixes & Stability:**
+ - Fixed versioning display to ensure accurate build tracking.
+ - General fixes and optimizations for smoother performance.
+
+
+
+
+ **New Features & Enhancements:**
+ - Enhanced Export Capabilities: Added support for exporting CSV reports that include false positive data for comprehensive security analysis.
+ - Advanced API Filtering: Introduced filtering and sorting capabilities in the API to provide more flexible data access and integration options.
+ - Third-Party Scanner Integration: Improved support for third-party security scanners with enhanced deep linking capabilities for seamless workflow integration.
+ - Checkmarx Integration: Added additional context support for Checkmarx scans to provide more detailed security insights.
+
+ **Performance & Usability Improvements:**
+ - Scan List Optimization: Significantly improved page load times for the scan list to provide faster navigation and better user experience.
+ - Enhanced Issue Management: Fixed issues with false positive visibility controls to ensure accurate issue filtering and management.
+ - Improved Scan Organization: Code quality scans are now properly excluded from the main scan list for cleaner project organization.
+
+ **Platform Reliability:**
+ - Enhanced Monitoring: Improved system monitoring with heartbeat functionality for better service reliability.
+ - Issue Status Management: Fixed issue status inheritance to ensure consistent status tracking across projects.
+ - Jira Integration: Resolved Jira integration issues for seamless ticket management.
+ - File Type Handling: Improved file type detection and processing for more accurate scan results.
+
+ **General Improvements:**
+ - Various bug fixes and performance enhancements across the platform.
+ - Improved user experience based on customer feedback.
+ - Enhanced system stability and reliability.
+
+
+
+
+ **New Features & Enhancements:**
+ - Project Management: Added permissions to allow authorized users to delete projects when needed.
+ - CWE Filtering: Introduced an option to filter vulnerabilities by CWE category directly in project settings.
+ - SAML Integration: Added support for assigning default groups when users log in via SAML.
+ - Language Detection: The platform now automatically detects the programming language for imported scans, improving compatibility and accuracy.
+ - Endpoint Discovery: Enhanced the endpoint discovery engine with support for PHP and C# projects.
+ - Feedback System: Added the ability to provide feedback on false positives to continuously improve detection accuracy.
+
+ **Platform Improvements:**
+ - Improved GitLab and Azure DevOps scheduled scan reliability.
+ - Enhanced GitHub app installation handling to support webhook timing edge cases.
+ - Ensured all project types can be deleted consistently.
+ - Prevented unnecessary processing of privileged users during webhook callbacks.
+ - Streamlined project linking using project IDs for more consistent behavior.
+
+ **General Fixes & Maintenance:**
+ - Fixed minor UI issues such as button alignment and whitespace handling.
+ - General performance, stability, and reliability improvements across the platform.
+
+
+
+
+
+ **New Features:**
+ - Risk Management Enhancements: Added automatic expiry options for accepted risks, making it easier to manage ongoing security decisions.
+ - Project Settings Update: Improved project settings interface for a smoother configuration experience.
+
+ **AI & Automation Improvements:**
+ - False Positive Detection: Upgraded the false-positive detection system to use GPT-5, providing smarter and more accurate results.
+ - Automated QA Checks: Added issue codes for quality assurance checks and improved retry handling when checks fail.
+ - Improved Ignore File Support: Added support for ignore files (corgea.yaml) within project settings for more flexible configurations.
+
+ **Usability & Interface Improvements:**
+ - Search Bar Enhancements: Added a "Clear" button and improved multi-select behavior in the search bar.
+ - CWE Filter Fix: Enhanced auto-search functionality for CWE filters to deliver more accurate filtering.
+ - Improved Error Messages: Cleaned up and clarified various error messages for better readability.
+ - Projects Page Fixes: Improved layout and stability on the Projects page for smoother navigation.
+ - Webhook Settings: Fixed Azure webhook link display for easier configuration.
+
+ **Stability & Performance:**
+ - Scan Overview API: Fixed an issue that could cause server errors when loading scan overviews.
+ - Command-Line Scans: Improved handling for CLI-based scans to ensure smoother operations.
+ - General Bug Fixes & Improvements: Various performance and reliability enhancements across the platform.
+
+
+
+ **Major Platform Updates:**
+ - Complete UI Redesign: Overhauled the entire user interface with modern design principles and improved user experience.
+ - Performance Optimization: Significantly improved platform performance with faster load times and smoother interactions.
+ - Mobile Responsiveness: Enhanced mobile experience with responsive design improvements across all pages.
+
+ **Security Enhancements:**
+ - Advanced Vulnerability Detection: Upgraded security scanning algorithms to detect more sophisticated threats.
+ - Real-time Security Monitoring: Added continuous security monitoring capabilities for immediate threat detection.
+ - Enhanced Compliance Reporting: Improved compliance reporting features with more detailed analytics and export options.
+
+ **Integration Improvements:**
+ - New API Endpoints: Added 1new API endpoints for better third-party integrations.
+ - Webhook Enhancements: Improved webhook reliability and added support for custom payload formats.
+ - CI/CD Pipeline Integration: Enhanced integration with popular CI/CD platforms for seamless security scanning.
+
+ **Developer Experience:**
+ - Improved Documentation: Comprehensive updates to API documentation and developer guides.
+ - Better Error Handling: Enhanced error messages and debugging capabilities throughout the platform.
+
+ **Infrastructure & Reliability:**
+ - Scalability Improvements: Enhanced platform scalability to handle increased user load.
+ - Monitoring & Alerting: New monitoring systems and alerting mechanisms for better system reliability.
+
+
+
+ - New scans page to view all scans with filters
+ - Filtering on the reporting page
+ - Fix feedback redesign
+ - New Dropsite
+ - New User management views
+ - Admin and user token rotation
+
+
+
+ - New reporting page
+ - Signin redesign
+ - Registration redesign
+
+
+
+ - New issue view. View by CWE, File or all the issues.
+ - Diff viewer line-by-line or side-by-side
+
+
+
+ - Added Additional Instructions to inform engineers of additional steps needed
+ - Advanced False Positive Detection
+
+
+
+ - Launched Corgea [VS Code](/vsc_extension) plugin
+
+
+
+ - Support to fix Checkmarx SAST scan findings
+ - New Dropsite to upload code and vulnerability data without the Corgea CLI
+
+
+
+ - Added [Azure DevOps Integration](/azure_devops)
+ - Updated Github PR comment
+ - Added Projects pagination
+ - Corgea CLI [pypi package](https://pypi.org/project/corgea-cli/)
+
+
+
+ - Improvements that increased fix coverage by 10%
+
+
+
+ - New Projects view to see all projects
+ - Introduced Corgea Verified to show quality checks
+ - Improved fix quality
+ - White consistency improvements
+ - CLI improvements
+ - Added filter tags for Date & Issue type on the Issues table
+
+
+
+ - Introduction of Single tenant support
+
+
+
+ - CLI authentication checks before scan
+
+
+
+ - Shortened Fix explanations to improve legibility
+ - Security fixes
+
+
+
+ - GitHub Oauth login and registration
+ - [GitHub App for Corgea](https://github.com/apps/corgea)
+ - Improved how to fix vulnerable code in large functions
+ - Updated Fix and Quality models to increase fix quality
+ - Added Projects to the filter criteria on the Issues list page
+
+
+
+ - C# language support
+ - Sorting and filtering of issues
+ - New CLI tool
+ - Additional fix quality checks
+ - CodeQL support
+
+
+
+ - Github integration for issuing fixes
+ - Ruby language support
+ - Java language support
+ - Go language support
+
+
+
+ - Added download fix as a git diff and a full file
+ - Added email notification when fixes are available
+ - Added ability to delete issue
+ - Code integrity improvements
+
diff --git a/cli.mdx b/cli.mdx
index 1c0a0cf..a30d54c 100644
--- a/cli.mdx
+++ b/cli.mdx
@@ -71,29 +71,61 @@ sudo mv corgea /usr/local/bin
### Login with your cli
-To authenticate with your API token, use the following command:
+To authenticate with the CLI, use the following command. This will redirect you to the web application to authorize the CLI:
+```bash
+corgea login
+```
+
+#### Login with custom scope (for customers with Single-Tenant Instance)
+**Hint:** Your company scope is the Corgea subdomain, for example: `https://your-company.corgea.app`
+```bash
+corgea login --scope your-company
+```
+
+
+#### Login with API Key (recommended for CI/CD pipelines)
+
+For automated pipelines and CI/CD environments, use API key authentication which provides a more reliable, non-interactive authentication method:
```bash
corgea login YOUR_API_TOKEN
```
-### Point To A Single-Tenant Instance
+You can also set the API token in an environment variable:
+
+
+```bash MacOS/Unix
+export CORGEA_API_TOKEN="your-api-token-here"
+corgea login
+```
+
+```bash Windows
+$env:CORGEA_API_TOKEN="your-api-token-here"
+corgea login
+```
+
+
+#### Point To A Single-Tenant Instance
-Customers using a single-tenant instance need to have the CLI point to their instance.
+Customers using a single-tenant instance need to configure the CLI to point to their specific instance using the `--url` option:
```bash
corgea login --url https://<>.corgea.app YOUR_API_TOKEN
```
-You can also set the URL in an environment variable and the CLI will automatically detect it.
+You can also set the URL in an environment variable and the CLI will automatically detect it:
```bash MacOS/Unix
export CORGEA_URL="https://<>.corgea.app"
+export CORGEA_API_TOKEN="your-api-token-here"
+corgea login
```
```bash Windows
$env:CORGEA_URL="https://<>.corgea.app"
+$env:CORGEA_API_TOKEN="your-api-token-here"
+corgea login
```
@@ -169,10 +201,14 @@ The Corgea CLI allows you to export scan results to a file, which is particularl
corgea scan --out-format=json --out-file=report.json
```
-The CLI currently supports html and json as output formats.
+The CLI currently supports html, json and SARIF as output formats.
```bash
corgea scan --out-format=html --out-file=report.html
```
+
+```bash
+corgea scan --out-format=sarif --out-file=report.sarif
+```
#### Wait for a Scan
To wait for the latest in-progress scan:
diff --git a/language_support.mdx b/language_support.mdx
index b11dbbd..90c5469 100644
--- a/language_support.mdx
+++ b/language_support.mdx
@@ -50,7 +50,11 @@ Here's a detailed breakdown of the languages and frameworks currently supported
### **C & C++**
- **Native Language Support**: Corgea handles low-level programming constructs including pointers, memory management, and templates.
- Focuses on memory-related vulnerabilities, buffer overflows, and system-level security issues common in C/C++ applications.
-- Enabled for false positive detection and auto-fixing. Coming to scanning soon.
+- Enabled for false positive detection and auto-fixing. Coming to scanning soon.
+
+### **Swift**
+- **Native Language Support**: Corgea analyzes Swift-specific features including optionals, protocol extensions, generics, and value types.
+- Enhances security in iOS and macOS application development, addressing vulnerabilities like insecure data storage, improper SSL/TLS validation, and insecure inter-process communication.
## Key Features Across All Supported Languages
@@ -65,8 +69,4 @@ Here's a detailed breakdown of the languages and frameworks currently supported
5. **Continuous Learning**: Corgea's AI model is constantly updated to address new security threats and CWEs as they emerge.
## Roadmap
-We're committed to expanding our language and framework support. Our upcoming roadmap includes:
-
-- **Swift**: To enhance security in iOS and macOS application development, including Swift-specific features like optionals and protocol extensions.
-
-Stay tuned for updates as we continue to broaden our support, ensuring Corgea remains at the forefront of code security across diverse development environments.
\ No newline at end of file
+We're committed to expanding our language and framework support. Stay tuned for updates as we continue to broaden our support, ensuring Corgea remains at the forefront of code security across diverse development environments.
diff --git a/mcp.mdx b/mcp.mdx
new file mode 100644
index 0000000..2d7b82b
--- /dev/null
+++ b/mcp.mdx
@@ -0,0 +1,447 @@
+---
+title: 'Model Context Protocol (MCP)'
+description: 'Connect AI assistants to Corgea using the Model Context Protocol'
+---
+
+# Model Context Protocol Integration
+
+Corgea supports the [Model Context Protocol (MCP)](https://modelcontextprotocol.io/), allowing AI assistants like Claude to directly interact with your security scans, issues, and policies. MCP enables AI models to understand your security context and provide more relevant assistance.
+
+## What is MCP?
+
+The Model Context Protocol is an open standard that enables AI models to securely connect to external data sources and tools. With Corgea's MCP integration, AI assistants can:
+
+- Query your security scan results
+- Retrieve vulnerability details
+- List and filter security issues
+- Access SCA (Software Composition Analysis) data
+- Check blocking rules and policies
+
+## Getting Started
+
+### Prerequisites
+
+- A Corgea API token (get it from your account settings)
+- An MCP-compatible client (e.g., Claude Desktop, Continue, or any MCP client)
+
+### Connection Details
+
+**MCP Server URL:**
+```
+https://www.corgea.app/mcp
+```
+
+Or for single-tenant deployments:
+```
+https://.corgea.app/mcp
+```
+
+**Authentication:**
+All MCP requests require authentication using your Corgea API token in the `CORGEA-TOKEN` header.
+
+## Available Tools
+
+Corgea's MCP server provides the following tools for AI assistants:
+
+### get_scan_info
+
+Get detailed information about a specific SAST scan.
+
+**Parameters:**
+- `scan_id` (string, required): The unique identifier of the scan
+
+**Returns:**
+Detailed scan information including status, findings count, scan date, and repository information.
+
+**Example:**
+```json
+{
+ "scan_id": "abc123",
+ "status": "completed",
+ "created_at": "2024-11-01T10:30:00Z",
+ "findings_count": 15,
+ "project": "my-project",
+ "repository": "https://github.com/myorg/myrepo"
+}
+```
+
+---
+
+### get_issue_info
+
+Get detailed information about a specific security issue.
+
+**Parameters:**
+- `issue_id` (string, required): The unique identifier of the issue
+
+**Returns:**
+Comprehensive issue details including vulnerability type, severity, location, fix recommendations, and remediation status.
+
+**Example:**
+```json
+{
+ "issue_id": "issue-456",
+ "title": "SQL Injection",
+ "severity": "high",
+ "file": "src/database.py",
+ "line": 42,
+ "description": "User input not properly sanitized",
+ "fix_available": true
+}
+```
+
+---
+
+### list_security_issues
+
+List security issues with optional filtering.
+
+**Parameters:**
+- `scan_id` (string, optional): Filter issues by scan ID
+- `project` (string, optional): Filter issues by project name
+- `repo` (string, optional): Filter issues by repository URL
+
+**Returns:**
+List of security issues matching the specified filters.
+
+**Example:**
+```json
+{
+ "status": "ok",
+ "count": 25,
+ "issues": [
+ {
+ "id": "issue-123",
+ "title": "Cross-Site Scripting (XSS)",
+ "severity": "medium",
+ "status": "open"
+ }
+ ]
+}
+```
+
+---
+
+### list_sca_security_issues
+
+List Software Composition Analysis (SCA) security issues with optional filtering.
+
+**Parameters:**
+- `scan_id` (string, optional): Filter issues by scan ID
+- `project` (string, optional): Filter issues by project name
+- `repo` (string, optional): Filter issues by repository URL
+
+**Returns:**
+List of SCA issues including vulnerable dependencies, CVEs, and version information.
+
+**Example:**
+```json
+{
+ "status": "ok",
+ "count": 12,
+ "sca_issues": [
+ {
+ "id": "sca-789",
+ "package": "lodash",
+ "current_version": "4.17.15",
+ "fixed_version": "4.17.21",
+ "cve": "CVE-2021-23337",
+ "severity": "high"
+ }
+ ]
+}
+```
+
+---
+
+### list_scans
+
+List all SAST scans with optional project filtering.
+
+**Parameters:**
+- `project` (string, optional): Filter scans by project name
+
+**Returns:**
+List of scans with basic information including scan ID, date, status, and findings count.
+
+**Example:**
+```json
+{
+ "status": "ok",
+ "count": 50,
+ "scans": [
+ {
+ "id": "scan-001",
+ "project": "web-app",
+ "created_at": "2024-11-01T09:00:00Z",
+ "status": "completed",
+ "findings": 8
+ }
+ ]
+}
+```
+
+---
+
+### get_blocking_rules
+
+Get all blocking rules configured for your organization.
+
+**Parameters:**
+None
+
+**Returns:**
+List of blocking rules that prevent deployments based on security policies.
+
+**Example:**
+```json
+{
+ "status": "ok",
+ "rules": [
+ {
+ "id": "rule-1",
+ "name": "Block Critical Vulnerabilities",
+ "condition": "severity >= critical",
+ "action": "block",
+ "enabled": true
+ }
+ ]
+}
+```
+
+## Setting Up MCP Clients
+
+### Claude Desktop
+
+Add Corgea to your Claude Desktop configuration:
+
+1. Open Claude Desktop settings
+2. Navigate to the "Developer" section
+3. Edit your MCP configuration file
+4. Add the Corgea MCP server:
+
+```json
+{
+ "mcpServers": {
+ "corgea": {
+ "url": "https://www.corgea.app/mcp",
+ "headers": {
+ "CORGEA-TOKEN": "your_api_token_here"
+ }
+ }
+ }
+}
+```
+
+### Cursor IDE
+
+Add Corgea to your Cursor MCP configuration:
+
+1. Open Cursor Settings (Cmd/Ctrl + Shift + J)
+2. Navigate to "Cursor Settings" → "Models" → "MCP"
+3. Or directly edit your MCP settings file at:
+ - **macOS/Linux**: `~/.cursor/mcp.json`
+ - **Windows**: `%APPDATA%\Cursor\User\mcp.json`
+
+4. Add the Corgea MCP server:
+
+```json
+{
+ "mcpServers": {
+ "corgea": {
+ "command": "npx",
+ "args": [
+ "-y",
+ "@modelcontextprotocol/server-fetch",
+ "https://www.corgea.app/mcp"
+ ],
+ "env": {
+ "CORGEA_TOKEN": "your_api_token_here"
+ }
+ }
+ }
+}
+```
+
+**Alternative Configuration (Direct HTTP):**
+
+If you're using a custom MCP client that supports direct HTTP connections:
+
+```json
+{
+ "mcpServers": {
+ "corgea": {
+ "url": "https://www.corgea.app/mcp",
+ "headers": {
+ "CORGEA-TOKEN": "your_api_token_here"
+ }
+ }
+ }
+}
+```
+
+### Continue IDE Extension
+
+Add Corgea to your Continue configuration:
+
+```json
+{
+ "contextProviders": [
+ {
+ "name": "corgea",
+ "params": {
+ "serverUrl": "https://www.corgea.app/mcp",
+ "headers": {
+ "CORGEA-TOKEN": "your_api_token_here"
+ }
+ }
+ }
+ ]
+}
+```
+
+## Use Cases
+
+### Security-Aware Code Review
+
+Connect your AI assistant to Corgea and ask questions like:
+- "What are the critical security issues in my last scan?"
+- "Show me all SQL injection vulnerabilities in the authentication module"
+- "Are there any high-severity SCA issues in my dependencies?"
+
+### Vulnerability Analysis
+
+Let AI help you understand and prioritize vulnerabilities:
+- "Explain the security issue in issue-456 and suggest how to fix it"
+- "Which vulnerabilities should I fix first based on severity and exploitability?"
+- "What are the blocking rules that would prevent this deployment?"
+
+### Automated Remediation Planning
+
+Use AI to plan security fixes:
+- "Create a remediation plan for all high-severity issues in scan-123"
+- "What dependencies need to be updated to fix SCA issues?"
+- "Generate a report of all open security issues grouped by file"
+
+## Best Practices
+
+
+
+ - Never commit your API token to version control
+ - Rotate tokens periodically
+ - Use environment variables or secure secret managers
+ - Revoke tokens immediately if compromised
+
+
+
+ - Use project and repo filters to narrow results
+ - Start with specific scans when debugging
+ - Filter by severity when prioritizing work
+
+
+
+ - Request only the data you need
+ - Use specific issue/scan IDs when possible
+ - Cache results when appropriate
+ - Respect rate limits
+
+
+
+## Authentication
+
+All MCP tool calls require a valid Corgea API token passed in the `CORGEA-TOKEN` header.
+
+**Getting Your Token:**
+1. Log in to your Corgea account
+2. Navigate to Settings → API Keys
+3. Generate a new API token
+4. Copy the token and add it to your MCP client configuration
+
+
+Keep your API token secure. Anyone with access to your token can query your security data through the MCP interface.
+
+
+## Response Format
+
+All MCP tool responses follow the standard Corgea API response format:
+
+**Success Response:**
+```json
+{
+ "status": "ok",
+ "data": { }
+}
+```
+
+**Error Response:**
+```json
+{
+ "status": "error",
+ "message": "Description of the error",
+ "error": "Detailed error information"
+}
+```
+
+## Rate Limits
+
+MCP requests are subject to the same rate limits as standard API requests:
+- 100 requests per minute per token
+- 1000 requests per hour per token
+
+If you exceed rate limits, you'll receive a `429 Too Many Requests` response.
+
+## Troubleshooting
+
+### Connection Issues
+
+**Problem:** Cannot connect to MCP server
+
+**Solutions:**
+- Verify your API token is valid using the `/verify` endpoint
+- Check that the `CORGEA-TOKEN` header is correctly configured
+- Ensure your network allows HTTPS connections to corgea.app
+
+### Authentication Errors
+
+**Problem:** Receiving 401 Unauthorized responses
+
+**Solutions:**
+- Verify your API token hasn't expired
+- Check that the token is passed in the `CORGEA-TOKEN` header (not Authorization)
+- Ensure your token has the necessary permissions
+
+### Empty Results
+
+**Problem:** Queries return no data
+
+**Solutions:**
+- Verify data exists in your Corgea account
+- Check filter parameters (scan_id, project, repo) are correct
+- Ensure you're querying the correct environment (multi-tenant vs single-tenant)
+
+## Support
+
+
+
+ Learn more about the Corgea API
+
+
+ Get help from the Corgea community
+
+
+ Learn about API authentication
+
+
+ Read the official MCP documentation
+
+
+
+## Next Steps
+
+1. **Get your API token** from your Corgea account settings
+2. **Configure your MCP client** with the Corgea server URL and token
+3. **Test the connection** by asking your AI assistant about your scans
+4. **Explore use cases** like security analysis and vulnerability remediation
+
+Start integrating Corgea's security intelligence into your AI-powered development workflow today!
+
diff --git a/mint.json b/mint.json
index 60d794e..b388b2c 100644
--- a/mint.json
+++ b/mint.json
@@ -60,7 +60,7 @@
"introduction",
"quickstart",
{
- "group": "Setup & Configuration",
+ "group": "Setup & Configuration",
"pages": ["how_it_works"]
}
]
@@ -70,11 +70,23 @@
"pages": [
{
"group": "Security Analysis",
- "pages": ["blast", "sca", "pii", "vulnerability_support", "language_support" , "scanning"]
+ "pages": [
+ "blast",
+ "sca",
+ "pii",
+ "vulnerability_support",
+ "language_support",
+ "scanning"
+ ]
},
{
"group": "Issue Management",
- "pages": ["fixes", "false_positive", "issue_assignment", "issue_export"]
+ "pages": [
+ "fixes",
+ "false_positive",
+ "issue_assignment",
+ "issue_export"
+ ]
},
{
"group": "Policy Management",
@@ -105,7 +117,7 @@
},
{
"group": "Tools & Utilities",
- "pages": ["cli"]
+ "pages": ["cli", "mcp"]
},
{
"group": "API Reference",
@@ -134,4 +146,4 @@
"measurementId": "G-GGF9NXG1LJ"
}
}
-}
\ No newline at end of file
+}
diff --git a/pii.mdx b/pii.mdx
index 03ca5ea..9519e56 100644
--- a/pii.mdx
+++ b/pii.mdx
@@ -29,12 +29,6 @@ description: "PII/PHI Scanning automatically detects and identifies Personally I
- Appropriate permissions to run security scans
- Access to the scanning service
-### Configuration Steps
-
-1. **Access Scanning Configuration**: Navigate to your project's security scanning settings
-2. **Enable PII/PHI Scanning**: Toggle the PII/PHI scanning option to "enabled"
-3. **Set Sensitivity Levels**: Configure detection sensitivity based on your compliance requirements
-4. **Set Up Notifications**: Configure alerts for detected sensitive data
## Usage Guide
diff --git a/vsc_extension.mdx b/vsc_extension.mdx
index 9b70f08..e56c4db 100644
--- a/vsc_extension.mdx
+++ b/vsc_extension.mdx
@@ -62,6 +62,6 @@ Before installing the Corgea extension, ensure you have the following:
- To login into another user or log out, use the Command Palette (`Ctrl+Shift+P`) and select the respective commands (`Corgea: Login` or `Corgea: Logout`).
-## Release Notes
+## Release Notes 123
Full release notes are found on the extension's [change log page](https://marketplace.visualstudio.com/items/Corgea.corgea/changelog).