Kolega.dev is an AI-powered security vulnerability detection and automated code remediation engine that applies semantic code intelligence to detect and fix complex vulnerabilities in your codebase.

What types of vulnerabilities can Kolega.dev detect?

Kolega.dev can detect a wide range of vulnerabilities including SQL injection, XSS, CORS misconfigurations, race conditions, authentication flaws, and complex logic vulnerabilities that standard SAST tools miss.

How does Kolega.dev differ from traditional SAST tools?

Kolega.dev uses deep semantic analysis and AI to understand code intent and logic flow, not just pattern matching. It provides 0% overlap with standard SAST scanners and can detect complex vulnerabilities across service boundaries.

The Engine That Fixes Your Technical Debt

Kolega.dev applies semantic code intelligence to build a deep understanding of your repo. It moves beyond static analysis (SAST), and surface-level scanning to uncover complex logic flaws, CORS misconfigurations, XSS, SQL injection vulnerabilities, and other critical structural risks. Using deep-graph analysis engine it detects and repairs vulnerabilities in your codebase.

Deep Scan→Fix→Test→PR

The Detection Stack

A tiered detection strategy to cover the entire spectrum of technical debt.

Tier 1: The Standard

Open Source

For standard compliance and known vulnerabilities, we orchestrate industry-standard detection engines:

Secure code analysis (SAST)

Finds dangerous code patterns, broken logic, and unsafe configurations directly in your source code.

Full dependency map (SBOM)

Generates a complete blueprint of every library, package, and component inside your codebase.

Open-source risk checks (SCA)

Detects vulnerable, outdated, or compromised open-source dependencies before they hit production.

Secret and key exposure detection

Captures leaked API keys, tokens, passwords, and credentials anywhere in your repo.

Tier 2: The Deep Code Scan

Proprietary

Standard tools miss complex logic flaws. Kolega.dev Deep Code Scan goes beyond pattern matching to understand code intent and identify critical vulnerabilities:

Semantic Logic Analysis

Identifies broken authorization flows and race conditions that SAST tools miss.

AI-Generated Code Validation

Detects insecure patterns in LLM-generated code that pass syntax checks.

Zero-Overlap Detection

0% overlap with standard SAST scanners—provides a critical second line of defense.

Noise Reduction

Only review what matters. Reduce 90% of the noise.

Internal Memory Architecture

Track alert status, mark as 'Won't Fix', we'll remember the signature globally.

Logical Grouping

50 instances of the same violation = 1 Ticket and 1 PR, not 50 notifications.

Context-Aware Filtering

Eliminates false positives by understanding your code architecture and dependencies.

Priority Intelligence

Automatically prioritizes critical vulnerabilities based on exploitability and business impact.

Scanning repository...

Running Semgrep & Trivy...

Deep architectural analysis...

Generating fixes...

Creating PR...

Kolega.dev Engine in Action

Detecting a sophisticated Second-Order SQL Injection across service boundaries

Generated Pull Request

kolega.dev

Security Fix: Second-Order SQL Injection in Analytics Engine (CVE-2024-9156)

#492 • wants to merge 7 commits into main

criticalsecurityautomatedverified

🚨 Vulnerability Summary

Severity: Critical (CVSS 9.3)

Second-order SQL injection where user input stored safely via ORM is later retrieved and used unsafely in dynamic report generation. Attacker payloads in company names execute 30+ days later during quarterly executive reporting, enabling complete database compromise.

🔍 Root Cause Analysis

Cross-boundary taint analysis traced user input through 4 code paths:

TenantController.updateProfile() - User input via REST API
TenantRepository.save() - ORM storage (appears safe)
ReportBuilder.generateQuarterly() - Dynamic SQL construction
analytics.buildCompanyFilter() - String interpolation of stored data

🛡️ Fix Implementation

Implemented type-safe query builder with guaranteed parameterization
Replaced all dynamic SQL with parameterized WHERE IN clauses
Added content security validation for stored company names
Implemented allowlist validation for report sort fields
Added persistent taint tracking metadata in database
Created comprehensive SQL injection regression test suite

📁 Files Changed (7)

+156 -89 services/analytics/ReportBuilder.ts
+134 -0 services/analytics/SafeQueryBuilder.ts
+67 -23 controllers/TenantController.ts
+45 -12 validators/ContentValidator.ts
+89 -0 database/migrations/add_taint_metadata.sql
+234 -0 tests/security/second_order_sqli.test.ts
+78 -0 tests/integration/report_security.test.ts

✅ Verification & Testing

Unit tests: 89 SQL injection payloads blocked

Integration tests: Cross-service taint tracking verified

Penetration testing: sqlmap automated payloads neutralized

Performance impact: Query builder adds <5ms overhead

Regression testing: All 1,247 quarterly reports still generate

All checks have passed

•No merge conflicts

Generated Diff

@@ -32,15 +32,28 @@ class TenantCorsManager {

async validateOrigin(origin: string, tenantId: string): Promise<boolean> {

- const tenantDomain = await this.getTenantDomain(tenantId);

- const allowedPattern = `https://.*.${tenantDomain}`;

- return origin.match(allowedPattern) !== null;

+ const tenantDomain = await this.getTenantDomain(tenantId);

+ // Prevent subdomain injection attacks

+ if (!tenantDomain || !this.isValidDomainFormat(tenantDomain)) {

+ this.logSecurityEvent('invalid_tenant_domain', { tenantId, tenantDomain });

+ return false;

+ }

+ // Strict subdomain validation with protocol enforcement

+ const validSubdomains = await this.getAllowedSubdomains(tenantId);

+ const urlParts = new URL(origin);

+ return urlParts.protocol === 'https:' &&

+ validSubdomains.includes(urlParts.hostname) &&

+ urlParts.hostname.endsWith(`.${tenantDomain}`);

}

@@ -67,8 +80,15 @@ class SecurityMiddleware {

setupCorsPolicy(app: Express): void {

const corsOptions = {

origin: this.validateOriginCallback.bind(this),

- credentials: true

+ credentials: true,

+ optionsSuccessStatus: 200,

+ preflightContinue: false,

+ maxAge: 86400

};

Problem

Arbitrary code execution via malicious product configurations

Fix Generated

Schema validation + safe input sanitization

e-commerce-api

PR #203+811 -67

Configuration

Simple YAML configuration to get started

.kolega.yml

1version: 1
2detection:
3  standard_scanners: true
4  deep_scan:
5    enabled: true
6    architecture: strict   # Enforce modular boundaries
7    complexity_threshold: 15
8noise_reduction:
9  grouping: logical
10integrations:
11  jira:
12    project: TECHDEBT

What Developers Say

Real feedback from early access users

8h → 30min

“Other tools find vulnerabilities. This engine finds them, writes the fix, generates the tests, and hands me a merge-ready PR. I went from 8 hours fixing to 30 minutes reviewing.”

Senior Software Engineer

SaaS Startup

36x faster

“A colleague invited me to the early beta and I owe them big time. Before: 3 hours per vulnerability. After: 5 minutes reviewing the PR. This tool is a 36x time multiplier.”

Engineering Manager

Growth-stage Company

40% → 0% failures

“Dependabot PRs broke my build 40% of the time. Kolega PRs include tests that prove they work. One I disabled, one I trust.”

DevOps Engineer

Cloud-native Solutions

180 vulns → 0

“We had 180 open vulnerabilities when we were invited to the early access program. The platform generated fixes for all of them in one week. We merged them progressively. Security debt: zero.”

VP of Engineering

FinTech Startup

100% trust

“First automated security tool where I actually trust the PRs. Tests prove they work, conflicts are resolved, fixes are architecturally sound. I merge with confidence.”

Principal Engineer

Platform Company

Grunt work eliminated

“This system does the grunt work—reading CVEs, writing patches, generating tests. I just review and merge. Way better use of my time.”

Senior Engineering Manager

Scale-up

Pricing

Choose the right plan for your team

	Free	ProPopular	Team	Enterprise
Price	$0 /mo	$99 /mo	$499 /mo	Custom
Applications	1 Application	1 Application	up to 5 Applications	Custom
Application LOC Limit	100k	100k	100k	Custom
LOC Top-ups	-	Available	Available	Available
Pull Requests	0 PRs	4 PRs /mo	25 PRs /mo	Custom
Scanning Mode	Scheduled Only	Scheduled Only	On-Demand & Triggered	Custom / Continuous
Included Scans	20 SAST /mo 4 Deep Scans /mo	20 SAST /mo 4 Deep Scans /mo	20 SAST /mo 8 Deep Scans /mo	Custom
Noise Reduction	-
Automated Vulnerability Exploitation Testing	-	-	-
Scan & PR Top-ups	-	-	Available	Custom
Core Features
Automated Fixes	-
Ticket Integration
Enterprise & Compliance
Action Audit & Logging	-	-
Self-Hosted Runners	-	-	-
SSO / SAML	-	-	-
Compliance Readiness	-	-	-	SOC2, ISO, HIPAA, GDPR, CCPA, PCI, Bespoke

Simple 3 click setup.

Deploy Kolega.dev.

Find and fix your technical debt.