Overview
Kolega.dev is an autonomous security remediation platform that connects to your code repositories through GitHub and GitLab integrations. It scans your applications for security issues, helps you triage findings, and generates production-ready fixes.
Platform Workflow
The platform is organised around a simple end-to-end workflow:
Connect Repositories
Connect your organisation to GitHub and/or GitLab and choose which repositories Kolega can access.
Create Applications
Group repositories into applications to organise scanning and compliance tracking across related services.
Run Scans
Trigger scans across one or more applications and track progress from the Scans view.
Review Findings
Triage security issues discovered in your applications, filter by severity and status, and decide what to fix.
Create Fixes
Generate AI-assisted fixes for findings and review the resulting pull requests in your repository provider.
Compliance
Track compliance posture across frameworks and monitor requirements and control status across applications.
How It Works
Kolega runs security scans on a scheduled basis (frequency depends on your tier). When vulnerabilities are detected, the platform analyzes your codebase to understand the context, generates appropriate fixes, and submits them as pull requests after verifying they don't break existing functionality.
Core Capabilities
Detection
Runs traditional scanners (SAST, SCA, Secret Detection) alongside AI-powered deep scans to identify security and quality issues.
Remediation
Generates code fixes tailored to your codebase with explanations of what changed and why.
Testing
Runs existing tests and generates new tests in an isolated sandbox environment to verify fixes before creating pull requests.
Grouping
Groups similar vulnerabilities together and resolves them in unified pull requests to reduce review overhead.