Overview

Kolega DevSec is an autonomous security remediation platform that connects to your code repositories through GitHub and GitLab integrations. It scans your repositories for security issues, helps you triage findings, and generates production-ready fixes.

Platform Workflow

The platform is organised around a simple end-to-end workflow:

1

Connect Repositories

Connect your organisation to GitHub and/or GitLab and choose which repositories Kolega can access.

2

Run Scans

Trigger scans across one or more repositories and track progress from the Scans view.

3

Review Findings

Triage security issues discovered in your repositories, filter by severity and status, and decide what to fix.

4

Create Fixes

Generate AI-assisted fixes for findings and review the resulting pull requests in your repository provider.

Compliance

Track compliance posture across frameworks and monitor requirements and control status across repositories.

How It Works

Kolega runs security scans on a scheduled basis (frequency depends on your tier). When vulnerabilities are detected, the platform analyzes your codebase to understand the context, generates appropriate fixes, and submits them as pull requests after verifying they don't break existing functionality.

Core Capabilities

Detection

Runs traditional scanners (SAST, SCA, SBOM, Secret Detection) alongside AI-powered deep scans to identify security and quality issues.

Remediation

Generates code fixes tailored to your codebase with explanations of what changed and why.

Testing

Runs existing tests and generates new tests in an isolated sandbox environment to verify fixes before creating pull requests.

Grouping

Groups similar vulnerabilities together and resolves them in unified pull requests to reduce review overhead.

Simple 3 click setup.

Deploy Kolega.dev.

Find and fix your technical debt.

No credit card required · 7-day free trial