Posted On: Jun 24, 2021
Amazon CodeGuru Reviewer is a developer tool that leverages automated reasoning and machine learning to detect potential defects that are difficult to find in your code and offers suggestions for improvements. Today, we are announcing a new CI/CD experience for CodeGuru Reviewer that allows you to trigger code quality and security analysis as a step within your CI workflow using GitHub Actions. Additionally, we are also introducing 20+ new detectors for CodeGuru Reviewer to help identify security vulnerabilities and check for security best practices in your Java code.
The launch of CI/CD experience for GitHub Actions allows developers to trigger CodeGuru Reviewer to conduct code quality and security analysis as a step within their CI workflows. You can continue to use CodeGuru console as your analysis hub, as well as view CodeGuru Reviewer recommendations from within the GitHub UI to get a guidance on how to find and fix code issues and security vulnerabilities. Performing a pull request or pushing a change to your master branch will trigger a scan on your changed lines of code, while scheduling a pipeline run will trigger a full scan of your entire repository.
The new detectors for CodeGuru Reviewer are designed to help identify security vulnerabilities and check for security best practices in your Java code. Based on best practices from Amazon’s 20+ years of experience, these detectors use automated reasoning to analyze all code paths and find potential security issues deep in your Java code, even ones that span multiple methods and files and that may involve multiple sequences of operations.