Posted On: Oct 4, 2021

Amazon CodeGuru is a developer tool powered by machine learning that provides intelligent recommendations for improving code quality and identifying an application’s most expensive lines of code.

Today we are announcing two new features for Amazon CodeGuru Reviewer that can help detect and prevent security vulnerabilities in Python applications. Security detectors for Python identify security risks from the top ten Open Web Application Security Project (OWASP) categories, security best practices for AWS APIs, and incorrect use of common crypto libraries. CodeGuru now also performs an analysis of your code using Bandit (https://github.com/PyCQA/bandit), an open source tool that specializes in scanning Python code for security issues.

Amazon CodeGuru Reviewer makes it easy to add thorough security analysis—that combines CodeGuru’s machine learning-based detectors and the widely-used security analysis tool for Python—to your development workflow. There is nothing to deploy or configure, no infrastructure to maintain or updates to manage. Engineering and security teams can integrate the service with their pull request workflows or CI/CD pipelines to catch vulnerabilities before they go to production.

You can get started from the CodeGuru console by running a full repository scan or integrating CodeGuru Reviewer with your CI/CD pipeline. Code analysis from Bandit is included as part of the CodeGuru Reviewer service at no additional cost. 

To learn more about CodeGuru Reviewer, take a look at the Amazon CodeGuru page. To contact the team visit the Amazon CodeGuru developer forum. For more information about automating code reviews and application profiling with Amazon CodeGuru check out the AWS ML Blog. For more details on how to get started visit the documentation.