Amazon CodeGuru Security
Detect, track, and fix code security vulnerabilities anywhere in the development cycle using ML and automated reasoning
Detect security vulnerabilities at any stage of the development lifecycle
Amazon CodeGuru Security is a static application security testing (SAST) tool that combines machine learning (ML) and automated reasoning to identify vulnerabilities in your code, provide recommendations on how to fix the identified vulnerabilities, and track the status of the vulnerabilities until closure. Learn more »
Amazon CodeGuru Profiler helps developers find an application’s most expensive lines of code by helping them understand the runtime behavior of their applications, identify and remove code inefficiencies, improve performance, and significantly decrease compute costs.
How it works
Detect vulnerabilities at any stage of the development workflow
The CodeGuru Security API-based design provides integrate capabilities to use at any stage of the development workflow. Whether your organization adheres to the “shift left“ or “shift right” ideology, CodeGuru Security plugs into your continuous integration and delivery (CI/CD) tooling to help you identify vulnerabilities in your application code.
Reduce false-positive detections
Track bug closure automatically
The CodeGuru Security bug-tracking feature automatically detects when a bug is closed. The bug-tracking algorithm ensures that you have up-to-date information on your organization's security posture without additional effort. You focus on what matters to you, and CodeGuru Security takes care of the rest.
Start immediately without VM provisioning
There is no need to provision virtual machines (VMs) to run CodeGuru Security. Just integrate CodeGuru Security with your tooling, and it will scale up and down with your workload.
To learn more about CodeGuru Security, visit the Amazon CodeGuru Developer Forum.
“We have about 300+ microservices right now that are being reviewed and managed by CodeGuru Reviewer. Amazon CodeGuru Profiler analyzes the application runtime performance and using machine learning, provides recommendations on ways that could speed up the application. So, we don't have to try to have our developers figuring out what is the best way to configure from a performance perspective.”
Rich Benner, CIO, Wheel Pros
“Amazon CodeGuru helps Cognizant development teams deliver mission critical software for our customer's digital transformation programs. Incorporating CodeGuru in our development workflows improves and automates code reviews, helps our DevOps teams proactively identify and fix functional and non-functional issues and ensures that the deployments exceeds the performance, security and compliance requirements of our customers across industries and regions.”
Todd Carey, Global Head, Cognizant AWS Business Group
“With CodeGuru, we have built automated code reviews directly into our pipelines, which means my team can deploy code faster and with more confidence. We use CodeGuru Reviewer’s recommendations based on ML and automated reasoning, to focus on fixing and improving the code, instead of manually finding flaws. The addition of Python has made CodeGuru even more accessible for us."
Edwn Nikoi, Technical Manager, IT Consortium
"Amazon CodeGuru has helped expedite our software development lifecycle by streamlining the code review process. As the primary code reviewer on the team, I can now focus more on the functionality and feature implementation of the code as opposed to searching for security vulnerabilities and best practices that may not have been followed."
Bob Lee III, Cofounder & CTO, ConnectCareHero
“At Atlassian, many of our services have hundreds of check-ins per deployment. While code reviews from our development team do a great job of preventing bugs from reaching production, it’s not always possible to predict how systems will behave under stress or manage complex data shapes, especially as we have multiple deployments per day. When we detect anomalies in production, we have been able to reduce the investigation time from days to hours and sometimes minutes thanks to Amazon CodeGuru’s continuous profiling feature. Our developers now focus more of their energy on delivering differentiated capabilities and less time investigating problems in our production environment.”
Zak Islam, Head of Engineering, Tech Teams, Atlassian
"At DevFactory, we manage over 600 million lines of code across over a hundred enterprise software products. A key component of our future roadmap is to turn all our products into cloud-native products that leverage the incredible array of managed services available at AWS. Rebuilding old school, on-prem architectures, and transforming them for the cloud brings a whole set of engineering challenges that range from keeping abreast with all the latest services to adjusting to the paradigm shift that is associated with these architectures. Amazon CodeGuru is an incredibly valuable tool that helps optimize our products’ performance while making sure that we are leveraging these services with all the best practices in place. Without tools like Amazon CodeGuru Reviewer, we wouldn't have been able to rewrite entire products like FogBugz to be AWS cloud-native. We are now using Amazon CodeGuru Profiler to optimize a number of products including EngineYard's container-based 'No Ops' platform and well as the next generation of the Jive collaboration platform."
Rahul Subramaniam, CEO, DevFactory