Amazon CodeGuru Security

Detect, track, and fix code security vulnerabilities anywhere in the development cycle using ML and automated reasoning

Detect security vulnerabilities at any stage of the development lifecycle

Amazon CodeGuru Security is a static application security testing (SAST) tool that combines machine learning (ML) and automated reasoning to identify vulnerabilities in your code, provide recommendations on how to fix the identified vulnerabilities, and track the status of the vulnerabilities until closure. Learn more »

Amazon CodeGuru Profiler helps developers find an application’s most expensive lines of code by helping them understand the runtime behavior of their applications, identify and remove code inefficiencies, improve performance, and significantly decrease compute costs. 

90 days free

Up to 100k lines of code for CodeGuru Reviewer

with the AWS Free Tier

How it works

Integrate Amazon CodeGuru Security with your development pipeline to improve code quality and optimize application performance. Trained on decades of knowledge and experience, CodeGuru Security uses ML and automated reasoning to precisely identify code vulnerabilities. CodeGuru Security also borrows from AWS security best practices and training on millions of code vulnerability assessments within Amazon. CodeGuru Security can then identify code vulnerabilities with a very low false-positive rate. To begin reviewing code, you can associate your existing code repositories on GitHub, GitHub Enterprise, Bitbucket, or AWS CodeCommit in the CodeGuru console.
Use Amazon CodeGuru Security to write and scan code, and then build and test for security enforcement before deployment


Detect vulnerabilities at any stage of the development workflow

The CodeGuru Security API-based design provides integrate capabilities to use at any stage of the development workflow. Whether your organization adheres to the “shift left“ or “shift right” ideology, CodeGuru Security plugs into your continuous integration and delivery (CI/CD) tooling to help you identify vulnerabilities in your application code.

Reduce false-positive detections

False positives cost you money by diverting engineering resources to findings that are found not to be vulnerabilities after review. By performing deep semantic analysis, CodeGuru Security detects vulnerabilities with a high precision, significantly reducing the number of false positives. This frees up engineering teams to focus on building applications for your organization.

Track bug closure automatically

The CodeGuru Security bug-tracking feature automatically detects when a bug is closed. The bug-tracking algorithm ensures that you have up-to-date information on your organization's security posture without additional effort. You focus on what matters to you, and CodeGuru Security takes care of the rest.

Start immediately without VM provisioning

There is no need to provision virtual machines (VMs) to run CodeGuru Security. Just integrate CodeGuru Security with your tooling, and it will scale up and down with your workload.

To learn more about CodeGuru Security, visit the Amazon CodeGuru Developer Forum.

Customer success

Wheel Pros
“We have about 300+ microservices right now that are being reviewed and managed by CodeGuru Reviewer. Amazon CodeGuru Profiler analyzes the application runtime performance and using machine learning, provides recommendations on ways that could speed up the application. So, we don't have to try to have our developers figuring out what is the best way to configure from a performance perspective.”

Rich Benner, CIO, Wheel Pros

Watch the video to learn how Presidio and Wheel Pros have leveraged Amazon CodeGuru to modernize their data center »

“Amazon CodeGuru helps Cognizant development teams deliver mission critical software for our customer's digital transformation programs. Incorporating CodeGuru in our development workflows improves and automates code reviews, helps our DevOps teams proactively identify and fix functional and non-functional issues and ensures that the deployments exceeds the performance, security and compliance requirements of our customers across industries and regions.”

Todd Carey, Global Head, Cognizant AWS Business Group

IT Consortium
“With CodeGuru, we have built automated code reviews directly into our pipelines, which means my team can deploy code faster and with more confidence. We use CodeGuru Reviewer’s recommendations based on ML and automated reasoning, to focus on fixing and improving the code, instead of manually finding flaws. The addition of Python has made CodeGuru even more accessible for us." 

Edwn Nikoi, Technical Manager, IT Consortium


"Amazon CodeGuru has helped expedite our software development lifecycle by streamlining the code review process. As the primary code reviewer on the team, I can now focus more on the functionality and feature implementation of the code as opposed to searching for security vulnerabilities and best practices that may not have been followed."

Bob Lee III, Cofounder & CTO, ConnectCareHero

Watch the video to learn how ConnectCareHero leverages Amazon CodeGuru to automate code reviews »

“At Atlassian, many of our services have hundreds of check-ins per deployment. While code reviews from our development team do a great job of preventing bugs from reaching production, it’s not always possible to predict how systems will behave under stress or manage complex data shapes, especially as we have multiple deployments per day. When we detect anomalies in production, we have been able to reduce the investigation time from days to hours and sometimes minutes thanks to Amazon CodeGuru’s continuous profiling feature. Our developers now focus more of their energy on delivering differentiated capabilities and less time investigating problems in our production environment.”

Zak Islam, Head of Engineering, Tech Teams, Atlassian

Learn how Atlassian profiles services in production with CodeGuru Profiler »


"At DevFactory, we manage over 600 million lines of code across over a hundred enterprise software products. A key component of our future roadmap is to turn all our products into cloud-native products that leverage the incredible array of managed services available at AWS. Rebuilding old school, on-prem architectures, and transforming them for the cloud brings a whole set of engineering challenges that range from keeping abreast with all the latest services to adjusting to the paradigm shift that is associated with these architectures. Amazon CodeGuru is an incredibly valuable tool that helps optimize our products’ performance while making sure that we are leveraging these services with all the best practices in place. Without tools like Amazon CodeGuru Reviewer, we wouldn't have been able to rewrite entire products like FogBugz to be AWS cloud-native. We are now using Amazon CodeGuru Profiler to optimize a number of products including EngineYard's container-based 'No Ops' platform and well as the next generation of the Jive collaboration platform."

Rahul Subramaniam, CEO, DevFactory

Learn how DevFactory builds better applications with CodeGuru »

Amazon DevOps Guru

Amazon DevOps Guru

DevOps Guru gives developers and operators a simpler way to measure and improve an application’s operational performance and availability.

Amazon CodeGuru features
Check out CodeGuru Security features

Explore available features.

Learn more 
Sign up for a free account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console
Start building in the console

Get started building with CodeGuru Security in the AWS Management Console.

Sign in