Find your most expensive lines of code with Amazon CodeGuru

Amazon CodeGuru is a developer tool powered by machine learning that provides intelligent recommendations for improving code quality and identifying an application’s most expensive lines of code. It performs automated code reviews and provides application performance recommendations.

Amazon CodeGuru Reviewer

Amazon CodeGuru Reviewer finds issues in your code and recommends how to remediate them. For example, CodeGuru Reviewer detects deviation from best practices for using AWS APIs and SDKs, and also identifies concurrency issues, resource leaks, security vulnerabilities and incorrect input validation. To begin reviewing code, you can associate existing code repositories on GitHub, GitHub Enterprise, Bitbucket or AWS CodeCommit with CodeGuru.

Automated Recommendations for pull requests

CodeGuru Reviewer automatically analyzes source code pull requests to find critical issues and provides intelligent recommendations for resolving code defects directly within the pull request. CodeGuru Reviewer identifies code quality issues in nine broad categories:

• AWS best practices: Correct use of AWS APIs (e.g., polling, pagination)
• Java and Python (available in preview) Best Practices: Correct use of popular Java and Python language and library features
• Concurrency: Detects missing synchronization resulting in incorrect functionality or excessive synchronization leading to performance issues.
• Deadlocks: Checks for coordination among concurrent threads
• Resource leaks: Correct handling of resources (e.g., releasing database connections)
• Sensitive information leaks: Leakage of Personally Identifiable Information (e.g., logging credit card details)
• Common code bugs: Hard to find defects such as not creating a client for each lambda invocation
• Code Cloning: Identifies duplicated code that could be consolidated for better code maintainability
• Input Validation: Checks for malformed or malicious data from untrusted sources

Automated Recommendations for pull requests
 Click to enlarge

In short, CodeGuru equips your development team with the tools to maintain a high bar of coding standards in the software development process.

You can also view all code reviews in the “Code reviews” console page (Reviewer section). The page lists all code review information such as, the status of the code review, the repository, the number of recommendations, and more. You can click on a successfully completed code review to view recommendation details, search for recommendations and see the number of lines analyzed. You may also give feedback on CodeGuru recommendations by clicking on thumbs up or thumbs down icon below the recommendation.

PullRequest
 Click to enlarge
Recommendations
 Click to enlarge
Full Repository Analysis

With CodeGuru, you can get automated code review recommendations for associated repositories for all code (not just incremental changes through pull requests) under a specified code branch. Use cases include providing code review recommendations during code migration, code due diligence and periodic code maintainability initiatives. You can navigate to the "Repository Analysis" tab in the "Code Reviews" page to trigger a new analysis on a full repository.

Full Repository Analysis
 Click to enlarge

With pull request and full repository analysis available, onboarding onto Reviewer can help you 1) associate your repository, 2) initiate a full repository analysis, 3) continuously analyze pull requests with incremental code changes and 4) do a periodic re-scan of the full repository to ensure code quality.

Security Detection

Codeguru Reviewer helps you improve code security and provides recommendations for best practices. It uses machine learning to analyze data flow from source to sink and across multiple functions to detect hard-to-find security vulnerabilities. The Security Detector supports Java, through Java 11 and identifies several categories of issues such as:

1. AWS API Security Best Practices: you can check API security for AWS EC2 and KMS
2. Java Crypto Library Best Practice: you can check if Javax.Crypto.Cipher is initialized and called correctly
3. Secure Web Applications: you can check web app related security issues, such as LDAP injections
4. Sensitive Information Leak: you can check if there is any leakage of personal or sensitive information
5. AWS Security Best Practices (such as AWS Crypto recommendations): you can check if your code meets AWS best practices
 
You can go to the CodeGuru console and trigger a security analysis on their entire repository or codebase by uploading you source and build artifacts.
Security Detection
 Click to enlarge

Amazon CodeGuru Profiler

Amazon CodeGuru Profiler is always searching for application performance optimizations, identifying your most “expensive” lines of code and recommending ways to fix them to reduce CPU utilization, cut compute costs, and improve application performance. For example, CodeGuru Profiler can identify when your application is consuming excessive CPU capacity on a logging routine instead of executing on core business logic.

Always-on profiling of applications in production

CodeGuru Profiler is designed to continuously run on production with minimal overhead which means you can leave it on. It enables you to profile and troubleshoot your application using real customer traffic patterns and easily discover performance issues. If your production application experiences any issues, you can quickly fix the issue with the profiler data and recommendations. CodeGuru Profiler also provides a heap summary so you can identify what objects are using up memory at any given time

Understand the runtime behavior of applications

CodeGuru Profiler continuously analyzes application CPU utilization, heap usage, and latency characteristics to show you where you are spending the most cycles or time in your application. The CPU and latency analysis is presented in an interactive flame graph that helps you easily understand which code paths consume the most resources, verify that your application is performing as expected, and uncover areas that can be optimized further.

Image Processing Anomaly
 Click to enlarge

Flame graphs visualize the performance of your application by aggregating stack trace samples over a period of time to produce an accurate picture of the application's behavior during that time. You can use a flame graph to understand which paths consume the most resources, verify that your application is performing as expected, and uncover areas that can be optimized further. For example, method UploadGreyImage is spending $134,868 per year and this is consuming 10.22% wall clock time, so if you didn’t expect it to spend so much time you should investigate. 

Heap summary

The heap usage analysis is presented on a heap summary visualization which shows you what objects are allocated on your heap – whether your own domain classes or those owned by libraries or the JDK.

Discover anomalies and common issues in your application performance
 Click to enlarge

Heap summary visualizes all the objects allocated on the heap for a given period of time along with their size, count and time series. For example you can see on the time series graph that at 4:20pm there are two objects that start significantly growing (java.util.LinkedHashMap$Entry and java.land.UUID) which indicates a potential memory leak. If this upward trend continues it could lead to an out of memory situation if left unchecked.

Intelligent recommendations

CodeGuru Profiler automatically identifies performance issues in your application and provides intelligent recommendations on how to remediate them. These recommendations help you identify and optimize the most expensive or resource intensive methods within your code without you needing to be a performance engineering expert. These optimizations help you reduce the cost of your infrastructure, reduce latency, and improve your overall end user experience.

Intelligent recommendations
 Click to enlarge

When it sees opportunities to optimize your application performance, Amazon CodeGuru Profiler explains why it is recommending a change, what’s causing the issue, how to resolve it, and where in the code this issue is impacting your application. This recommendation shows you that this expensive line of code costs you $182.16K per year and has a 2.97% impact on your CPU utilization. If you follow the suggested resolution steps you will be able to save up to $182.16K.

Anomaly detection

Amazon CodeGuru Profiler continuously analyzes your application profiles in real-time and detects anomalies in the behavior of your application and its methods. Each anomaly is tracked in the Recommendation report and you can see time series of how the method’s latency behaves over time with anomalies clearly highlighted. If configured, an Amazon SNS notification will also be sent when a new anomaly is detected.

Anomaly detection
 Click to enlarge
Always-on profiling of applications in production

CodeGuru Profiler is designed to continuously run in production with minimal overhead, which means you can leave it on all the time with minimal impact on application performance. This allows you to profile and troubleshoot your application using real customer traffic patterns and easily discover performance issues that might not be detected in your test environment.

Product-Page_Standard-Icons_01_Product-Features_SqInk
Learn more about Amazon CodeGuru pricing

Visit the Amazon CodeGuru pricing page.

Learn more 
Sign up for a free account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Get started building with Amazon CodeGuru in the AWS Management Console.

Sign in