General

Q: What is Amazon CodeGuru?

CodeGuru has two components: Amazon CodeGuru Security and Amazon CodeGuru Profiler. CodeGuru Security is a machine learning (ML) and program analysis-based tool that finds security vulnerabilities in your application code. CodeGuru Security also scans for hardcoded credentials. CodeGuru Profiler optimizes performance for applications running in production and identifies the most expensive lines of code, reducing operational costs significantly.

Q: How do I get started with CodeGuru?

CodeGuru is now generally available. You can start right now in the Amazon CodeGuru console.

Q: In which AWS Regions is CodeGuru available?

To see supported Regions, please visit the AWS Region Table for all AWS global infrastructure. For more information, see Regions and Endpoints in the AWS General Reference.

Amazon CodeGuru Security

Q: What is Amazon CodeGuru Security?

CodeGuru Security is an ML and program analysis-based code scanning tool that finds security vulnerabilities in application code.

Q: What programming languages are supported?

CodeGuru Security currently supports scanning Java, Python, JavaScript, TypeScript, C#, CloudFormation, Terraform, Go, and Ruby.

Q: What type of issues are detected by CodeGuru Security?

CodeGuru Security detects Open Worldwide Application Security Project (OWASP) Top Ten issues, Common Weakness Enumeration (CWE) Top 25 issues, log injection, secrets, and secure use of AWS APIs and SDKs. See the Amazon CodeGuru Detector Library for more details on vulnerabilities found by CodeGuru Security.

Q: How do I get started with CodeGuru Security?

Visit the CodeGuru console to integrate CodeGuru Security in your developer lifecycle. You can integrate into continuous integration and delivery (CI/CD) tools, repository scanning, and integrated development environments (IDEs).

Q: Does CodeGuru Security access my code?

CodeGuru Security needs read-only access to your code for the purpose of generating recommendations. Your trust, privacy, and the security of your content are our highest priority. We implement appropriate controls, including encryption in transit, to prevent unauthorized access to, or disclosure of, your content and ensure that our use complies with our commitments to you. We also support customer manager KMS keys (CMCMK ) for encryption. Please see the Data Privacy FAQ for more information.

Q: Does CodeGuru Security persist a copy of my code?

No, CodeGuru Security does not store your source code.

Q: How is CodeGuru Security trained to provide intelligent recommendations?

CodeGuru Security is trained using rule mining and supervised ML models that use a combination of logistic regression and neural networks. For example, during training for sensitive data leaks, it does a full code analysis for all code paths that use the resource or sensitive data, creates a feature set representing those, and then uses those as inputs for logistic regression models and convolutional neural networks (CNNs).

Q: Which integrations does CodeGuru Security support?

CodeGuru Security is integrated with Amazon Inspector code scanning for Lambda. Additional integrations with repositories and CI/CD tools are coming soon.

Amazon CodeGuru Profiler

Q: What is Amazon CodeGuru Profiler?

CodeGuru Profiler helps developers and IT Operators easily understand the runtime behavior of their applications, improve performance, and decrease infrastructure costs. Amazon CodeGuru Profiler analyzes the application runtime profile and provides intelligent recommendations and visualizations that guide developers on how to improve the performance of the most relevant parts of their code.

Q: What is a profiling group?

A profiling group is a logical grouping created by you. It represents the boundary of one application. For example, in a microservices architecture, a profiling group would aggregate the profiles of the microservices that you have assigned to it, and produce one profile for all of them.

Q: I already have extensive logging integrated into my code. Do I still need to profile?

Logging execution time only works for a limited set of scenarios because logging can only monitor latency (not CPU utilization), and is time consuming to implement because developers have to log every function in an application (without impacting application performance), leaving developers without the tools necessary to effectively monitor and troubleshoot applications in production. This is where profiling comes in: CodeGuru Profiler is designed to collect data on everything that happened in that application’s behavior, regardless of scenarios. CodeGuru Profiler uses a knowledge base of commonly encountered performance inefficiencies to automatically discover code patterns in your live application that impact its performance. Developers can then follow the provided recommendations to fix the issues.

Q: How does CodeGuru Profiler differ from traditional APMs and standalone profilers?

Traditional APMs provide useful data on monitoring, tracing and application performance. CodeGuru Profiler complements these APM capabilities by providing visualizations of the application’s runtime data as well as actionable recommendations for the performance issues it discovers. It also uses machine learning to detect and alert on anomalies in your application profile, pointing to the anomalous lines of code. CodeGuru Profiler enables you to easily see the parts of code that present the biggest opportunity for performance optimization, along with potential savings, and receive guidance on how to address them without the need to have a deep performance engineering background. Amazon CodeGuru Profiler profiles both EC2 instances, containers and serverless compute platforms including AWS Lambda as well as on-premises. Furthermore, some standalone profilers are designed to only run in test environments while CodeGuru Profiler was designed to continuously run in production, under production traffic loads, and without impact to the application. This is useful when troubleshooting operational issues in production, including when running on bare metal hosts.

Q: What types of applications can I profile?

CodeGuru Profiler works with applications hosted on Amazon EC2, containerized applications running on Amazon ECS and Amazon EKS, as well as serverless applications running on AWS Fargate and AWS Lambda. Furthermore, you can run CodeGuru Profiler on premises.

Q: How does CodeGuru Profiler impact the performance of applications hosted on AWS Lambda?

The CodeGuru Profiler agent uses the resources (CPU, memory) allocated to AWS Lambda functions. It is tuned to have a minimal impact on your application's performance while it runs as an in-process thread. If your application consumes most of resources on AWS Lambda function, evaluate increasing the resources to enable the agent to properly function.

Q: What programming languages are supported?

CodeGuru Profiler currently supports Java, Python (in preview), and JVM languages such as Scala and Kotlin.

Q: How does CodeGuru Profiler work?

CodeGuru Profiler consists of three parts: an agent, the profiler service, and intelligent recommendations. The agent is started with your application on the command line and it runs as an in-process thread as part of your application. It takes data from each of your service instances running the agent and sends them to the profiler service every five minutes, which then aggregates them. CodeGuru Profiler then publishes the profile data in interactive flame graphs that enable you to visualize the performance of your application. CodeGuru Profiler also continuously scans the profiled data and compares it against Amazon and performance engineering best practices and proactively alerts you with intelligent recommendations when performance issues are discovered. It also uses ML to continuously analyze application runtime data and alerts when it detects anomalies in the application profile and points to the anomalous lines of code.

Q: Which resources does CodeGuru Profiler profile and what are the supported languages?  

CodeGuru Profiler profiles CPU (active CPU and wall clock time) and memory (heap summary) for Java and other JVM languages and CPU (wall clock time) for Python applications.

Q: Can I get both CPU and memory information from the same application?

Yes, once you enable memory profiling and you start profiling, CodeGuru Profiler will collect both CPU and memory information for your application. You only need one profiling group to get both CPU and memory data for a given application.

Q: What memory profiling information does CodeGuru Profiler provide?

CodeGuru Profiler offers heap summary information. Heap summary offers a consolidated view of the memory utilization per object type (e.g., String, int, char[]), and custom types, during a given time frame (usually 5 minutes). CodeGuru Profiler tracks both the summed-up sizes of objects and their count. These metrics are presented in a timeline graph, so you can easily spot trends and peaks of memory utilization per object type.

Q: What can I do with heap summary information?

Heap summary is useful in two scenarios. First, you can spot potential memory leaks. A constantly growing memory utilization curve for one or more object types may indicate a leak, possibly leading to out-of-memory errors and application crashes. The second scenario is when you want to optimize the memory footprint of your application. In this case the breakdown of memory utilization per object type will help you know where to focus. For example, by knowing that an unexpectedly high amount of memory has been associated with a specific object type, you can focus your analysis and optimization efforts on the parts of your application that are responsible for allocating and referencing objects of that type.

Learn more about our customers

Visit the Amazon CodeGuru customers page.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with Amazon CodeGuru in the AWS Management Console.

Sign in