Explain the features of Amazon CodeGuru

Recipe Objective - Explain the features of Amazon CodeGuru?

The Amazon CodeGuru is a widely used service and is defined as a machine learning technology which conducts code reviews to enhance code quality. Reviewer and Profiler are the two major components of CodeGuru. In user's pull requests, CodeGuru Reviewer discovers issues in their code and gives inline recommendations. The CodeGuru Profiler informs users where their code contributes to resource over-utilization by the CPU. Also, Amazon CodeGuru is a developer tool which makes intelligent recommendations for bettering code quality and identifying the most costly lines of code in an application. Users can integrate CodeGuru into their current software development workflow to automate code reviews throughout application development, monitor application performance in production, and give advice and visual indications on how to enhance code quality, application performance, and total cost. During application development, CodeGuru Reviewer employs machine learning and automated reasoning to detect important flaws, security vulnerabilities, and hard-to-find errors, then makes recommendations to enhance code quality. Amazon CodeGuru Profiler assists developers in locating the most costly lines of code in their applications by assisting them in understanding the runtime behaviour of their applications, identifying and removing code inefficiencies, improving performance, and drastically lowering compute costs.

Build Log Analytics Application with Spark Streaming and Kafka

Benefits of Amazon CodeGuru

• The Amazon CodeGuru helps developers submit their work to GitHub, GitHub Enterprise, Bitbucket Cloud, and AWS CodeCommit with no further modifications to their development process add CodeGuru Reviewer as one of the code reviewers. Amazon CodeGuru Reviewer examines current codebases in the repository, accurately detects hard-to-find errors and important issues, makes intelligent recommendations on how to fix them, establishes a baseline for future code reviews and helps catch the code problems before they hit production. Amazon CodeGuru Reviewer Security Detector improves the security of user's code by using automated reasoning and AWS's years of security knowledge. It uses a GitHub Action to integrate security reviews directly into their application development CI/CD processes, ensuring that the user's code adheres to best practices for AWS Key Management Service (AWS KMS), Amazon Elastic Cloud Compute (Amazon EC2), application programming interfaces (APIs), common Java or Python crypto, and TLS/SSL (Transport Layer Security) libraries. When the security detector detects a problem, it provides repair advice as well as an explanation of why the code modification is recommended, allowing Security Engineers to focus on architectural and application-specific security best practices and thus it helps in fixing security vulnerabilities. Amazon CodeGuru Reviewer evaluates incremental code changes and makes suggestions right on the pull request for every pull request that is initiated. It also allows entire repository or code base scans for periodic code maintainability, as well as code due to diligence activities to assure consistent code quality. Also, Amazon CodeGuru Reviewer may be linked to the user's continuous integration and delivery (CI/CD) processes. Users may use the AWS Console or their CI/CD provider's user interface to set it to execute on a pull, push, or scheduled run of their pipeline, and they can check their code quality and security recommendations.

System Requirements

• Any Operating System(Mac, Windows, Linux)

This recipe explains Amazon CodeGuru and its Features of Amazon CodeGuru.

Features of Amazon CodeGuru

• It provides Security

Amazon CodeGuru Reviewer makes suggestions based on common vulnerabilities (OWASP Top 10) and AWS internal security best practices to help users enhance code security. It analyses data flow from source to sink and across several functions using automated reasoning to discover hard-to-find security flaws. The CodeGuru Reviewer Security Detector works with Java 8 and above, as well as Python 3 and up.

• It provides detection of Secret

Amazon CodeGuru Reviewer Secrets Detector uses machine learning-based analysis to help users detect secrets that are hardcoded in their repository or configuration files, including passwords, API keys, SSH keys, access tokens, database connection strings and JSON Web Tokens. Part of CodeGuru Reviewer, Secrets Detector is an automated mechanism that checks code for these secrets and provides point-and-click steps to secure them using AWS Secrets Manager. It can also identify specific keys generated by the most common API providers, including AWS, Atlassian, GitHub, Salesforce, HubSpot, and Stripe.

• It automatic recommendations

Amazon CodeGuru Reviewer provides recommendations – Incremental and full repository code reviews. Incremental repository code reviews are when users generate a pull request from an associated repository, incremental code reviews are created automatically. The updated code in a pull request is scanned in these code reviews. A pull request dashboard is also provided by CodeGuru Reviewer, which shows information for all code reviews. Full repository analysis is when users may obtain ML-powered code review suggestions for all lines of code in the connected repositories under a certain code branch with CodeGuru Reviewer. During code migration, code due diligence, and periodic code maintainability campaigns, users may execute entire repository scans to generate code review suggestions. To start afresh analysis on a whole repository, go to the "Repository Analysis" tab on the "Code Reviews" page in the CodeGuru console. The new repository size-based pricing model includes two full repository scans.

• It provides CI/CD integrations with Github actions

Using GitHub Actions, users may initiate code quality and security analysis as a stage inside their CI process for CodeGuru Reviewer. It can be set up to run and make recommendations on a pull, push, or scheduled pipeline run. After users execute a CodeGuru Reviewer scan through CI/CD, users may examine their code quality and security recommendations within the CodeGuru Reviewer Console or the GitHub’s user interface. Users can continually check the quality and security of their code using CI/CD integration, ensuring that they don't miss a recommendation. Users may use GitHub Action from the GitHub Marketplace to execute security reviews and receive suggestions straight from the GitHub user interface in CodeGuru Reviewer.

• It provides Amazon CodeGuru Profiler

Amazon CodeGuru Profiler is continually looking for ways to enhance application performance, identifying users' most "expensive" lines of code and offering fixes to minimise CPU usage, reduce compute costs, and increase application speed. For example, CodeGuru Profiler may indicate when a user's programme is wasting excessive CPU capacity on a logging routine instead of acting on essential business logic.

• It provides profiling of applications in the production which is always-on

Amazon CodeGuru Profiler is meant to operate in production indefinitely with low effort, so users can leave it on all the time and have no effect on application performance. It allows users to profile and diagnose their application using real-world customer traffic patterns, allowing them to quickly identify performance issues. Users can discover and address performance issues in their production apps using profiler data and machine learning-powered advice. A heap summary is also provided by CodeGuru Profiler, allowing users to see what objects are consuming memory at any given time.

• It provides intelligent Recommendations

Amazon CodeGuru Profiler detects performance issues in their application and makes recommendations based on machine learning on how to fix them. These suggestions assist users in identifying and optimising their code's most expensive or resource-intensive methods without needing them to be performance engineers. These enhancements help users save infrastructure costs, minimise latency, and improve the overall end-user experience.

• It provides Anomaly detection

Amazon CodeGuru Profiler examines users' application profiles in real-time and discovers abnormalities in their application's behaviour and methods. Each anomaly is logged in the CodeGuru Profiler console's Recommendation report, where users can view a time series of the method's latency over time, with anomalies marked. When a new anomaly is found, an Amazon SNS notice will be issued if set.