Amazon has updated CodeGuru to detect hardcoded secrets, such as usernames and passwords, database connection strings, tokens, and API keys from AWS in Java and Python repositories.

As we reported back in July 2020, CodeGuru is a developer tool that uses machine learning to identify potential security vulnerabilities, ways code quality could be improved, and which areas of code are the most expensive in terms of system resources.

This latest update adds a secrets detector feature that searches your codebase for hardcoded secrets. What Amazon means by secrets are things such as usernames and passwords, database connection strings, tokens, and API keys from AWS and other service providers. CodeGuru can identify the locations of such items, and will provide a recommendation that can be acted upon. The recommendation links to AWS Secrets Manager where developers can point and click to make the vulnerable information secure.

When you add a new repository to Amazon CodeGuru Reviewer, secrets detector will automatically search Python and Java source, in addition to configuration and documentation files, for information that should be secured.

CodeGuru Reviewer then integrates with your pull request workflow or CI/CD pipeline, and warns of new vulnerabilities as they arise.

On the AWS News blog,  Alex Casalboni explains:

These new detectors use machine learning (ML) to identify hardcoded secrets as part of your code review process, ultimately helping you to ensure that all new code doesn’t contain hardcoded secrets before being merged and deployed. In addition to Java and Python code, secrets detectors also scan configuration and documentation files. CodeGuru Reviewer suggests remediation steps to secure your secrets with AWS Secrets Manager, a managed service that lets you securely and automatically store, rotate, manage, and retrieve credentials, API keys, and all sorts of secrets.

This new functionality is included as part of the CodeGuru Reviewer service at no additional cost. 

More Information

Amazon CodeGuru

Related Articles

Amazon CodeGuru Now Available

Code Guru For Automated Code Review

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info