How to Build Repositories and Code Pipeline with Amazon Code Guru

Introduction

In software development, code quality and security are very important. The traditional method of code review was time-consuming and prone to error. In recent innovations, the technical team makes use of cloud computing and machine learning to build a solution for code review like Amazon Code Guru. In this article, we explore the capabilities of Amazon Code Guru and how developers can use it for code quality and security.

Amazon Code Guru

To improve code quality, security, performance, and efficiency, developers use a cloud-based service called Amazon Code Guru. Amazon Code Guru uses machine learning algorithms to analyze your code repositories and provides necessary code quality and security findings.

Amazon Code Guru Features

1. Amazon Code Guru Security: It detects Java, Python, and JavaScript code vulnerabilities. It then suggests ways to improve your code. It additionally checks for hardcoded credentials.
2. Integrations: Amazon Code Guru works flawlessly with major development tools such as AWS CodeCommit, GitHub, and Bitbucket. Amazon CodeGuru Security offers a simple and adaptable API for integrating and detecting vulnerabilities throughout the development lifecycle, including IDEs and continuous integration and delivery (CI/CD).
3. Detection and tracking of bugs: Amazon CodeGuru Security uses machine learning (ML) and automated reasoning to find issues with high precision. It uses powerful algorithms to detect when code is patched and automatically closes detection. This simplifies bug tracking and eliminates the need to manually track bugs.
4. Amazon Code Guru Profiler: Amazon CodeGuru Profiler is constantly looking for ways to improve performance, identifying developers’ most expensive lines of code and providing solutions to fix them to minimize CPU usage, reduce computing costs, and increase application speed.
5. Anomaly Detection: Amazon CodeGuru Profiler continuously examines the user’s application profiles in real-time and detects anomalies in their application behavior and methods. Every anomaly is tracked in the recommendations report in the CodeGuru Profiler console, and you can see a timeline of the method’s latent behavior over time, with outliers clearly highlighted. When a new anomaly is detected, a notification is sent to Amazon SNS if configured.

Architecture Design

Steps to use Amazon CodeGuru Reviewer to secure repositories

1. From the AWS management console, search Amazon CodeGuru
2. Go to the “Getting Started” Drop-Down Menu > Select CodeGuru Reviewer.
3. Click the “Get Started”
4. Under the Associate repository, select the source provider where you have your application code for review. In this case, select “GitHub or Git Enterprise Cloud,” then click Connect to your GitHub account.
5. Enter your git credentials to Sign in to GitHub.
6. Upon successfully logging in to your GitHub account, select the appropriate repository from your GitHub Account that you want to review.
7. Select the branch, click “Associate repository, and run the analysis.”
8. It may take 30 seconds to associate a repository and 5 to 10 minutes to create a full repository analysis.
9. From the left navigation pane of CodeGuru, under Reviewer, select Repositories. You will find the repository you want to associate
10. Now, from the left navigation pane of CodeGuru, under Reviewer, select Code Reviews. In Code reviews, select Full Repository Analysis. You will find the repository you associated with CodeGuru and some recommendations.
11. Select the repository, and you will find detailed information about all recommendations for your code.
12. 
13. 

Integrate Amazon Code Guru service in the pipeline

If you want to automate the code review for your code, then you need to integrate Amazon CodeGuru into the code pipeline.

1. Search and open the Amazon CodeGuru service. From the left navigation pane under security, select Integration
2. Select Integration with AWS code pipeline
3. Follow the step 1 and step 2 to integrate Amazone CodeGuru service with AWS Code Pipeline.
4. Step 1: Create stack
5. Stack is created successfully
6. Explore the IAM role and find the CodeGuru You can get a new role with the below permissions.AmazonCodeGuruSecurityScanAccess, CodeGuruSecurityCodebuildAccessRole
7. Open the AWS CodePipeline console. Choose the pipeline (devops) you want to integrate with the CodeGuru service. Edit the existing pipeline devops
8. Add new stage after source stage.
9. Write the stage name and add stage.
10. For the stage you just created (CodeReview), choose to Add action group
11. Create an action group and save
12. Now, make some changes in your application code or from the code pipeline, click release changes, and wait and watch the pipeline execution. You will get the below output.
13. After the successful completion of the CodeReview service, go to the Amazon code guru service > In the left navigation pane under security, explore scans, and you can see some scan results. If any findings are present in your code, then you will get findings in scans.

About CloudThat

Established in 2012, CloudThat is a leading Cloud Training and Cloud Consulting services provider in India, USA, Asia, Europe, and Africa. Being a pioneer in the Cloud domain, CloudThat has special expertise in catering to mid-market and enterprise clients in all the major Cloud service providers like AWS, Microsoft, GCP, VMware, Databricks, HP, and more. Uniquely positioned to be a single source for both training and consulting for cloud technologies like Cloud Migration, Data Platforms, DevOps, IoT, and the latest technologies like AI/ML, it is a top-tier partner with AWS and Microsoft, winning more than 8 awards combined in 11 years. Recently, it was recognized as the ‘Think Big’ partner from AWS and won the Microsoft Superstars FY 2023 award in Asia & India. Leveraging their position as a leader in the market, CloudThat has trained 650k+ professionals in 500+ cloud certifications and delivered 300+ consulting projects for 100+ corporates in 28+ countries.