How to Build Repositories and Code Pipeline with Amazon Code Guru

Introduction

In software development, code quality and security are very important. The traditional method of code review was time-consuming and prone to error. In recent innovations, the technical team makes use of cloud computing and machine learning to build a solution for code review like Amazon Code Guru. In this article, we explore the capabilities of Amazon Code Guru and how developers can use it for code quality and security.

Amazon Code Guru

To improve code quality, security, performance, and efficiency, developers use a cloud-based service called Amazon Code Guru. Amazon Code Guru uses machine learning algorithms to analyze your code repositories and provides necessary code quality and security findings.

Amazon Code Guru Features

1. Amazon Code Guru Security: It detects Java, Python, and JavaScript code vulnerabilities. It then suggests ways to improve your code. It additionally checks for hardcoded credentials.
2. Integrations: Amazon Code Guru works flawlessly with major development tools such as AWS CodeCommit, GitHub, and Bitbucket. Amazon CodeGuru Security offers a simple and adaptable API for integrating and detecting vulnerabilities throughout the development lifecycle, including IDEs and continuous integration and delivery (CI/CD).
3. Detection and tracking of bugs: Amazon CodeGuru Security uses machine learning (ML) and automated reasoning to find issues with high precision. It uses powerful algorithms to detect when code is patched and automatically closes detection. This simplifies bug tracking and eliminates the need to manually track bugs.
4. Amazon Code Guru Profiler: Amazon CodeGuru Profiler is constantly looking for ways to improve performance, identifying developers’ most expensive lines of code and providing solutions to fix them to minimize CPU usage, reduce computing costs, and increase application speed.
5. Anomaly Detection: Amazon CodeGuru Profiler continuously examines the user’s application profiles in real-time and detects anomalies in their application behavior and methods. Every anomaly is tracked in the recommendations report in the CodeGuru Profiler console, and you can see a timeline of the method’s latent behavior over time, with outliers clearly highlighted. When a new anomaly is detected, a notification is sent to Amazon SNS if configured.

Architecture Design

Steps to use Amazon CodeGuru Reviewer to secure repositories

1. From the AWS management console, search Amazon CodeGuru
2. Go to the “Getting Started” Drop-Down Menu > Select CodeGuru Reviewer.
3. Click the “Get Started”
4. Under the Associate repository, select the source provider where you have your application code for review. In this case, select “GitHub or Git Enterprise Cloud,” then click Connect to your GitHub account.
5. Enter your git credentials to Sign in to GitHub.
6. Upon successfully logging in to your GitHub account, select the appropriate repository from your GitHub Account that you want to review.
7. Select the branch, click “Associate repository, and run the analysis.”
8. It may take 30 seconds to associate a repository and 5 to 10 minutes to create a full repository analysis.
9. From the left navigation pane of CodeGuru, under Reviewer, select Repositories. You will find the repository you want to associate
10. Now, from the left navigation pane of CodeGuru, under Reviewer, select Code Reviews. In Code reviews, select Full Repository Analysis. You will find the repository you associated with CodeGuru and some recommendations.
11. Select the repository, and you will find detailed information about all recommendations for your code.
12. 
13. 

Integrate Amazon Code Guru service in the pipeline

If you want to automate the code review for your code, then you need to integrate Amazon CodeGuru into the code pipeline.

1. Search and open the Amazon CodeGuru service. From the left navigation pane under security, select Integration
2. Select Integration with AWS code pipeline
3. Follow the step 1 and step 2 to integrate Amazone CodeGuru service with AWS Code Pipeline.
4. Step 1: Create stack
5. Stack is created successfully
6. Explore the IAM role and find the CodeGuru You can get a new role with the below permissions.AmazonCodeGuruSecurityScanAccess, CodeGuruSecurityCodebuildAccessRole
7. Open the AWS CodePipeline console. Choose the pipeline (devops) you want to integrate with the CodeGuru service. Edit the existing pipeline devops
8. Add new stage after source stage.
9. Write the stage name and add stage.
10. For the stage you just created (CodeReview), choose to Add action group
11. Create an action group and save
12. Now, make some changes in your application code or from the code pipeline, click release changes, and wait and watch the pipeline execution. You will get the below output.
13. After the successful completion of the CodeReview service, go to the Amazon code guru service > In the left navigation pane under security, explore scans, and you can see some scan results. If any findings are present in your code, then you will get findings in scans.

About CloudThat