Amazon CodeGuru Security is a static code analysis tool in early preview developed by AWS, which uses Machine Learning to detect security flaws within your codebase.

What does CodeGuru Security do?

CodeGuru can detect security vulnerabilities such as resource leaks, hardcoded credentials and weak cryptography within you code.

It will then produce a set of findings with these vulnerabilities which will include some suggested remediations, you'll also be provided which metrics based on these findings so you can monitor your applications security posture over time.

How can you use CodeGuru?

Currently CodeGuru can be used via the AWS CLI, via an IDE integration or configured within your CI/CD pipeline. It also has integrations with GitHub, GitLab and AWS CodePipeline.

Currently, if you want to integrate CodeGuru security into your IDE and you're not using SageMake Studio or JupyterLab, and instead are using VSCode or JetBrains IDEs, you can access a similar set of features via Amazon Q.

What languages does CodeGuru support?

CodeGuru supports most of the major languages in use today such as Python, TypeScript, Go along with C, C++, C# and more (sadly no Rust at the moment), along with IaC languages such as CloudFormation, Terraform and AWS CDK (currently only supported with Python and TypeScript).

Within a subset of these languages CodeGuru is able to use generative AI to not only suggest remediations but create actually code snippets which you can implement within you codebase.