{"id":60704,"date":"2024-03-24T18:09:45","date_gmt":"2024-03-24T12:39:45","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=60704"},"modified":"2024-03-27T18:28:16","modified_gmt":"2024-03-27T12:58:16","slug":"aws-codeguru","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/aws-codeguru\/","title":{"rendered":"AWS CodeGuru"},"content":{"rendered":"

Introduction<\/h2>\n

AWS CodeGuru utilizes Machine Learning and Automated Reasoning to identify security and quality issues in your application code, offering guidance on addressing and resolving them.<\/p>\n

It provides a comprehensive offering of functionalities like:<\/p>\n

\u25cf Code Review with Amazon CodeGuru Reviewer:<\/b> This tool Profiler visualizes your application performance, showing you the methods that take the most time and CPU capacity to execute. This helps you diagnose and isolate the root causes of application issues during operational events much faster.<\/p>\n

\u25cf Performance Profiling with Amazon CodeGuru Profiler:<\/b> This tool Profiler visualizes your application performance, showing you the methods that take the most time and CPU capacity to execute. This helps you diagnose and isolate the root causes of application issues during operational events much faster.<\/p>\n

\u25cf Code Testing with <\/b>CodeGuru Security<\/b>:<\/b> This feature functions as a static application security testing (SAST) tool, leveraging the power of Machine Learning and Automated Reasoning. It detects vulnerabilities in your code, offers recommendations for addressing them, and monitors the status of these vulnerabilities until they are resolved.<\/p>\n

Scenario<\/h2>\n

In this article, we will be implementing how we can use CodeGuru to perform the following:<\/p>\n

    \n
  • Code review<\/li>\n
  • Performance Profiling<\/li>\n
  • Code Testing<\/li>\n<\/ul>\n

    Implementation<\/h2>\n

    CloudGuru Security<\/h3>\n

    It detects vulnerabilities in your code, offers recommendations for addressing them, and monitors the status of these vulnerabilities until they are resolved. Follow the below steps to perform the scan:<\/p>\n

    1. Integrate GitHub or any Version Control System.<\/h3>\n

    To do so, go to the integration section.<\/p>\n

    \"\"<\/p>\n

    As you see, the above image has an option for GitHub. Click on integrate with GitHub, and you will see the option to integrate GitHub. Fill in the details by following the given steps.<\/p>\n

    Step 1<\/strong><\/h2>\n

    \u25cf Create an IAM role: <\/b>It creates a CloudFormation stack that automatically sets up an IAM role with the required permissions for your workflow to run security scans. After creating the stack, come back to this page to continue setting up your pipeline integration, or we can create it manually.<\/p>\n

    \"\"<\/p>\n

    Step 2<\/strong><\/h2>\n

    \u25cf Create a Custom workflow in GitLab: <\/b>You’ll need to craft a custom workflow for your repository. Think of it as your personalized roadmap with steps and actions to make those security scans happen. Once your workflow file is in place, CodeGuru will automatically roll out code scans whenever the events outlined in the file come into play. It’s like having your own security guardian for your code. The process to create workflow is given in the integration process.<\/p>\n

    Step 3<\/strong><\/h2>\n

    \u25cf View scan results: <\/b>After creating the workflow, CodeGuru Security will automatically run scans based on the events that you have defined in the workflow file. To view a scan and its findings, go to the Scans page and choose the scan you want to view. On the scan details page, choose the Findings tab to see the findings generated by that scan.<\/p>\n

    \u25cf <\/strong>Then click on complete<\/strong>.<\/p>\n

    2. How to Setup Scans<\/h3>\n

    \u25cf First, click on the Scan option.<\/p>\n

    \"\"<\/p>\n

    \u25cf Then click on Create new scan.<\/p>\n

    \"\"<\/p>\n

    \u25cf Upload the zip file of your code.<\/p>\n

    \u25cf Enter the scan name.<\/p>\n

    \u25cf Then click on Create Scan.<\/p>\n

    \u25cf After some time, you will see your scan has been created.<\/p>\n

    \"\"<\/p>\n

    Now click on that scan, and you will see the overview and findings of your uploaded code. As you see in below screenshot in my code, I got one finding Overflow when deserializing relational database objects<\/b> in Java code, which says, \u201cDeserializing objects from relational databases should allocate a 64-bit, not 32-bit, type for the auto-incremented identifier\u201d <\/b>and if click on your finding, it gives you full details of the vulnerability and also it\u2019s recommendations.<\/p>\n

    \"\" \"\" \"\" \"\"<\/p>\n

    CloudGuru Reviewer<\/h2>\n

    We will find issues in the Java and Python code and see recommendations on how to remediate them using CloudGuru Reviewer by following the below steps:<\/p>\n

    1.<\/strong> Click on repositories.<\/p>\n

    \"\"<\/p>\n

    2.<\/strong> Then click on the Associate repository and run analysis.<\/p>\n

    3.<\/strong> Click on Connect to your Github account, it automatically connects with your account as you have already integrated your Github account in previous steps.<\/p>\n

    4.<\/strong> Then select the repository.<\/p>\n

    5<\/strong>. Enter the name of your branch where your code is pushed.<\/p>\n

    6.<\/strong> Lastly click on Associate repository and run analysis<\/p>\n

    \"\"<\/p>\n

    Now go to the Code Review option.\"\"<\/p>\n

    7.<\/strong> Then Click on the Full repository analysis.<\/p>\n

    \"\"<\/p>\n

    8.<\/strong> Click on Name of repository, you will see reviews of your code as you can see in below screenshot it gives a review at a particular code of line which recommends that you add final in the selected lines so that it is consistent with 3 other similar occurrences in your code. So that\u2019s how you will get recommendations of each particular line in your code where it sees there is a scope of improvement.<\/p>\n

    \"\"<\/p>\n

    CloudGuru Profiles<\/h2>\n

    Here we will visualize the application performance, by checking the methods that take the most time and CPU capacity to execute by following below steps:<\/p>\n

    Process to create profile groups.<\/p>\n

    1.<\/strong> Click on Profile Groups<\/p>\n

    \"\"<\/p>\n

    2.<\/strong> Then click on create profiling groups.<\/p>\n

    \"\"<\/p>\n

    3.<\/strong> Enter Profile name and select the option where your application is running as you see in above screenshot.<\/p>\n

    4.<\/strong> Then click on create, you will see your profile has been created.<\/p>\n

    5.<\/strong> Now click on your created profile<\/p>\n

    \"\"<\/p>\n

    6.<\/strong> Follow the instructions given in the above screenshot and connect with your agent i.e your server where the application is running.<\/p>\n

    7.<\/strong> Wait for 10-15 minutes until your profile will be completed.<\/p>\n

    8.<\/strong> After that you will see that your profile has been created.<\/p>\n

    9.<\/strong> Click on any profile to see the outcome with recommendations to improve your application server.<\/p>\n

    \"\"<\/p>\n

    Key Features<\/h2>\n

    \u25cf Machine Learning:<\/b> CodeGuru Security goes beyond traditional SAST tools by incorporating machine learning algorithms. This enables it to understand your code’s context, making the detection of potential security issues more accurate and insightful.<\/p>\n

    \u25cf Automated Reasoning:<\/b> The tool employs automated reasoning, adding a layer of intelligent analysis to identify complex vulnerabilities that might be overlooked by conventional static analysis tools. This ensures a comprehensive and robust security assessment.<\/p>\n

    \u25cf Actionable Recommendations:<\/b> CodeGuru Security doesn’t stop at pointing out weaknesses. It excels in offering clear, actionable recommendations on how to address identified vulnerabilities. This empowers developers with the knowledge and guidance needed to enhance the security posture of their applications.<\/p>\n

    \u25cf Vulnerability Tracking:<\/b> Keeping tabs on the status of identified vulnerabilities is crucial. CodeGuru Security simplifies this process by providing a streamlined approach to track vulnerabilities from their discovery through to closure. This aids in maintaining a proactive and organized security response.<\/p>\n

    Supported environments or Integrations<\/h2>\n
      \n
    • \n

      CodeGuru Security (Preview)<\/b><\/h3>\n<\/li>\n<\/ul>\n
        \n
      1. Java, Python, JavaScript, TypeScript, C#, CloudFormation, and Terraform<\/li>\n
      2. GitHub, Bitbucket, GitLab, AWS CodePipeline, AWS CLI, IDE, JupyterLab Notebooks, SageMaker Studio Notebooks, Amazon Inspector<\/li>\n
      3. You will find detailed information about CodeGuru’s security and code quality detectors in the provided link below. https:\/\/docs.aws.amazon.com\/codeguru\/detector-library\/<\/li>\n<\/ol>\n
          \n
        • \n

          CodeGuru Profiler<\/b><\/h3>\n<\/li>\n<\/ul>\n
            \n
          1. Java and other JVM languages, Python<\/li>\n
          2. EC2, EKS, ECS, Fargate, Lambda, or on-premises<\/li>\n<\/ol>\n

            CodeGuru Reviewer<\/b><\/p>\n

              \n
            1. Java, Python<\/li>\n
            2. GitHub, GitHub Enterprise, CodeCommit, Bitbucket<\/li>\n
            3. <\/li>\n<\/ol>\n

              Conclusions<\/h2>\n

              AWS CodeGuru integrates machine learning and automated reasoning to enhance code security, performance, and quality. CodeGuru Security employs ML and automated reasoning for accurate vulnerability detection, providing actionable recommendations and streamlined vulnerability tracking. CodeGuru Profiler visualizes application performance, and CodeGuru Reviewer automates code review with language support for Java and Python. The tool’s versatility extends to various languages, version control systems, and cloud environments, offering a comprehensive solution for developers seeking intelligent insights and improvements in their applications.<\/p>\n

              Follow us for more such blogs on trending topics like GitHub.<\/p>\n

              <\/div>","protected":false},"excerpt":{"rendered":"

              Introduction AWS CodeGuru utilizes Machine Learning and Automated Reasoning to identify security and quality issues in your application code, offering guidance on addressing and resolving them. It provides a comprehensive offering of functionalities like: \u25cf Code Review with Amazon CodeGuru Reviewer: This tool Profiler visualizes your application performance, showing you the methods that take the […]<\/p>\n","protected":false},"author":1740,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":16},"categories":[2348],"tags":[5697],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/60704"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/1740"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=60704"}],"version-history":[{"count":5,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/60704\/revisions"}],"predecessor-version":[{"id":60998,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/60704\/revisions\/60998"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=60704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=60704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=60704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}