The Amazon Web Services’ CodeGuru Reviewer Tool’s ‘detectors’ has been updated to seek out potential flaws like the recently disclosed Log4J bug.
Two new features are now available for CodeGuru Reviewer, an AWS scanner that uses machine learning to check code during reviews and suggest improvements. The tool aims to improve reviews in the context of continuous integration processes (CI/CD) developed by developers with source codes stored on GitHub or Bitbucket; after they commit their work onto these platforms, it will be easy for them to add CodeGuru Reviewer as a code reviewer.
This past year, the company added new features to help flesh out their security checks. The first is CodeGuru Reviewer Secrets Detector which detects risky hardcoded secrets in source code and configuration files for Java or Python applications like passwords (and API access keys).
With the new features for CodeGuru Review, which includes the ‘Detector Library,’ you can now detect common security flaws affecting Java and Python web applications as well as several detectors specifically aimed at Log4Shell-like log injection.
The detector library is a great resource for reviewing the many different types of vulnerabilities that can occur in your code. It contains information about each security issue, including its severity and how it may affect an application process or system functionality. With over 91 Java and 69 Python detectors to choose from, the library’s comprehensive security system has you covered.
References:
- https://aws.amazon.com/blogs/aws/new-for-amazon-codeguru-reviewer-detector-library-and-security-detectors-for-log-injection-flaws/
- https://www.zdnet.com/article/awss-ai-code-reviewer-now-spots-log4shell-like-bugs-in-java-and-python-code/
