Code Quality and Security Ensured With CI/CD Experience for Github Actions

With the CI/CD integration with GitHub actions, the new norm is advanced code scrutiny and airtight security experience with the Java detectors.


On June 24, 2021, Amazonannounced the CI/CD integration of its ML-based code scanning Amazon CodeGuru Reviewer with GitHub actions.

CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation
CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation
Key Facts
  1. 1

    Instead of being a wholesome process, code security and quality analysis have been reduced to a step in CI Workflow.

  2. 2

    Amazon introduced over 20 CodeGuru Reviewer detectors that support Java code.

  3. 3

    Amazon allows a mega review discount - 100,000 lines of code freely, for 90 days.


Amazon Web Services have introduced a new CI/CD Experience for Amazon CodeGuru Reviewer with GitHub actions. This improvement and the introduction of 20 new detectors to review Java code come a little over a year since Amazon CodeGuru Reviewer (ACR) released into general availability. It is one of many tools with their automation mechanism built on the understanding and implementation of AI and ML, just like the most recent IBM masterpiece.

ACR has been compared to a similar machine learning-based tool, DevOps Guru, developed by the same company, Amazon. CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation. However, while CodeGuru Reviewer delves into code structure, DevOps Guru is designed to detect and fix errors and provide suggestions for an application's entire operational structure. It also wields automatic mechanisms in detection, debugging and fixing complications, saving valuable time. Developers could eliminate ordinary slight negligence causing unprecedented application collapse with DevOps Guru.

Its fundamental function is quite simple. This tool is automated with the knowledge of machine learning to scan and spot hidden, microscopic flaws inside lines of code and provide improvement suggestions. Now the cloud company is implementing new functions - CI/CD experience that eliminates the concept of running quality and security analysis as a process, reducing it to just a quick and easy step in configuring CI workflows and security support for Java code, introducing over 20 new security exposure detectors to run through CodeGuru Reviewer. Machine learning and autonomous reasoning technology are used to create these detectors. For training, they employ over 100,000 Amazon and open source code libraries and the experience of the AWS application security team to ensure that they are both accurate and adaptable in a continuously evolving landscape.

Running analysis on the CodeGuru console remains commonplace; developers can also leverage CodeGuru Reviewer recommendations from GitHub UI to fix problems around code security.

Developers can continue to use the CodeGuru console as your analysis hub and view CodeGuru Reviewer recommendations from within the GitHub UI to get guidance on how to find and fix code issues and security vulnerabilities. A scan of altered lines of code is triggered in submitting pull requests or pushing a change to the master branch, while a full scan of the repository is triggered when a pipeline run is scheduled.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

DevOps and Downed Systems: How to Prepare

Downed systems can cost thousands of dollars in immediate losses and more in reputation damage …

Cloud: AWS Improves the Trigger Functions for Amazon SQS

The improved AWS feature allows users to trigger Lambda functions from an SQS queue.

Google Takes Security up a Notch for CI/CD With ClusterFuzzLite

Google makes fuzzing easier and faster with ClusterFuzzLite

HashiCorp Announces Vault 1.9

Vault 1.9 released into general availability with new features

Azure Container Apps: This Is What You Need to Know

HTTP-based autoscaling and scale to zero capability on a serverless platform