Code Quality and Security Ensured With CI/CD Experience for Github Actions

With the CI/CD integration with GitHub actions, the new norm is advanced code scrutiny and airtight security experience with the Java detectors.


On June 24, 2021, Amazonannounced the CI/CD integration of its ML-based code scanning Amazon CodeGuru Reviewer with GitHub actions.

CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation
CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation
Key Facts
  1. 1

    Instead of being a wholesome process, code security and quality analysis have been reduced to a step in CI Workflow.

  2. 2

    Amazon introduced over 20 CodeGuru Reviewer detectors that support Java code.

  3. 3

    Amazon allows a mega review discount - 100,000 lines of code freely, for 90 days.


Amazon Web Services have introduced a new CI/CD Experience for Amazon CodeGuru Reviewer with GitHub actions. This improvement and the introduction of 20 new detectors to review Java code come a little over a year since Amazon CodeGuru Reviewer (ACR) released into general availability. It is one of many tools with their automation mechanism built on the understanding and implementation of AI and ML, just like the most recent IBM masterpiece.

ACR has been compared to a similar machine learning-based tool, DevOps Guru, developed by the same company, Amazon. CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation. However, while CodeGuru Reviewer delves into code structure, DevOps Guru is designed to detect and fix errors and provide suggestions for an application's entire operational structure. It also wields automatic mechanisms in detection, debugging and fixing complications, saving valuable time. Developers could eliminate ordinary slight negligence causing unprecedented application collapse with DevOps Guru.

Its fundamental function is quite simple. This tool is automated with the knowledge of machine learning to scan and spot hidden, microscopic flaws inside lines of code and provide improvement suggestions. Now the cloud company is implementing new functions - CI/CD experience that eliminates the concept of running quality and security analysis as a process, reducing it to just a quick and easy step in configuring CI workflows and security support for Java code, introducing over 20 new security exposure detectors to run through CodeGuru Reviewer. Machine learning and autonomous reasoning technology are used to create these detectors. For training, they employ over 100,000 Amazon and open source code libraries and the experience of the AWS application security team to ensure that they are both accurate and adaptable in a continuously evolving landscape.

Running analysis on the CodeGuru console remains commonplace; developers can also leverage CodeGuru Reviewer recommendations from GitHub UI to fix problems around code security.

Developers can continue to use the CodeGuru console as your analysis hub and view CodeGuru Reviewer recommendations from within the GitHub UI to get guidance on how to find and fix code issues and security vulnerabilities. A scan of altered lines of code is triggered in submitting pull requests or pushing a change to the master branch, while a full scan of the repository is triggered when a pipeline run is scheduled.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …