My experience learning and using AWS CodeGuru
CodeGru as AWS describes it, a Machine Learning based service that automates code reviews and performance testing. Amazon trained the model behind the service using millions of lines of code from open source repos as well as Amazon code projects.
It has two parts, one, Reviewer, does code review by scanning line by line of your code once a pull request is initiated, and the other part, Profiler,tracks the performance of your code on the run time. For now Reviewer only work for Python and Java.
Let’s dive into more detail of each part:
Reviewer:
CodeGuru Reviewer checks for:
- Concurrency issues
- Potential race conditions
- Unsanitized or malicious inputs
- Resource leaks
- Inappropriate handling of sensitive data such as credentials that can lead to injection attacks or denial of service
Reviewer has extra offering to check security issues in Java codebase. Since I am mostly working in Python, I won’t go security offering for Java codebase.
Reviewer support Github, Github Enterprise Server, Bitbucket and of course AWS CodeCommit repositories. For the sake of this article and my own purposes, I will be using Github repo.
To start with, one needs to have an AWS account and activate CodeGuru service. Don’t forget to check the pricing, which AWS offer free tier uru usage at no cost for 90 days of starting the service.
Once you have the account and enabled the service, you need to associate a repository with the Reviewer.
CodeGuru Console → Associate Repository →Select Github →Allow CodeGuru to access your Github →Choose a repo →Done
Below how it looks once you associated your repository:
After association, CodeGuru, starts listening on your repo for Pull Requests. The review is triggered once a pull request is approved and merged. To me it would have been better if it triggered once the PR created and gives recommendation for the code before it is merged.
Below how it looks when it finished reviewing and while reviewing:
And once you click a result of a review, below how it looks:
Apparently it didn’t give any recommendation, maybe because it is a small project and there are not many lines of code and I am a Python master :)).
I will be testing the service with bigger repos and editing this article once I find a different result.
Also I will be checking Profiler and CI/CD integration.
References: