Amazon CodeGuru is a machine learning service that provides code reviews and application performance recommendations, which help developers to improve the development process and helps in reducing overall development costs! In this blog, you can explore everything about CodeGuru including how to integrate it into the development workflow of the Python application.
In this blog, we will cover :
- What is Amazon CodeGuru?
- Why do we need it?
- How does it work?
- Benefits of using Amazon CodeGuru
- What languages does it support?
- Security Detectors for Amazon CodeGuru
- Use Cases
- Previous challenges
- Who is using Amazon CodeGuru?
- Review the code quality for uploaded Python files in a repository on GitHub as well as continuously monitor the code updates via reviewing the pull request created for each code update
What is Amazon CodeGuru?
Amazon CodeGuru is a developer tool that gives intelligent recommendations to boost your code quality and determine an application’s costliest lines of code. Amazon CodeGuru offers two services, the CodeGuru Reviewer service and the CodeGuru Profiler service. When CodeGuru is integrated into a previously developed software code it automatizes code reviews throughout the application development via the CodeGuru Reviewer service followed by regular monitoring of the application’s performance under production via the CodeGuru Profiler service. Moreover, CodeGuru offers recommendations and visual clues for rising code quality and application performance and scaling back overall price.
“CodeGuru observes your application, and every five minutes it creates a profile. It tells you things like latency and CPU utilization, and it helps you identify the most expensive lines of code in your application,” Andy Jassy, AWS CEO.
Why do we need Amazon CodeGuru?
Once we proceed with the application development, we often end up with a lot of code errors or miss out on something important. For files containing thousands of lines of code, it is very normal to make minute mistakes or repeat certain sections of code that are very difficult to trace. Amazon CodeGuru thus takes off the burden of reviewing the quality of the code and tracing the mistakes to help developers update the code immediately and focus more on application development. Other aspects provided by Amazon CodeGuru are:
- Code quality improvement – CodeGuru evolves with users’ feedback.
- Effective Troubleshooting – Provides actionable recommendations to fix identified issues.
- GitHub integration
- Performance improvement
How does it work?
CodeGuru is powered by machine learning whose key roles are to provide the following two functionalities:
- Reviewer: provides machine-driven code reviews for static code analysis
- Profiler: provides visibility into and proposals concerning application performance throughout the runtime
| Parameters | Reviewer | Profiler |
| Key Function | Reviews code and identifies any defects and issues within source code | Responsible for application performance optimizations, identifying the most “expensive” lines of code, and recommending ways to fix them. |
| Cost-Effectiveness | Does Not require any extra cost | Cut compute costs, and improve application performance. |
| Performance | Push requests to make incremental changes in code to meet the quality standards. | Analyzes the runtime behavior of an application and provides visualized recommendations to reduce CPU utilization. |
Benefits of using CodeGuru
Let’s have a look at some of the major benefits of using Amazon CodeGuru for automating the code reviewal process:
- Instantly improve code quality by continuous monitoring: For every pull request initiated, the CodeGuru Reviewer service automatically analyzes the updated codes and posts the recommendations for the pull request. Additionally, it supports code base scan for periodic code maintainability and ensures your code quality is consistent.
- Decode problems before they hit the production environment: CodeGuru Reviewer service analyzes existing codebases within the repository and then identifies hard-to-find bugs and important problems with high accuracy. It also provides intelligent suggestions for best practices and creates a baseline for ordered code reviews.
- Security Fix Suggestions: The CodeGuru reviewer identifies security vulnerabilities in the top 10 OWASP categories and helps your code follow best practices for KMS, EC2 APIs, and common Java crypto and TLS/SSL libraries. When the security detector discovers a problem, it provides a recommendation for rectification along with proof of why it suggests the code improvement, thereby following the application-specific security best practices.
What languages does it support?
Amazon CodeGuru has recently started accepting application codes written in Python. Before this, it could just compile the JAVA code as CodeGuru was only operating applications running on JAVA Virtual Machine(JVM).
Python support for Amazon CodeGuru: This can improve the Python code of your applications in multiple categories such as concurrency, data structures, control flow, scientific/math operations, error handling, using the standard library, and of course following the AWS best practices. Focusing on parts by helping you to reduce infrastructure costs and improve application performance.
Security Detectors for CodeGuru
The CodeGuru reviewer security detector is a new feature that uses automated reasoning to research all the code methods and notice potential security problems deep inside your code including the ones that span across multiple files that could involve multiple sequences of operations. The Security Detector also identifies the security vulnerabilities amongst the top 10 Open Web Application Security Project (OWASP) categories, such as weak hash encryption, SQL injection, etc. Thus, the detector makes it easier to follow the security best practices as it not only provides suggestions but also explanations.
Use Cases
- Code Analysis – CodeGuru acts like an additional code reviewer which is up to date in the industry and also Amazon best practices.
- Application Profiling – CodeGuru continuously runs even during and after production with minimal impact on your running application, and helps you in understanding the live application performance activities.
Previous challenges?
Before the launch of Amazon CodeGuru, developers were wasting most of their time debugging the application to trace minute mistakes. Major issues involved memory leaks, race conditions, stack overflow, etc. which results to be very costly in terms of time and effort. For beginners, most of the time multiple test case executions are effortless when they have less knowledge of these types of scenarios.
Who is using Amazon CodeGuru?
Let’s do hands-on
Consider a scenario where we have multiple files with python codes in a repository and pull requests created for each code update which are to be reviewed to ensure the code quality is at its best and receive recommendations to improve the quality using Amazon CodeGuru Reviewer Service.
To implement this, we will do the following:
- Log in to your GitHub account
- Create a new repository or use an existing one (if any)
- Add the python files to the repository
- Navigate to the Amazon CodeGuru Reviewer service and associate the newly created Git repository
- Create a new repository analysis on the Amazon CodeGuru console
- View the recommendations and update the code accordingly
- Create a pull request on GitHub adding the updated python files into a new branch in the repository
- View the recommendations for the newly created pull request on the Amazon CodeGuru console
- Update the code based on the recommendations (if any) provided by the CodeGuru Reviewer service and merge the pull request to the main branch
- Create a new repository analysis via the CodeGuru console for a final review of all the code files in the repository and thus, ensure their quality
Navigate to ‘https://github.com/login’ and login into your GitHub account.
Now, create a new repository or use an existing one (if any).
For this blog, we will be adding two files in a branch in the repository we created on GitHub with some code in them for AWS CodeGuru Reviewer to review the code and provide us with suggestions to improve the code quality.
File 1: LambaFunction1.py
File 2: LambdaFunction2.py
After uploading the files on GitHub, you will see the list of files as shown below.
Navigate to the AWS CodeGuru console. You can get started by selecting the ‘CodeGuru Reviewer’ service on the home page of the AWS CodeGuru console and then click on ‘Get started’ to immediately start using the ‘Reviewer’ service but in this blog, we will first navigate to the Dashboard to have a look and feel of AWS CodeGuru Reviewer Console and then start with the usage of the ‘CodeGuru Reviewer’ service. Now, click on the ‘Dashboard’ in the left navigation pane.
The Dashboard of AWS CodeGuru gives an overview of how many lines of code were reviewed, the pull requests created and the count of recommendations provided as well as the profiling groups (if any created). Click on ‘Repositories’ in the left navigation pane.
Click on ‘Associate repository’ to link the GitHub repository to AWS CodeGuru Reviewer.
Now, select ‘GitHub or GitHub Enterprise Cloud’, Connect to your GitHub account (when prompted, authorize CodeGuru Reviewer service to connect), select the repository you created on GitHub which has the code to be reviewed, add ‘Tags’ (if any) and click on ‘Associate’.
On associating the repository, you will see the status as ‘Associating’.
After some time, hit ‘refresh’ and the status will be updated to ‘Associated’. Once associated, click on ‘Code Reviews’ in the left navigation pane.
Now, select the ‘Repository analysis’ tab.
Click on ‘Create repository analysis’ to create a new analysis for the code in the GitHub repository to be reviewed.
Select ‘Code recommendations’ to let CodeGuru Reviewer service scan through your code added in different files in your GitHub repository and provide recommendations. Select the repository that contains the files of codes to be reviewed and select the branch in which the files are stored in the GitHub repository. In the ‘Additional settings’ you can add a name for the repository analysis or use the existing one. Click on ‘Create repository analysis’.
Once done, you will see a new repository analysis entry created under the ‘repository analysis’ tab with the status as ‘Pending’. AWS CodeGuru Reviewer service takes about 5 to 10 minutes to review all the files with codes in the repository and provide recommendations to improve the code quality.
After 5 to 10 minutes, hit ‘refresh’ and the status will be updated to ‘Completed’ and you will see the recommendations count provided by the CodeGuru Reviewer service in the recommendations column. Now, Click on the repository analysis name to view the details.
Under the ‘Recommendations’ section, you will see the recommendations provided along with the file name and the line number.
Once you click on any of the recommendations, you will be navigated to that file, and on that line number in your GitHub repository for which the recommendation is provided. The line number for which the recommendation is provided will be highlighted as shown below.
AWS CodeGuru Reviewer can also review the ‘Pull Requests’ created for numerous code updates/changes.
Navigate to the GitHub repository and create a new branch. Now, as the recommendations provided by AWS CodeGuru Reviewer, update and add the code to the files ‘LambdaFunction1.py’ and ‘LambdaFunction2.py’ as shown below.
File 1: LambdaFunction1.py
File 2: LambdaFunction2.py
Upload the updated files ‘LambdaFunction1.py’ and ‘LambdaFunction2.py’ file to a new branch created above in the GitHub repository. Once done, you will be able to view the files in the new branch. Now, click on ‘Pull request’.
Click on ‘Create pull request’ and navigate to the AWS CodeGuru Reviewer console.
Under the ‘Pull request’ tab you will see a new entry created with the status as ‘Pending’.
After a few minutes, hit ‘refresh’. On successful completion, the status will be updated to ‘Completed’ and you will see the recommendations count (if any) for the files with codes you just updated in your newly created branch. Since the updated codes were of the best quality, the recommendations count is shown as ‘0’ for the pull request entry.
If any recommendations are provided, you can update the code again, create a new Pull Request on GitHub and you will see a new entry created under the Pull Request tab. Note that the ‘Pull request’ section only reviews the newly added files with codes whereas the ‘Repository analysis’ section on creating a new analysis, will review the code quality for all the files with codes in the mentioned and associated repository.
Once the recommendations count appears to be ‘0’, it can be assured that the code quality has been improved. Click on the ‘Pull request code review name’. You will see the ‘Repository name’ and the ‘Pull request Id’ for the newly created pull request which on clicked, will navigate you to the repository or the pull request created on GitHub. Select the ‘Pull request Id’ and you will be navigated to GitHub for merging the created pull request.
Now, click on ‘Merge pull request’ to merge the newly created pull request with the main branch in the repository.
On successful completion, you will be shown the below message.
Now, navigate to the AWS CodeGuru Reviewer console and create a new ‘repository analysis’ for the main branch which contains the files with updated codes. On successful completion, once the status changes to ‘Completed’ and the recommendations count appears to be ‘0’, it can be assured that the code quality for all the files with the updated codes in that repository has been improved.
Since the ‘recommendations count’ in the below screenshot appears to be ‘0’, it can be stated that the quality of the code has been improved.
Now, click on the ‘Dashboard’ in the left navigation pane. You will see the lines of code scanned by the CodeGuru Reviewer service, the recommendations count, the pull requests count, and the associated repository details.
Conclusion
In this blog, you have seen how we can make use of Amazon CodeGuru to review the python codes and provide recommendations to improve the code quality for the same via continuous monitoring of the code throughout the application development. We will discuss more about Amazon CodeGuru and its integration with applications in our upcoming blog. Stay tuned to keep getting all updates about our upcoming new blogs on AWS and relevant technologies.
Meanwhile …
Keep Exploring -> Keep Learning -> Keep Mastering
This blog is part of our effort towards building a knowledgeable and kick-ass tech community. At Workfall, we strive to provide the best tech and pay opportunities to AWS-certified talents. If you’re looking to work with global clients, build kick-ass products while making big bucks doing so, give it a shot at workfall.com/partner today.
