AWS launches Amazon CodeGuru

Amazon CodeGuru Reviewer uses machine learning to identify critical issues and hard-to-find bugs during application development to improve code quality.

  • 3 years ago Posted in

Amazon Web Services has introduced Amazon CodeGuru, a developer tool powered by machine learning that provides intelligent recommendations for improving code quality and identifying an application’s most expensive lines of code.


Amazon CodeGuru Reviewer helps improve code quality by scanning for critical issues, identifying bugs, and recommending how to remediate them. Amazon CodeGuru Profiler helps developers find an application’s most expensive lines of code along with specific visualisations and recommendations on how to improve code to save money. Amazon CodeGuru can be enabled with a few clicks in the AWS console, customers only pay for their actual use of Amazon CodeGuru, and it’s easy and affordable enough to run on every code review and application in an organisation.

Just like Amazon.com, AWS customers write a lot of code. Software development is a well understood process. Developers write code, review it, compile the code and deploy the application, measure the performance of the application, and use that data to improve the code. Then, they rinse and repeat. Yet, all of this process doesn’t matter if the code is incorrect to begin with, which is why teams perform code reviews to check the logic, syntax, and style before new code is added to an existing application code base. Even for a large organisation like Amazon, it’s challenging to have enough experienced developers with enough free time to do code reviews, given the amount of code that gets written every day. And even the most experienced reviewers miss problems before they impact customer-facing applications, resulting in bugs and performance issues.

Even after an application is up and running, developers still need to monitor performance to make sure it is running efficiently. Typically, developers monitor application performance through logging, which allows them to observe how much time an application takes to complete a task. However, logging is cumbersome to implement (requiring developers to instrument every function in the application), negatively impacts application performance, and doesn’t measure other metrics like CPU utilisation that contribute to compute costs, leaving developers without a tool to effectively identify cost-saving opportunities for applications in production. Organisations often incur unnecessarily higher costs (sometimes upwards of tens of millions of dollars) for running applications that are in need of further optimisations because these applications consume more CPU and infrastructure than they should.

Amazon CodeGuru is a new developer service that uses machine learning to automate both code reviews during application development and profiling of applications in production. Amazon CodeGuru has two components:

·        Code Reviewer: Developers can use machine learning-powered Amazon CodeGuru Reviewer to automatically flag common issues that deviate from best practices (potentially leading to production issues), while also providing specific recommendations on how to fix them, including example code and links to relevant documentation. For code reviews, developers commit their code as usual to the repository of their choice (e.g. GitHub, GitHub Enterprise, Bitbucket Cloud, AWS CodeCommit) and add Amazon CodeGuru Reviewer as one of the code reviewers, with no other changes to the normal development process. Amazon CodeGuru Reviewer analyses existing code bases in the repository, identifies hard to find bugs and critical issues with high accuracy, provides intelligent suggestions on how to remediate them, and creates a baseline for successive code reviews.

To do so, Amazon CodeGuru Reviewer opens a pull request and automatically starts evaluating the code using machine learning models that have been trained on several decades of code reviews at Amazon.com and over ten thousand open-source projects on GitHub. If Amazon CodeGuru Reviewer discovers an issue (e.g. thread safety issues, use of un-sanitised inputs, inappropriate handling of sensitive data such as credentials, resource leaks, redundant copy and pasted code, deviation from best practices for using Java and AWS APIs, etc.), it will add a human-readable comment to the pull request that identifies the line of code, specific issue, and recommended remediation. Amazon CodeGuru Reviewer also provides a pull request dashboard that lists information for all code reviews (e.g. status of the code review, number of lines of code analysed, and the number of recommendations). Users may also give feedback on CodeGuru Reviewer recommendations by clicking on a thumbs up or thumbs down icon, which helps improve recommendations over time using machine learning.

·        Application Profiler: Developers can use machine learning-powered Amazon CodeGuru Profiler to identify the most expensive lines of code (in terms of potential estimated dollar savings) by helping them understand the runtime behavior of their applications (including serverless applications running via AWS Lambda or AWS Fargate), identify and remove code inefficiencies, improve performance, and significantly decrease compute costs. For example, Amazon’s internal teams have used Amazon CodeGuru Profiler on more than 30,000 production applications, resulting in tens of millions of dollars in savings on compute and infrastructure costs. Further, the Amazon.com Consumer Payments team used Amazon CodeGuru Profiler from 2017 to 2018 to gain efficiencies for the biggest shopping day of the year – Prime Day – and realized a 325% efficiency increase in CPU utilization across their applications and lowered costs by 39%.

To get started with Amazon CodeGuru Profiler, customers install a small, low-profile agent in their application that can observe the application run time and profile the application to detect code quality issues (e.g. recreation of expensive objects, use of inefficient libraries, evaluating null or undefined values, etc.) along with details on latency and CPU usage. Amazon CodeGuru Profiler then uses machine learning to automatically identify code methods (reusable blocks of code also called functions) and anomalous behaviors that are most impacting latency and CPU usage. This information is brought together in a profile that clearly shows the areas of code that are most inefficient and provides visualisations that identify the code methods that are creating bottlenecks, along with a time-series graph of detected anomalies. The profile includes recommendations on how developers can fix issues to improve performance and also estimates the cost (in dollars) of continuing to run inefficient code so developers can prioritize remediation. Developers can now take advantage of the same technology deployed at Amazon to improve application performance and customer experiences, while also eliminating their most expensive lines of code.

“Our customers develop and run a lot of applications that include millions and millions of lines of code. Ensuring the quality and efficiency of that code is incredibly important, as bugs and inefficiencies in even a few lines of code can be very costly. Today, the methods for identifying code quality issues are time-consuming, manual, and error-prone, especially at scale,” said Swami Sivasubramanian, Vice President, Amazon Machine Learning, Amazon Web Services, Inc. “CodeGuru combines Amazon’s decades of experience developing and deploying applications at scale with considerable machine learning expertise to give customers a service that improves software quality, delights their customers with better application performance, and eliminates their most expensive lines of code.”

Snowflake report unearths Python as the programming language of choice for AI development, while...
Survey respondents confirm built-in security and compliance are delivered by self-service...
Companies are turning to specialized work groups, AI to encourage Java productivity.
Global study of CISOs, AppSec leaders and developers reveals that business pressures are a primary...
Eficode’s annual DevOps trends pinpoint key areas that will define the intersection of AI and...
Carefully managing Generative AI’s potential through DevOps and an increased focus on compliance...
Expanded solution brings cloud infrastructure, SaaS apps and externally exposed assets together for...
Global survey of open source users finds challenges around security policies and end-of-life...