Amazon CodeGuru Reviewer
Detector Library
Trained on decades of knowledge and experience across millions of code reviews
About CodeGuru Reviewer
Amazon CodeGuru Reviewer is an AWS service that uses program analysis and machine learning to detect potential defects that are difficult for developers to find and offers suggestions for improvement.
CodeGuru Reviewer finds defects on Java and Python code. For more information about how to set up and use CodeGuru Reviewer, see the Amazon CodeGuru Reviewer User Guide.
Frequently asked questions
What is the CodeGuru Reviewer Detector Library?
The CodeGuru Reviewer Detector Library is a resource that contains detailed information about CodeGuru Reviewer's security and code quality detectors to help developers build secure and efficient applications on AWS. Each detection page within the Detector Library contains descriptions, noncompliant and compliant example code snippets, severities, and additional information that helps developers mitigate their risks (such as CWE numbers). The materials presented in CodeGuru Reviewer Detector Library are intended to be a high-level summary of the service's capabilities but may not be inclusive of all detectors or their functionality.
How should I use the CodeGuru Reviewer Detector Library?
You should review the Detector Library to get a deeper understanding of the capabilities of CodeGuru Reviewer. Additionally, after running a repository scan of your application in CodeGuru Reviewer, you can use the detailed detection pages to help mitigate the findings you receive. You are also welcome to use this as an educational resource to help improve the overall security posture of your application and help ensure you are following AWS best practices.
How can I see CodeGuru Reviewer in action?
You can see CodeGuru Reviewer in action by using the example detection repositories. The repositories contain many of the noncompliant code examples that appear in this Detector Library. The repositories are divided by programming language: Java and Python. We recommend that you use CodeGuru Reviewer with GitHub Actions to ensure you receive all of the security and code quality recommendations that CodeGuru Reviewer provides.
How often are the detectors updated?
The CodeGuru Reviewer team is continually adding new detectors to help customers keep their applications free from new, potentially harmful security vulnerabilities.
Do the CodeGuru Reviewer detectors only find the specific example within each detection page?
No. Each detector can detect a wide range of different code defects. We included one noncompliant and compliant code example on each detection page (such as insecure cryptography) to help clarify the detection. However, each detector can find a range of defects in addition to the explicit code example shown on the detection page.