Working with code scans

In CodeGuru Security, a scan is an analysis of a code resource for potential security policy violations and vulnerabilities. When you create a code scan, CodeGuru Security analyzes your code and generates findings with information about security vulnerabilities and how to remediate them.

Before scanning your code, CodeGuru Security filters out unsupported code languages, test code, and any open source or third-party code that is present in your code resource. This ensures that findings are only generated on code that is relevant and that you own. The amount of code that can be scanned per scan is limited, and varies by programming language. For information on code scan limits, see Quotas for Amazon CodeGuru Security.

You can monitor the security posture of your code over time by choosing a scan in the console and viewing the data in the Metrics panel. For more information, see View code scan details.

You can create code scans in the CodeGuru Security console, with the AWS CLI and AWS SDKs, or through integrations with CodeGuru Security. Before you begin scanning, make sure you’ve completed the steps in Setting up Amazon CodeGuru Security and Getting started with CodeGuru Security.

This section covers creating, configuring, viewing, and understanding code scans.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tutorial: Run scans with SageMaker Studio and JupyterLab

Types of code scans