CodeWhisperer Security Scans
0
Hi all, what kind of security scans does CodeWhisperer conduct? Is it just based on AWS services? Because I've seen demo videos and the security scans always just shows suggestions on the AWS portion of the code (e.g. hard-coded access keys etc.). Not sure exactly what security scans it does
posta 2 mesi fa134 visualizzazioni
1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
Hi,
To get the info you need, I'd suggest to read the documentation: https://docs.aws.amazon.com/codewhisperer/latest/userguide/security-scans.html
You can use CodeWhisperer to detect security policy violations and vulnerabilities in your code with
static application security testing (SAST), secrets detection, and infrastructure as code (IaC) scanning.
Security scans in CodeWhisperer identify security vulnerabilities and suggest how to improve your code.
In some cases, CodeWhisperer provides code you can use to address those vulnerabilities.
CodeWhisperer's security scan is powered by detectors from the Amazon CodeGuru Detector Library.
CodeGuru Security does multiple layers of filtering before scanning code to ensure that you can focus
on the most critical issues. As part of that, CodeGuru Security filters unsupported languages, test code,
and open source code, before scanning for security issues.
The security scans are based on CodeGuru Detector Library: https://docs.aws.amazon.com/codeguru/detector-library/
Best,
Didier
Contenuto pertinente
AWS UFFICIALEAggiornata 2 anni fa- AWS UFFICIALEAggiornata un anno fa