CodeWhisperer Security Scans
0
Hi all, what kind of security scans does CodeWhisperer conduct? Is it just based on AWS services? Because I've seen demo videos and the security scans always just shows suggestions on the AWS portion of the code (e.g. hard-coded access keys etc.). Not sure exactly what security scans it does
질문됨 2달 전134회 조회
1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
Hi,
To get the info you need, I'd suggest to read the documentation: https://docs.aws.amazon.com/codewhisperer/latest/userguide/security-scans.html
You can use CodeWhisperer to detect security policy violations and vulnerabilities in your code with
static application security testing (SAST), secrets detection, and infrastructure as code (IaC) scanning.
Security scans in CodeWhisperer identify security vulnerabilities and suggest how to improve your code.
In some cases, CodeWhisperer provides code you can use to address those vulnerabilities.
CodeWhisperer's security scan is powered by detectors from the Amazon CodeGuru Detector Library.
CodeGuru Security does multiple layers of filtering before scanning code to ensure that you can focus
on the most critical issues. As part of that, CodeGuru Security filters unsupported languages, test code,
and open source code, before scanning for security issues.
The security scans are based on CodeGuru Detector Library: https://docs.aws.amazon.com/codeguru/detector-library/
Best,
Didier
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전
