CodeWhisperer Security Scans
0
Hi all, what kind of security scans does CodeWhisperer conduct? Is it just based on AWS services? Because I've seen demo videos and the security scans always just shows suggestions on the AWS portion of the code (e.g. hard-coded access keys etc.). Not sure exactly what security scans it does
已提問 2 個月前檢視次數 134 次
1 個回答
- 最新
- 最多得票
- 最多評論
1
Hi,
To get the info you need, I'd suggest to read the documentation: https://docs.aws.amazon.com/codewhisperer/latest/userguide/security-scans.html
You can use CodeWhisperer to detect security policy violations and vulnerabilities in your code with
static application security testing (SAST), secrets detection, and infrastructure as code (IaC) scanning.
Security scans in CodeWhisperer identify security vulnerabilities and suggest how to improve your code.
In some cases, CodeWhisperer provides code you can use to address those vulnerabilities.
CodeWhisperer's security scan is powered by detectors from the Amazon CodeGuru Detector Library.
CodeGuru Security does multiple layers of filtering before scanning code to ensure that you can focus
on the most critical issues. As part of that, CodeGuru Security filters unsupported languages, test code,
and open source code, before scanning for security issues.
The security scans are based on CodeGuru Detector Library: https://docs.aws.amazon.com/codeguru/detector-library/
Best,
Didier
相關內容
- 已提問 10 個月前
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
