Skip to content

ashishrp-aws/amazon-codeguru-SARIF-test

Repository files navigation

Amazon CodeGuru Reviewer Java Detector Examples

Amazon CodeGuru Reviewer is an AWS service that uses program analysis and machine learning to detect potential defects that are difficult for developers to find and offers suggestions for improvement.

CodeGuru Reviewer finds defects in Java and Python code. For more information about how to set up and use CodeGuru Reviewer, see the Amazon CodeGuru Reviewer User Guide.

This repo demonstrates some of CodeGuru Reviewer's Java detectors. For more descriptions of each detector, see our Detector Library. To see the Python code examples repo, click here.

Try out the CodeGuru Reviewer GitHub Action on this repo

You can use this code repository to try out CodeGuru Reviewer using your AWS credentials.

Prerequisites

To use the CodeGuru Reviewer GitHub Action to scan a fork of this repo, you will first need to create a suitable Role, S3 Bucket, and Policy in your AWS account. You can do this automatically by following these instructions.

Setup

A CodeGuru Reviewer GitHub Action workflow template has already been added to this repo. To see CodeGuru Reviewer in action:

  1. Fork this repo.
  2. In .github/workflows/analyze.yml, replace the following three fields with the values obtained from the prerequisites step above: your Role ARN (role-to-assume), your Region (aws-region), and your S3 bucket name (s3_bucket).
  3. Click on the Actions tab (next to pull requests).
  4. Click on the CodeGuru Reviewer Workflow.
  5. Click "Run workflow".
  6. Navigate to the Security tab to see results (it should take 5-10 min). GitHub only enables the security tab for free on public repositories.

Try out the CodeGuru Reviewer GitHub Action on your own repo

You can copy the CodeGuru Reviewer GitHub Action analyze.yml that you made in the Setup step to your own personal repo. However, please take note of the following items:

  • If you use a build system other than Gradle, you may need to edit the build step using the appropriate command for your build system.
  • If your build system doesn't place the resulting .jar files in build/libs, you may need to edit the build_path field in the analyze.yml workflow.
  • If you do not have GitHub Advanced Security, you will still be able to view your findings within the AWS Console. You can also use tools like jq within your workflow to postprocess the findings. If you print some of the findings to stdout, you will see them in your workflow's output log.

Getting Help

Use the community resources below for getting help with AWS CodeGuru Reviewer.

  • Use GitHub issues to report bugs and request features.
  • Open a support ticket with AWS Support.
  • For contributing guidelines, refer to CONTRIBUTING.

Contributing

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License. See the LICENSE file.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published