CodeWhisperer Security Scans
0
Hi all, what kind of security scans does CodeWhisperer conduct? Is it just based on AWS services? Because I've seen demo videos and the security scans always just shows suggestions on the AWS portion of the code (e.g. hard-coded access keys etc.). Not sure exactly what security scans it does
質問済み 1ヶ月前111ビュー
1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Hi,
To get the info you need, I'd suggest to read the documentation: https://docs.aws.amazon.com/codewhisperer/latest/userguide/security-scans.html
You can use CodeWhisperer to detect security policy violations and vulnerabilities in your code with
static application security testing (SAST), secrets detection, and infrastructure as code (IaC) scanning.
Security scans in CodeWhisperer identify security vulnerabilities and suggest how to improve your code.
In some cases, CodeWhisperer provides code you can use to address those vulnerabilities.
CodeWhisperer's security scan is powered by detectors from the Amazon CodeGuru Detector Library.
CodeGuru Security does multiple layers of filtering before scanning code to ensure that you can focus
on the most critical issues. As part of that, CodeGuru Security filters unsupported languages, test code,
and open source code, before scanning for security issues.
The security scans are based on CodeGuru Detector Library: https://docs.aws.amazon.com/codeguru/detector-library/
Best,
Didier
関連するコンテンツ
AWS公式更新しました 1年前- AWS公式更新しました 2年前
