At AWS re:Invent, Amazon Web Services, Inc., an Amazon.com, Inc. company, unveiled the new Amazon CodeGuru Reviewer Secrets Detector, an automated tool that helps developers detect secrets in source code or configuration files, such as passwords, API keys, SSH keys, and access tokens.
The new automated tool was announced in an AWS blog post by Alex Casalboni.
Amazon CodeGuru helps users improve code quality and automate code reviews by scanning and profiling Java and Python applications to detect potential defects and bugs in code. For example, it suggests improvements regarding security vulnerabilities, resource leaks, concurrency issues, incorrect input validation, and deviation from AWS best practices.
The new Secrets Detector tool uses ML to identify hard-coded secrets as part of the code review process, ultimately helping to avoid problems before code is merged and deployed. This new functionality is included as part of the CodeGuru Reviewer service at no additional cost and supports the most common API providers.
In addition to Java and Python code, the detector tool can also scan configuration and documentation files. CodeGuru Reviewer suggests remediation steps to secure secrets with AWS Secrets Manager, a managed service that lets users securely and automatically store, rotate, manage, and retrieve credentials, API keys, and additional types of secrets.
This new functionality is included as part of the CodeGuru Reviewer service at no additional cost and supports the most common API providers, such as AWS, Atlassian, Datadog, Databricks, GitHub, Hubspot, Mailchimp, Salesforce, SendGrid, Shopify, Slack, Stripe, Tableau, Telegram, and Twilio.
For more information, go to https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/recommendations.html#secrets-detection.