AWS CodeGuru receives new functionality to improve code security. Among other things, the tool now leverages a Secrets Detector functionality to discover ‘secret information’ in source code.

Developers use AWS CodeGuru to detect defects and bugs in source code through machine learning and recommendations. In doing so, they prevent potential exploits and vulnerabilities in code and applications during the development process, thus complying with security best practices.

One of these best practices is to avoid hard coding anything that might reveal secret system information in the source code. Think of passwords, API keys, encryption keys and other login data. These can always be added to the code unintended, out of laziness or a lack of awareness.

The presence of this information in a code repository causes unintentional leaks. It’s a goldmine for hackers.

Secrets Detector for AWS CodeGuru

AWS wants to put an end to the risk and has now equipped AWS CodeGuru with functionality that detects the presence of sensitive data in the source code at an early stage.

The Secrets Detector functionality applies machine learning to discover ‘secret information’ during the code review process, before the code is merged or deployed. The tool alerts developers that their code may contain a hardcoded password.

Scanning capabilities and integrations

Secrets Detector scans source code, configuration files and documentation for possible secret information. For example, passwords, API keys, SSH keys and access tokens. The technology is available for free in AWS CodeGuru and further offers integrations with solutions such as Atlassian, Datadog, Databricks, GitHub, Hubspot, Mailchimp, Salesforce, SendGrid, Shopify, Slack and Stripe.

Tip: Techzine’s coverage of AWS re:Invent 2021