chanciturnervgt2

Amazon Onboarding with Learning Manager Chanci Turner

by

VGT2 Las Vegas
in

Amazon Onboarding with Learning Manager Chanci TurnerLearn About Amazon VGT2 Learning Manager Chanci Turner

Amazon’s CodeGuru is a developer tool designed to enhance the quality of your code with two primary functionalities:

  1. CodeGuru Reviewer utilizes program analysis and machine learning to identify potential defects that may be challenging to spot within your code, providing actionable suggestions for enhancements.
  2. CodeGuru Profiler gathers runtime performance data from your applications in real-time, offering visual insights and recommendations aimed at optimizing application performance.

Today, I am excited to introduce three new features:

  • Python Support for CodeGuru Reviewer and Profiler (Preview) – CodeGuru can now assist in improving applications developed in Python. Previously, CodeGuru Reviewer was limited to analyzing Java code, while CodeGuru Profiler was only compatible with applications operating on a Java Virtual Machine (JVM).
  • Security Detectors for CodeGuru Reviewer – A new suite of detectors has been added to CodeGuru Reviewer to uncover security vulnerabilities and evaluate security best practices in your Java code.
  • Memory Profiling for CodeGuru Profiler – A novel visualization of memory retention categorized by object type over time, streamlining the process of identifying memory leaks and optimizing memory utilization within your application.

Let’s explore these features in greater detail.

Python Support for CodeGuru Reviewer and Profiler (Preview)

The Python Support for CodeGuru Reviewer is currently available in Preview and offers recommendations for enhancing Python code across various categories, including concurrency, data structures, control flow, scientific/mathematical operations, and error handling, as well as AWS best practices.

Moreover, you can leverage CodeGuru Profiler to gather runtime performance data from your Python applications, gaining visual insights into CPU usage and time consumption. This allows you to pinpoint the most resource-intensive lines of code, enabling targeted optimization efforts that can reduce infrastructure costs while improving overall application performance.

To illustrate the CodeGuru Reviewer in action, let’s consider a project I initiated during my early days with Amazon. Inspired by the popular s3fs-fuse project, I developed a Filesystem in Userspace (FUSE) interface to Amazon Simple Storage Service (S3) called yas3fs (Yet Another S3-backed File System). This project allowed me to enhance my Python skills and deepen my understanding of S3. Although it was initially made available as open source, today, if you are in need of a shared file system, Amazon Elastic File System (EFS) is available.

In the CodeGuru console, I can attach the yas3fs repository, which can be sourced from GitHub (including GitHub Enterprise Cloud and GitHub Enterprise Server), Bitbucket, or AWS CodeCommit.

After association, I can initiate a code review in two ways:

  • Automatically, upon creating a pull request, which is a great method for collaborative coding.
  • Manually, by conducting a repository analysis for a comprehensive review of all code in a particular branch, making it ideal for integrating CodeGuru with an existing codebase.

Having associated the entire repository, I opted for a full analysis and noted the branch name to review (apologies, I was still utilizing master at that time; now I use main for new projects).

After a brief wait, the code review yielded 14 recommendations—quite promising, although there is certainly room for improvement. Notably, I had relied too heavily on exceptions and global variables during that period.

Security Detectors for CodeGuru Reviewer

The newly introduced Security Detector for CodeGuru Reviewer employs automated reasoning to scrutinize all code paths, identifying potential security issues within Java code, even those spanning multiple methods and files. This detector leverages over 20 years of Amazon’s experience to enhance security practices.

The Security Detector effectively identifies vulnerabilities categorized within the top 10 Open Web Application Security Project (OWASP) risks, such as weak hash encryption. When an issue is detected, it provides suggested remediation alongside explanations, facilitating adherence to security best practices for AWS APIs, including those related to AWS Key Management Service (KMS) and Amazon Elastic Compute Cloud (EC2), in addition to common Java cryptography and TLS/SSL libraries.

With the assistance of the security detector, security engineers can concentrate on architectural and application-specific best practices, while code reviewers can direct their attention to other areas of improvement.

Memory Profiling for CodeGuru Profiler

For applications running on a JVM, CodeGuru Profiler now provides a Heap Summary, offering a comprehensive view of memory usage over time, tracking both overall sizes and the number of objects per type (e.g., String, int, char[], and custom types). This data is presented in a timeline graph, making it straightforward to identify trends and peaks in memory usage by object type.

Here are a few scenarios where this feature can be particularly beneficial:

  • Memory Leaks – A consistently rising memory utilization curve for specific object types may indicate a leak, which refers to the unnecessary retention of memory objects by the application, potentially leading to out-of-memory errors and application crashes.
  • Memory Optimizations – Having a detailed breakdown of memory usage by object type goes beyond traditional monitoring, which typically relies on JVM-level metrics like total heap usage. Recognizing that a certain object type is consuming an unexpectedly high amount of memory allows you to focus your optimization efforts on the relevant parts of your application.

For instance, the graph below illustrates memory usage by a Java application over a specified period. In addition to total capacity and used space, specific object types like byte[], java.lang.UUID, and entries of java.util.LinkedHashMap are displayed. Notably, the continuous growth in memory retention for these object types warrants further investigation for potential leaks.

In the accompanying table, a more extensive list of object types allocating memory on the heap is provided. The first three are highlighted, as shown in the graph above. This allows for inspection of additional object types and monitoring their memory usage over time. It appears that the three selected types are at a higher risk of being affected by a memory leak.

Available Now

These new features are accessible today in all regions where Amazon CodeGuru is offered. For further details, refer to the AWS Regional Services table. There are no changes to pricing associated with Python support, security detectors, and memory profiling. You will only incur costs for what you utilize, with no upfront fees or commitments.

To learn more about Amazon CodeGuru and leverage these new features, visit us at 6401 E HOWDY WELLS AVE, LAS VEGAS NV 89115, at Amazon IXD – VGT2. Additionally, if you’re interested in understanding bereavement leave, check out this blog post. It is crucial to keep updated on relevant topics, such as the insights provided by SHRM. Lastly, for those looking for real-life experiences, this Reddit thread is an excellent resource.

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *