Amazon Web Services (AWS), gives developers the ability scan their code for embedded “secrets,” which are highly sensitive data such as passwords and user names.
Amazon CodeGuru Reviewer Secrets Detector now available It’s an extension of the CodeGuru Reviewer product that scans code for potential security bugs.
The CodeGuru Reviewer Secrets Detector is used with AWS Secrets Manager in order to prevent developers from deploying code written either in Python or Java that has secrets inadvertently hardcoded in it. Alex Casalboni, AWS developer advocate, explained how this could happen in Monday’s blog post:
As with many developers who are under tight deadlines, I have often taken shortcuts in managing and consuming secrets in my codes. I use plaintext environment variables and hard-coding static secrets during local programming, and then accidentally commit them. It was something I regret and wished there were an automated way to find and secure these secrets across all my repositories.
He said that Secrets Detector, a CodeGuru Reviewer, uses machine learning to detect hidden secrets in code before it goes live. The Secrets Manager product then suggests solutions.
CodeGuru Reviewer Secrets Detector checks code in addition to checking it. It also checks configuration and documentation files for hard-coded secrets. It supports many API providers including GitHub, Salesforce and Slack. (A complete list of vendors can be found here).
CodeGuru Reviewer Secrets Detector available at no additional cost to CodeGuru User.
