Amazon unleashes AI code reviewer on Java devs, hopes to eliminate ‘most expensive’ lines of code

Amazon unleashes AI code reviewer on Java devs, hopes to eliminate ‘most expensive’ lines of code

Amazon has made its machine learning-backed code reviewing tool CodeGuru generally available, showing developers working with JVM languages which part of their code will be most costly when run in the AWS cloud and offering tips to improve code quality.

CodeGuru mainly consists of a profiling and a reviewing component. CodeGuru Profiler does the usual thing of analysing CPU utilisation and latency characteristics for JVM apps running on EC2 instances, as Lambda functions, or inside the various container offerings of AWS. 

However, while this knowledge might already help some teams to optimise their code, some will need additional pointers to make use of these insights. 

This is where CodeGuru becomes a bit more interesting than normal profilers, since it offers remediation recommendations for the performance issues it comes across. Their implementations are meant to help teams reduce infrastructure costs, which is surely very sought after, given that many teams still find it hard to estimate expenses in a cloud context.

Since profilers are usually run continuously, CodeGuru Profiler can also be used to find anomalies and inspect unexpected call patterns. To make the most of this, though, an integration with (not free) Amazon SNS is necessary to automatically alert a team if for instance an unusual spike is detected if you don’t want to monitor logs yourself all the time. Another thing to keep in mind is that the Profiler’s agent needs resources as well, which could impact the performance of Lambda functions.

Reviewer, the second component, is currently only of use to Java programmers hosting their repositories on either GitHub, GitHub Enterprise, Bitbucket, or AWS CodeCommit. Once connected and read access is granted, Reviewer controls pull requests to a repository to make sure the new code adheres to AWS and Java best practices, doesn’t contain sensitive information, and handles resources properly. 

It also points out code duplicates and looks for concurrency issues or malicious data. After those weaknesses have been found, CodeGuru Reviewer offers up remediation steps users can take to improve their commits and keep apps free from vulnerabilities. The system uses machine learning approaches and rule-based models for its recommendations, so will also take into account feedback given to further improve its detectors.

Amazon CodeGuru comes with a 90-day free trial period. Once that’s over, the Reviewer component can be set up to scan every pull request on a repository it’s enabled on. The service costs $0.75 per 100 lines of code analysed, though after an initial analysis only the changed lines will be checked. If the anomaly detection component is meant to send out alerts, users will also have to take SNS costs into account.

The CodeGuru Profiler will meanwhile set organisations back “$0.005 per sampling hour for the first 36,000 sampling hours per profiling group per month” for apps running on EC2 instances or ECS, EKS, and Fargate containers. Everything beyond that won’t be charged. 

Profiling on AWS Lambda is free for the first 500 sampling hours per payer account and follows the EC2/EKS profiling prices once that mark has been hit.