CodeWhisperer includes security scanning as well as AI coding support. It will scan for vulnerabilities identified as among the top ten listed by the Open Web Application Security Project (OWASP) and propose remediations, for a limited number of security scans allowed per month.
Unlike CoPilot, CodeWhisperer remains free for individual developers. There is also a professional tier which costs $19 per user/month. The paid-for option supports policy management and also has ups the monthly allowance for code security scans, from 50 to 500 scans. There are no restrictions on the number of inference requests in either plan.
According to AWS VP Database, Analytics and Machine Learning Swami Sivasubramanian, CodeWhisperer has delivered impressive results during the preview. “We ran a productivity challenge, and participants who used CodeWhisperer completed tasks 57 percent faster, on average, and were 27 percent more likely to complete them successfully.”
Sivasubramanian does not go into detail about this survey or the kinds of tasks that were set. In September 2022 GitHub published survey results for CoPilot from which it reported that that CoPilot-assisted developers performed 55 percent faster – though by February this year GitHub was claiming substantial improvements including that a remarkable 61 percent of Java code is generated by the AI, among developers using the product. Earlier this month GitHub previewed CoPilot Chat.
AWS is coming from behind in this particular race, but along with its free offer can claim another advantage over its rival, which is specific to AWS services. The CodeWhisperer FAQs say that: “The code suggestions provided by CodeWhisperer are based on a large language models (LLMs) trained on billions of lines of code, including Amazon and open-source code,” which means that the cloud giant has allowed its own code to be included in the training data. It follows that CodeWhisperer is likely to perform well when coding specifically for AWS services, a significant feature.
Like CoPilot, CodeWhisperer may in some circumstances reproduce code from projects subject to an open source license. According to the FAQs referenced above, “if CodeWhisperer detects that its output matches particular open-source training data, the built-in reference tracker will notify you with a reference to the license type (for example, MIT or Apache) and a URL for the open-source project.” It is also possible to block such code via enterprise policy or by configuring a setting.
A discussion on Hacker News includes the remark, “I have used it and copilot both, and it is a bit behind copilot.” Another developer says though, “Free for individual use? Sold.”
That said, the cost of developer time is much higher than that of these subscriptions, which will cause enterprises to examine these productivity claims with interest.