Writing secure code is a difficult task. Multiple developers working in the same code base, client libraries with different versions, deprecated functions. These are some factors that contribute to code becoming unsafe to execute. Worse, hackers watch this happen and can create exploits for them. This is where Amazon CodeWhisperer can help. It can scan your code and look for exploit opportunities and highlight those for you, while also giving you recommendations on how to fix it. In this video, Tiffany Souterre shows how to use this feature.
β οΈ Important: Keeping your code safe is a rather complicated journey that goes way beyond than just using AI-based scanning tools. Code Whisperer highlights potential problems in your codeβbut it cannot guarantee anything. Ultimately, it is your job to keep the code safe, and you should never rely only on Code Whisperer for this task. Amazon reserves the right not to be responsible for any security issues your code may still present after using Code Whisperer.
0:00 - Intro to code threat scanning 0:25 - Running the security scan 1:05 - Reading results and fixing issues 3:24 - Final thoughts
βοΈ Build On AWS is for the hands-on, technical AWS cloud builder who wants to become more agile and innovate faster. Learn more about technical concepts, cloud infrastructure development, and everything there is to know about building incredible things with AWS. Subscribe to the Build On AWS channel for events, programs and recurring shows presented by the AWS Developer Relations team!
#AWS #CodeWhisperer #ai
π‘ Any opinions in this video are those of the individual author and may not reflect the opinions of AWS.
Content
0.333 -> Hi, my name is Tiffany Souterre.
2.566 -> I'm a Developer Advocate Specialist in AI/ML at AWS.
6.632 -> Today we're going to talk about CodeWhisperer
9.232 -> and how it can help you with security breach.
12.232 -> CodeWhisperer is not just an AI-pair programing tool that can help you
15.931 -> with your code and suggesting you block's of codes,
18.731 -> it can actually also scan your entire code and look for vulnerabilities.
23.864 -> Let's see how it works.
25.43 -> Okay, so now we are in my VS Code and we can see my project.
30.03 -> This is the file I want to scan.
32.963 -> We see that I have two functions, a log_credentials()
36.629 -> and a authenticate_on_subscribe().
39.596 -> Let's go to the AWS Toolkit,
42.262 -> click on the CodeWhisperer and you will see
45.162 -> the option for run a security scan.
48.628 -> So let's click on that.
51.761 -> The scan will take a little bit of time and you will see
55.361 -> at the bottom of the screen
that the scan is actually in progress.
61.26 -> Bear in mind that CodeWhisperer is actually scanning through all of your project.
65.526 -> And here five files have been scanned
and two issues were found.
70.792 -> Let's see what it is.
72.659 -> We can see that the vulnerabilities
have been
75.292 -> highlighted with a yellow wave
78.458 -> and you can directly click
80.325 -> in the problem's tab in each vulnerabilities to directly go to it.
85.191 -> If you move your mouse
over the vulnerability,
88.424 -> you will see the description of what CodeWhisperer has scanned.
91.957 -> Here we can see that we have AWS credentials that are logged.
96.657 -> This could be a vulnerability,
98.99 -> so let's change that.
101.423 -> We will erase the logged information,
the secret key and the access key,
107.422 -> and we'll create a session
112.188 -> We can see that
113.988 -> CodeWhisperer
115.688 -> is already suggesting a solution
119.854 -> to my problem.
123.287 -> So it's suggesting me to create a session
126.32 -> and put my access_key_id in there.
129.553 -> So let's do that.
130.786 -> And also let's do the same thing for the secret key.
135.553 -> This is exactly what I wanted to do
136.986 -> so I'll keep this.
139.686 -> Let's check for the second vulnerability.
146.052 -> So now when we put our mouse over it
149.151 -> we see that it's telling us that we are failing to set the
153.451 -> AuthenticateOnUnsubscribe flag to true
157.884 -> So let's change that.
160.65 -> And already CodeWhisperer is
162.983 -> is suggesting me to set this flag to true.
166.883 -> All right.
167.849 -> Now that we have addressed
all of the vulnerabilities,
172.982 -> let's run the security scan a second time just to make sure that our code is safe.
181.481 -> This will take a little bit of time again, but this is totally worth the wait
186.614 -> to make sure that our code is safe.
191.714 -> Here
192.98 -> the security scan has been completed
195.413 -> for five files and zero issues were found.
198.88 -> The problem's tab is now empty.
201.113 -> That means that our code is safe now.
204.746 -> Congratulations.
205.912 -> You now know how to run the security
scan on your project, with CodeWhisperer.
210.278 -> If you're interested in learning
more about CodeWhisperer.
212.778 -> Check the link in the description below.
214.845 -> And if you want to see more videos
like this one, don't forget to subscribe.
