code review
Auto Added by WPeMatico
Auto Added by WPeMatico
AWS today announced that CodeGuru, a set of tools that use machine learning to automatically review code for bugs and suggest potential optimizations, is now generally available. The tool launched into preview at AWS re:Invent last December.
CodeGuru consists of two tools, Reviewer and Profiler, and those names pretty much describe exactly what they do. To build Reviewer, the AWS team actually trained its algorithm with the help of code from more than 10,000 open source projects on GitHub, as well as reviews from Amazon’s own internal codebase.
“Even for a large organization like Amazon, it’s challenging to have enough experienced developers with enough free time to do code reviews, given the amount of code that gets written every day,” the company notes in today’s announcement. “And even the most experienced reviewers miss problems before they impact customer-facing applications, resulting in bugs and performance issues.”
To use CodeGuru, developers continue to commit their code to their repository of choice, no matter whether that’s GitHub, Bitbucket Cloud, AWS’s own CodeCommit or another service. CodeGuru Reviewer then analyzes that code, tries to find bugs and, if it does, it will also offer potential fixes. All of this is done within the context of the code repository, so CodeGuru will create a GitHub pull request, for example, and add a comment to that pull request with some more info about the bug and potential fixes.
To train the machine learning model, users can also provide CodeGuru with some basic feedback, though we’re mostly talking “thumbs up” and “thumbs down” here.
The CodeGuru Application Profiler has a somewhat different mission. It is meant to help developers figure out where there might be some inefficiencies in their code and identify the most expensive lines of code. This includes support for serverless platforms like AWS Lambda and Fargate.
One feature the team added since it first announced CodeGuru is that Profiler now attaches an estimated dollar amount to the lines of unoptimized code.
“Our customers develop and run a lot of applications that include millions and millions of lines of code. Ensuring the quality and efficiency of that code is incredibly important, as bugs and inefficiencies in even a few lines of code can be very costly. Today, the methods for identifying code quality issues are time-consuming, manual, and error-prone, especially at scale,” said Swami Sivasubramanian, vice president, Amazon Machine Learning, in today’s announcement. “CodeGuru combines Amazon’s decades of experience developing and deploying applications at scale with considerable machine learning expertise to give customers a service that improves software quality, delights their customers with better application performance, and eliminates their most expensive lines of code.”
AWS says a number of companies started using CodeGuru during the preview period. These include the likes of Atlassian, EagleDream and DevFactory.
“While code reviews from our development team do a great job of preventing bugs from reaching production, it’s not always possible to predict how systems will behave under stress or manage complex data shapes, especially as we have multiple deployments per day,” said Zak Islam, head of Engineering, Tech Teams, at Atlassian. “When we detect anomalies in production, we have been able to reduce the investigation time from days to hours and sometimes minutes thanks to Amazon CodeGuru’s continuous profiling feature. Our developers now focus more of their energy on delivering differentiated capabilities and less time investigating problems in our production environment.”
Powered by WPeMatico
Semmle, a startup that originally spun out of research at Oxford, announced a $21 million Series B investment today led by Accel Partners. It marked the second time Accel has led an investment in the company.
Work-Bench also participated in the round. Today’s investment brings the total to $31 million.
Semmle has warranted this kind of interest by taking a unique approach to finding vulnerabilities in code. “The key idea behind our technology is to treat code as data and treat analysis problems as simple queries against a database. What this allows you to do is very easily encode domain expertise, security expertise or any other kinds of specialist knowledge in such a way it can be easily and automatically applied to large amounts of code,” Pavel Avgustinov, Semmle co-founder and VP of platform engineering told TechCrunch.
Screenshot: Semmle
Once you create the right query, you can continuously run it against your code to prevent the same mistakes from entering the code base on subsequent builds. The key here is building the queries and the company has a couple of ways to deal with that.
They can work with customers to help them create queries, although in the long run that is not a sustainable way of working. Instead, they share queries, and encourage customers to share them with the community.
“What we find is that the great tech companies we work with have the best security teams in the world, and they are giving back what they created on the Semmle platform with other users in an open source fashion. There is a GitHub repository where we publish queries, but Microsoft and Google are doing the same thing,” Oege de Moor, company CEO and co-founder explained.
In fact, the Semmle solution is freely available to open source programmers to use with their applications, and the company currently analyzes every commit of almost 80,000 open source projects. Open source developers can run shared queries against their code or create their own.
They also have a paid version with customers like Microsoft, Google, Credit Suisse, NASA and Nasdaq. They have relied mostly on these strategic partners up until now. With today’s investment they plan to build out their sales and marketing departments to expand their customer base into a wider enterprise market.
The company spun out of research at Oxford University in 2006. They are now based in San Francisco with 60 employees, a number that should go up with this investment. They received an $8 million Series A in 2014 and $2 million seed round in 2011.
Powered by WPeMatico