Amazon Brings Automated Secret Detection to CodeGuru

Hear from CIOs, CTOs, and other senior executives and leaders on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more

Amazon is rolling out a new machine-learning-based “secret discovery” feature that automatically finds confidential system credentials that might be hidden in source code.

Secrets Detector, as the new feature is called, is part of Amazon’s AI-based code review service called CodeGuru, which the internet giant launched for developers last year. CodeGuru aims to help developers improve the quality of their code by checking logic, syntax, and styling before new code is committed to an existing code base. The tool has two parts: CodeGuru Profiler, which focuses on correcting inefficient code that could cause an application to lag or increase computational costs; and CodeGuru Reviewer, which uses machine learning techniques to find bugs, security vulnerabilities, and other critical issues, and then suggests solutions.

The term “secrets” refers to digital credentials, such as passwords, API tokens, certificates, and encryption keys, that organizations use to manage access to their applications, systems, and critical infrastructure. Such credentials may inadvertently end up in the public domain due to the complacency of developers. Uber, for example, revealed a major breach in 2017 that exposed millions of its users’ personal data.

Recent data from GitGuardian, a cybersecurity platform that helps companies find sensitive data hidden in their code, revealed a 20% increase in secrets found in public GitHub repositories.

Secret sauce

Amazon’s new Secret Finder is included in CodeGuru Reviewer at no additional cost and supports most APIs from vendors like Amazon AWS, Twilio, GitHub, Salesforce, Slack, Stripe, Tableau, Atlassian, Databricks, etc. In addition to working with all Java and Python code, Secrets Detector can also be used to analyze documentation and configuration files, with CodeGuru Reviewer suggesting actions for developers to secure their secrets using AWS’s own Secrets Manager service. ‘Amazon.

Above: AWS Secrets Manager Recommendation: Create a New Secret

Secrecy management has become a crucial facet of the broader security ethics of companies, opening the door to the development of dedicated third-party services. SecretHub. Many younger companies have also appeared on the scene, such as Spectral, which left stealth this year with $ 6.2 million to find costly security errors buried in code; Doppler, who expanded his corporate secrets handler with $ 6.5 million in funding; and Akeyless, who raised a $ 14 million Series A round.

Although managing secrets can involve different tools and processes, the goal is ultimately the same at all levels: to protect the internal systems of companies against the infiltration of bad actors. And that means automating the process of detecting secrets in public code bases.


VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member

Source link

Previous Cyber ​​Monday Live iPad Deals: The Best Apple Tablet Deals We're Finding Right Now
Next Patent Application Titled "Comprehensive Digital Healthcare Platform" Posted Online (USPTO 20210350913): Comprehensive Healthcare Technology LLC