Code review with machine learning Amazon Code Guru now supports Python so I tried it

Introduction

This article is the 22nd day article of Hands Lab Advent Calendar 2020.

Hello, it's @ sr-mtmt. It's the end of the year. Among the items I bought in 2020, my favorite was Pasta in the excellent range. Those who like to see the washing machine spinning around will also like to stare at Volcano in the stove with this product.

By the way, this year's Advent Calendar, let's do it

I want to try something that interests me with re: Invent's Keynote

At re: Invent, Andy Jassy's Keynote said "Python is supported by Amazon Code Guru, which reviews code with machine learning", so I would like to try it.

I've been worried about it for a long time, but until now it only supported Java, so we couldn't try it with our team that doesn't use Java. It seems that it is difficult to analyze Python compared to Java, but what is it like?

What is Amazon Code Guru?

Code Guru has a Reviewer and a Profiler. The Profiler checks the cost, and the Reviewer checks for bugs.

This time I will try Reviewer.

Amazon CodeGuru Reviewer is a service that uses machine learning to detect problems in your code and suggest recommended fixes. It seems that code quality issues are identified in nine broad categories:

--AWS Best Practices: Fixed usage of AWS APIs (polling, pagination, etc.) --Concurrent execution: Detects poor synchronization that is causing a functional failure, or excessive synchronization that is degrading performance. --Deadlock: Check allocation between concurrently running threads --Resource leak: Fixed resource handling method (such as releasing database connection) --Confidential Information Leakage: Detects leaks of personally identifiable information (such as logged-in credit card details) --General code bugs: Detect hard-to-find issues such as not creating a client when reading a Lambda function --Clone code: Identify duplicate code that may improve code maintainability by consolidating --Input validation: Check for improperly shaped or malicious data from untrusted sources

I tried it

0. Premise

--I have an AWS account --I have a repository on Github that contains the source code I want to review, but I don't have it on CodeCommit --Select a repository that has no problem by default for settings such as IAM

1. Repository association

image.png

Select Reviewer.

image.png It turns out that you can completely forget the information from the previous release and associate it even if it is not from CodeCommit. \ I'm happy / You can choose from GitHub, GitHub Enterprise, Bitbucket, and AWS CodeCommit.

image.png Please note that access to the repository associated with the organization is not permitted unless you press the arrow "Grant". This time it's a trial, so I'm doing it with my personal account, but it's nice that if you prepare this area carefully, you can set the authority in detail.

Now that you've connected to your Github account, the candidate repositories will pop up in the "Repository Location" that was grayed out earlier. Select the appropriate repository and associate it.

2. Try to analyze

There are two types of analysis methods.

Code review type Will it be reviewed automatically Where can I see the review results? Review target
Repository analysis No

You must perform the analysis using the CodeGuru Reviewer management console, or the AWS CLI or AWS SDK		 Check using the CodeGuru Reviewer management console, or the AWS CLI or AWS SDK All code in the branch
Pull request Yes

After associating the repository, a code review will be done automatically every time you make a pull request.		 In addition to checking using the CodeGuru Reviewer management console, AWS CLI or AWS SDK, you can also check from the PR comment of the repository source provider (Github, etc.) Scope of pull request. Only the code changed this time

image.png If there is a pull request, it will be added here. I don't have the right PR right now, so I'll try to analyze the whole code in "Analysis of repository".

image.png Press "Create Repository Analysis".

image.png The "Code and Security Recommendations" is a different story from the repository we just associated. I will upload the zipped code to S3 separately, associate it with it, and analyze it, so this time I would like to try "Code Recommendations".

image.png Analyzing ...

image.png It's a small repository, so it only takes a few minutes! Well, what's coming up ...?

image.png Nothing: joy :: joy:: joy: No, that's good. I'm lonely so I tried a larger repository, but I still couldn't find anything ... I wonder how much performance is degraded ...

image.png By the way, if CodeGuru points out something to the pull request, it seems that you can send feedback as to whether the recommendation was useful as it is in the pull request comment like this. (Borrow the image of the official document)

The recommendations pointed out here are "This code might not produce accurate results if the operation returns paginated results instead of all results. Consider adding another call to check for additional results." → This code may not give accurate results if the operation returns paginated results instead of all results. Consider adding another call to check the additional results. (deepl translation) It has become. Is it an indication about how to use the AWS API?

Bonus) Disassociate the repository

image.png If you leave the repository linked, it will cost you money when you exceed the free limit, so let's cancel it if necessary.

Once released, it cannot be restored, so it is necessary to associate it with a new one. image.png

The released repository disappears from the initial display screen, but it does not disappear completely as shown in "Repository (3)" on the upper left. You can check it from the disassociated repository. (why)

Rate plan

You can try it for free for 90 days in an AWS Region that supports Amazon CodeGuru. The following is for the Tokyo region.

About free tier

Analysis of the entire repository is free up to 30,000 lines of code analysis for each payer account each month. A 90-day free trial is available for pull request analysis.

Analysis of the entire repository

$ 0.50 for every 100 lines of code up to 1,500,000 lines of code analysis each month for free tiers and above. Analyzing more than 1,500,000 lines of code $ 0.40 for every 100 lines of code. You can analyze the source code for the entire repository or for selected code branches. Every line of code in the selected repository or source code branch is analyzed with each repository analysis run.

Pull request

$ 0.75 for every 100 lines of code after a 90-day free trial.

Afterword

It was easier to set up than I expected. I was wondering if it would get stuck in something, but it was too easy. It's especially nice to be associated with something other than CodeCommit. It was a pity that there was no indication in the code, but I was a little relieved that there was no big problem.

Tomorrow is the 23rd day! @fasahina!

FYI -[[Breaking news] Code Guru supports Python for code review by machine learning and added Security Detector function #reinvent](https://dev.classmethod.jp/articles/codeguru-support-python-and- security-detector /)

Recommended Posts

Code review with machine learning Amazon Code Guru now supports Python so I tried it
AWS Lambda now supports Python so I tried it
I tried machine learning with liblinear
I started machine learning with Python Data preprocessing
I customized it with Visual Studio Code (mainly for python), so I will summarize it
I tried to move machine learning (ObjectDetection) with TouchDesigner
Mayungo's Python Learning Episode 1: I tried printing with print
I tried to make a real-time sound source separation mock with Python machine learning
I tried to build an environment for machine learning with Python (Mac OS X)
I tried fp-growth with python
I tried scraping with Python
Machine learning with Python! Preparation
Beginning with Python machine learning
I tried gRPC with Python
I tried scraping with python
I tried sending an email from Amazon SES with Python
I started machine learning with Python Clustering & Dimension Compression & Visualization
Mayungo's Python Learning Episode 3: I tried to print numbers with print
[Python] Try to create ring fit data using Amazon Textract [OCR] (Try code review with Code Guru)
Machine learning with python (1) Overall classification
I tried running prolog with python 3.8.2.
I made a segment tree with python, so I will introduce it
"Scraping & machine learning with Python" Learning memo
I tried SMTP communication with Python
I tried learning LightGBM with Yellowbrick
Mayungo's Python Learning Episode 7: I tried printing with if, elif, else
[ML-Aents] I tried machine learning using Unity and Python TensorFlow (v0.11β compatible)
I tried to make a calculator with Tkinter so I will write it
Mayungo's Python Learning Episode 2: I tried to put out characters with variables
I tried to get the authentication code of Qiita API with Python.
Source code of sound source separation (machine learning practice series) learned with Python
(Machine learning) I tried to understand Bayesian linear regression carefully with implementation.
A beginner of machine learning tried to predict Arima Kinen with python
I tried to visualize the model with the low-code machine learning library "PyCaret"
[Zaif] I tried to make it easy to trade virtual currencies with Python
I started machine learning with Python (I also started posting to Qiita) Data preparation
I tried using Amazon SQS with django-celery
Wrangle x Python book I tried it [2]
Amplify images for machine learning with python
I tried scraping Yahoo News with Python
Machine learning with python (2) Simple regression analysis
I tried learning with Kaggle's Titanic (kaggle②)
I tried sending an email with python.
I tried non-photorealistic rendering with Python + opencv
I tried a functional language with Python
I tried recursion with Python ② (Fibonacci sequence)
Wrangle x Python book I tried it [1]
Build AI / machine learning environment with Python
#I tried something like Vlookup with Python # 2
Mayungo's Python Learning Episode 5: I tried to do four arithmetic operations with numbers
When I tried to create a virtual environment with Python, it didn't work
Machine learning beginners tried to make a horse racing prediction model with python
"Brute force of MD5 hash value of 6-digit password" I tried it with Python
I was able to mock AWS-Batch with python, moto, so I will leave it
[Python] Easy introduction to machine learning with python (SVM)
I tried "smoothing" the image with Python + OpenCV
I tried hundreds of millions of SQLite with python
[Python] I introduced Word2Vec and played with it.
Machine learning starting with Python Personal memorandum Part2
I tried "differentiating" the image with Python + OpenCV
Machine learning starting with Python Personal memorandum Part1