This post is written in collaboration with DevFactory, an AWS Select Technology Partner.
DevFactory is an enterprise SaaS-focused company that is responsible for innovation, development, and operation of over 120 enterprise products. DevFactory also offers DevGraph, an integrated suite of software development tools built on AWS.
Amazon CodeGuru is an automated code review service that helps developers improve their quality of code by recommending actions in code review. CodeGuru consists of two services:
- Amazon CodeGuru Reviewer – Analyzes code repositories in GitHub and AWS CodeCommit, finds issues, and recommends fixes.
- Amazon CodeGuru Profiler – Visualizes your application performance and shows you the methods that take the most time and CPU capacity to execute. CodeGuru Profiler supports Java and other JVM languages, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Services (Amazon EKS), AWS Fargate, or on premises.
In this post, we talk about how DevFactory uses CodeGuru Reviewer to improve their software as a service (SaaS) applications.
What is CodeGuru Reviewer?
CodeGuru Reviewer is a code review service that uses a combination of machine learning (ML) and human curation techniques to analyze millions of lines of over 10,000 open-source projects and the Amazon internal code base to learn coding practices. It uses these models to find code issues such as concurrency race conditions, resources leaks, and wasted CPU cycles.
DevFactory’s challenge
DevFactory has more than 120 products and manages over 650 million lines of code. Most of these products were developed over the last two decades and therefore have custom code to implement widely available, off-the-shelf services. To adopt, upgrade, and maintain the code base with a global, fully remote workforce, DevFactory is constantly evolving and adding automation where necessary.
One key part of the strategy is to identify and enhance the gems in each newly acquired product. These are the services, features, and applications that are both unique and valuable to the customers. ML-driven forecasts? Business intelligence from social graphs? Containerization and productivity enhancement at scale? DevFactory wants their engineering teams to deliver these to customers, and leave the undifferentiated heavy lifting to AWS services and infrastructure.
The following table shows DevFactory by the numbers.
| Verticals | Repositories | Lines of Code | Number of Languages |
| 20 | 6,000 | ~650 million | 45 |
In addition to jettisoning undifferentiated code, monitoring and maintaining the existing code base requires effort. DevFactory’s ideal code analysis solution is:
- Accurate and focused – The most valuable code analysis tools are both highly accurate and highly targeted. Static analysis, for example, routinely turns up thousands of issues in perfectly acceptable code bases because it has both false and unimportant positives.
- Specialized – To truly improve the code base, specialized tools were needed to find issues during the following stages:
- Development – Coding style, correctness, and more
- Deployment – Efficient use of the right services
- Implementation – Performance and security
- Up-to-date – Updating to the latest API or SDK can result in unintended consequences. Any code analysis tool needs to keep up with this creative destruction and enforce correct usage of ever-new services.
- Actionable – Code reviews and style guides are helpful, but to operate existing and new products at DevFactory’s scale, they need automated analysis and automated actions. DevFactory values issue-finders that lend themselves to their (rather sophisticated) issue-fixing techniques.
How CodeGuru helps DevFactory
When CodeGuru was first unveiled at re:Invent 2019, DevFactory wanted to try it as soon as possible and enrolled in the early beta program. After running CodeGuru against code base repositories, DevFactory made the following findings:
- CodeGuru is predictably the leader in detecting AWS service misuse and recommending actions, which is worth a lot to anyone relying on AWS services. For DevFactory, CodeGuru flagged syntactically valid code that still produced inaccurate results due to paginated Amazon DynamoDB query results.
- CodeGuru resource leaks and security issue coverage is precise, actionable, and expanding. DevFactory concluded that the 21 issues CodeGuru flagged were much more valuable than the over 500 generic non-issues (and quite a few false positives) other generic tools turned up.
- As a managed service, CodeGuru reduces the burden of finding issues with the issue-finder. For the small team that does diligence on hundreds of repositories each week, reliability is just as important as accuracy.
- CodeGuru Reviewer helped DevFactory rewrite its DevGraph product, FogBugz, in cloud-native format.
- CodeGuru Profiler helped DevFactory optimize its DevGraph product, EngineYard, for its new container-based offering.
Conclusion
CodeGuru, CodeGuru Profiler, and CodeGuru Reviewer are now generally available. For more information about getting started with these services, see the following:
- AWS re:Invent 2019: [NEW LAUNCH!] Introduction to Amazon CodeGuru
- Automate Code Reviews and Application Performance Recommendations with Amazon CodeGuru
- Investigating performance issues with Amazon CodeGuru Profiler
- Optimizing application performance with Amazon CodeGuru Profiler
About the Author
Muhammad Mansoor is a Solutions Architect and part of the AWS team based in New York City. Muhammad has a background in DevOps, Containers, Enterprise Transformation and Cloud Migration. In his spare time he loves to spend time with his family and enjoys running.