AWS has declared Python support in its automated code review system CodeGuru production ready, as well as reducing the price by “up to 90 per cent.”
Our first look at the CodeGuru preview in late 2019 was disappointing. We had trouble getting it to make any recommendations, and the price at $0.75 per 100 lines of code seemed excessive – though any code review system is well worth it if it finds issues that prevent bugs or security problems making their way into production.
Since then, AWS has made a number of improvements, including a preview of Python support (alongside Java) in December last year. “We analyzed large code corpuses and Python documentation to source hard-to-find coding issues and trained our detectors to provide best practice recommendations,” said the company.
There is also a catch: if developers perform more than two “full repository scans” there is a further $10 fee per scan
Python support is now generally available, and AWS said it has extended coverage with over 40 new rules and three new detectors, these referring to the categories of issues CodeGuru can identify.
The new detectors cover code maintainability, which claims to identify code complexities among other things, input validation, and resource leaks. These are in addition to existing detectors, which include correct use of AWS APIs, Java and Python best practices, concurrency issues, leak of sensitive information, common coding errors, and unnecessarily duplicated code.
The company has also had a look at its pricing for CodeGuru, needed because the old model could prove expensive. The mechanism for the code analysis has always been that the developer associates the service with a code repository, and analysis is triggered by code commits.
Supported repositories are the little-used AWS CodeCommit, Atlassian Bitbucket, GitHub, both cloud and self-hosted, and code dumped into Amazon S3.
The new pricing model is “a fixed monthly rate determined by the total lines of code across off of [a customer’s] on-boarded repositories,” AWS said this week, charged at $10 per month for the first 100,000 lines of code, and $30 for each additional 100k lines of code.
We are not sure why the price escalates rather than reducing as you add more code; maybe it will help to discourage code bloat. There is also a catch: if developers perform more than two “full repository scans” there is a further $10 fee per scan.
Yet another reminder: When a tech giant says its AI listens to you, it means humans listen to you. Right, Facebook?
Despite these caveats, the service does seem a lot more affordable than before; the company states that it is “a price reduction of up to 90 per cent.”
While this sounds impressive, some users of the service apparently still struggle with the issue we encountered with the early preview: that CodeGuru refuses to make any recommendations. This discussion on the AWS developer forum states that “on a codebase of nearly 100,000 lines, only 4 recommendations. All not relevant.”
Getting the balance right for this type of automated code scan is challenging. If the developer sees thousands of recommendations, they may just be ignored. Few or none raises the strong suspicion that the service is not working correctly.
This is a crowded market; there are numerous static analysis tools out there, and IDEs like Eclipse, IntelliJ IDEA, and Visual Studio come with built-in tools. These will not pick up AWS SDK best practices, nor do they have the resources of AWS machine learning behind them, but having improved its pricing, the key question is how effective it is at coming up with useful recommendations. ®