JCON ONLINE 2022

In this talk I will compare 2 services which aim at automatically identifing critical issues, security vulnerabilities, and hard-to-find bugs during application development: Amazon CodeGuru and SonarQube from the perspective of the Java developer on AWS. Amazon CodeGuru Reviewer uses ML and automated reasoning to provide recommendations to developers on how to fix issues to improve code quality and dramatically reduce the time it takes to fix bugs before they reach customer-facing applications and result in a bad experience. SonarQube is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities