Developer Tools

Accelerate Coding with Amazon CodeWhisperer - AI Code Suggestions and Security Scanning

Generate real-time code suggestions within your IDE, with OWASP Top 10 security scanning and open-source license reference detection. Learn tips for effective usage.

約 4 分で読めます

Overview of CodeWhisperer

CodeWhisperer is an AI coding companion that generates real-time code suggestions within your IDE. Available in VS Code, JetBrains IDEs, and AWS Cloud9, it automatically generates functions, classes, and test code from comments and existing code context. While integrated into Amazon Q Developer, CodeWhisperer's code completion features remain available.

Security Scanning and License Detection

Security scanning analyzes code files and detects vulnerability patterns included in the OWASP Top 10. Detection results include CWE numbers and remediation suggestions to help understand and fix vulnerabilities. License reference detection flags generated code that resembles open-source training data, presenting the relevant open-source project and license (MIT, Apache 2.0, etc.). This helps ensure code usage complies with organizational license policies.

Organizational Deployment and Management

CodeWhisperer Professional edition integrates with IAM Identity Center for organization-wide user management. Administrators can view code suggestion acceptance rates, security scan detection counts, and per-user usage statistics on the dashboard. To get suggestions aligned with organizational coding standards, use the customization feature that lets CodeWhisperer learn from code styles and patterns in your repository. The reference tracker displays license information when suggested code resembles open-source code, reducing the risk of unintentionally incorporating copyleft-licensed code such as GPL or LGPL. The Individual edition is free with no limit on monthly code suggestions, though security scans are limited to 50 per month. For understanding CodeWhisperer workflows, related books (Amazon) can be a useful reference.

Tips for Effective Usage and Limitations

CodeWhisperer's suggestion accuracy heavily depends on how context is provided. Writing specific documentation comments describing input/output types and processing details for functions produces more accurate code. Conversely, vague comments or insufficient context within the file result in overly generic code or incorrect logic. Generated code should always be reviewed, particularly to verify that error handling, edge case processing, and security considerations are appropriate. AWS SDK call code tends to be relatively accurate, while business logic generation tends to be less precise. It also supports test code generation, making it efficient to have it suggest corresponding unit tests from function implementations.

CodeWhisperer Pricing

The Individual Tier is free, with unlimited code suggestions and 50 security scans per month included. The Professional Tier costs approximately $19.00 per user per month, removing security scan limits and providing an organization-wide usage dashboard and customization features. Compared to GitHub Copilot ($10-19/month), the free Individual Tier and higher accuracy for AWS SDK code suggestions are key differentiators.

Summary

Amazon Q Developer (formerly CodeWhisperer) is a service that provides AI-powered code suggestions and security scanning within the IDE. The Individual tier is free and improves both coding productivity and code quality through automatic code completion, function generation, and security vulnerability detection.

Related Services

Amazon CodeWhispererAn AI coding companion that generates real-time code suggestions within your IDEAmazon CodeCatalystA service that unifies project management, CI/CD, and cloud development environments for development teamsAWS CodeBuildA fully managed build service that automates source code compilation and testing

Related Articles

Accelerating AWS Development with Amazon Q Developer - AI Code Generation and TroubleshootingLearn how to use Amazon Q Developer for in-IDE code generation, AWS console troubleshooting, and code transformation.Unifying Development Workflows with Amazon CodeCatalyst - From Project Management to CI/CDThis article explains project management, blueprint-based environment setup, and CI/CD workflow integration with CodeCatalyst.Unified Development Platform - Accelerating Team Development with Amazon CodeCatalystUnify your team development workflow by integrating source repositories, CI/CD pipelines, issue tracking, and development environments with CodeCatalyst. Learn about automating project initialization with blueprints.

More on This Topic

How AI-DLC Transforms Software Development - A Practical Guide to the Inception, Construction, and Operation PhasesAn overview of the AI-DLC methodology that places AI at the center of the development process. Learn about the three phases of Inception, Construction, and Operation, and how to put them into practice with Kiro and Amazon Q Developer.Hands-On with the AI-DLC Unicorn Gym Workshop - Learning AI-DLC Through Team DevelopmentA complete look at the hands-on workshop where you experience AI-DLC through three days of team development. Learn how to run Mob Elaboration and Mob Construction, and how to leverage open-source workflows.Visually Design Serverless Applications with AWS Application Composer - Automatic IaC Template GenerationLearn about visual design of serverless architectures with Application Composer, automatic SAM template generation, and VS Code integration.Artifact Repository Management - Building a Secure Package Management Platform with AWS CodeArtifactLearn how to build and operate an artifact repository using AWS CodeArtifact. This guide covers centralizing package management for npm, Maven, PyPI, and more, along with building secure build pipelines through CodeBuild integration.How AWS API Throttling Works - The Token Bucket Algorithm and the Truth Behind 429 ErrorsLearn how AWS API rate limiting is implemented using the token bucket algorithm, understand the concept of burst capacity, explore differences in throttling limits across services, and discover practical strategies to avoid throttling.Why AWS APIs Return XML - The Evolution from Query APIs to REST JSONExplore the historical reasons why S3 and EC2 APIs return XML responses, the differences between Query APIs and REST APIs, the evolution of authentication from Signature V2 to V4, and the complexity that SDKs abstract away.Why AWS API Endpoints Differ by Region - The Design of Global and Regional ServicesWe explain the design reasons behind the separation of regional endpoints like ec2.us-east-1.amazonaws.com and global endpoints like iam.amazonaws.com, as well as the existence of dual-stack and FIPS endpoints.Browser-Based Shell Environment - Instant CLI Access with AWS CloudShellExplains the browser-based shell environment powered by AWS CloudShell. Covers the CLI environment available instantly from the AWS Management Console, pre-installed development tools, automatic IAM authentication integration, secure file management, and practical tips for improving operational efficiency.

Similar Articles and Services

Accelerating AWS Development with Amazon Q Developer - AI Code Generation and TroubleshootingLearn how to use Amazon Q Developer for in-IDE code generation, AWS console troubleshooting, and code transformation.Amazon Q DeveloperAn AI assistant for developers that helps with code generation, debugging, and optimizationAmazon CodeGuruA service that uses machine learning to automate code reviews and identify application performance bottlenecksAmazon CodeGuruA service that uses machine learning to improve code quality and optimize application performance