Amazon CodeWhisperer

An AI coding assistant that provides real-time code completion and generation in the IDE, with built-in security scanning and license reference tracking

Overview

Amazon CodeWhisperer (now the code generation feature of Amazon Q Developer) is an AI coding assistant that suggests code to write next in real-time based on comments and code context within the IDE. Supporting over 15 languages including Python, Java, JavaScript, TypeScript, C#, and Go, it assists with everything from generating entire functions to completing one-liners. Its security scanning feature detects vulnerabilities, and a reference tracker attaches license information to suggestions with high similarity to open-source code.

How Context-Aware Code Generation Works

CodeWhisperer's code generation incorporates not only the currently edited file but also related files within the project (import targets, type definitions, test files, etc.) as context, generating suggestions that follow project-specific patterns. Writing intent in natural language comments generates complete function or class implementations matching that description. It is particularly strong with AWS SDK usage patterns, generating AWS-specific code with high accuracy for S3 file uploads, DynamoDB queries, and Lambda handler implementations. Multiple suggestion candidates are displayed, with Tab to accept and arrow keys to cycle through candidates. Supported IDEs include VS Code, JetBrains family (IntelliJ, PyCharm, etc.), Visual Studio, and AWS Cloud9.

Security Scanning and Vulnerability Detection

CodeWhisperer's security scanning detects vulnerability patterns through static analysis based on OWASP Top 10 and CWE (Common Weakness Enumeration). It provides real-time warnings during code writing for security issues including SQL injection, cross-site scripting, hardcoded credentials, unencrypted communications, and improper access controls. Detected vulnerabilities are presented with fix suggestions, allowing one-click replacement with secure code patterns. Full project scans are also available, with recommended operations incorporating automated scanning on pull requests within CI/CD pipelines. It also supports scanning Infrastructure as Code (CloudFormation, Terraform) templates, detecting overly permissive security groups and missing encryption settings.

Customization and Enterprise Operations

The Professional edition allows customization using your organization's internal code repositories as training data, generating suggestions aligned with internal frameworks and coding conventions. Connecting GitHub, GitLab, and Bitbucket repositories through CodeStar Connections enables completions reflecting private codebase context. Administrators can set policies at the Organizations level, blocking code suggestions similar to specific open-source licenses (such as GPL) or controlling reference tracker notification levels. The usage dashboard visualizes team-wide code generation volume, acceptance rates, and security scan detection counts, enabling quantitative measurement of development productivity. Integration with IAM Identity Center provides seamless SSO login and user group-level license assignment.

ShareXB!