Website: The most capable generative AI–powered assistant for software development. A Visual Studio Code extension - or you can also use the Q CLI.

Amazon Q Developer is an AI-powered assistant for software development. It can help generate code, answer programming questions, explain code snippets, help troubleshoot issues, and provide recommendations for improving your code. It integrates with popular IDEs and supports multiple programming languages. Q Developer helps accelerate development tasks by providing contextually relevant suggestions based on your codebase and documentation.

DevOps Security Questions to ask the AI

tweet

Before deploying anything to my AWS account, I go through the following security checklist with Q's "/review" agent:

1. I start with any infrastructure config files (Terraform, Cloud Formation, etc.) and ask Q to find security vulnerabilities.
2. I then ask it to scan the code for hardcoded credentials, API keys, database passwords, or any other secrets in the codebase.
3. I ask the assistant to look for open ports, unrestricted inbound traffic to your servers, and unsecured endpoints.
4. I ask for suggestions for least-privilege policies.
5. I ask it to verify that no data is publicly accessible and ensure that all data is encrypted at rest and during transit.
6. Identify any lack of rate limiting to avoid DDoS attacks. Ask for suggestions on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks.
7. Ask it to scan the project for vulnerable dependencies with pip, npm, go modules, or docker images.
8. Scan the code to find temporal resources, unused user accounts, and orphaned cloud assets.
9. I ask it to identify any forms with insufficient input validation.
10. Finally, I ask for suggestions on how to improve logging throughout the code.