Skip to main content

AWS Security Agent Brings Full Repository Code Scanning to Preview

Security teams have long relied on static analysis tools to catch vulnerabilities before code ships. Those tools are useful, but they have a fundamental limitation: they match code against known patterns. They don’t understand your application.

AWS is taking a different approach with its latest addition to AWS Security Agent. The company recently released full repository code review in preview — a feature that goes well beyond traditional scanning by reasoning about your entire codebase the way a security researcher would.

What’s New

Full repository code review is a new capability in AWS Security Agent that performs deep, context-aware security analysis of an entire codebase. It’s now available in preview at no additional charge for existing AWS Security Agent customers.

Unlike traditional static analysis tools that match code against known vulnerability patterns, full repository code review reasons about an application’s architecture, trust boundaries, and data flows to surface systemic vulnerabilities that pattern-matching tools miss.

That’s a meaningful distinction. Most SAST tools will flag a SQL injection or an exposed credential if it fits a recognized pattern. What they won’t do is trace how data moves across services, how trust boundaries are defined, or how one seemingly minor flaw could chain into a larger exploit. This new feature is designed to catch exactly that.

When vulnerabilities are found, the scanner produces developer-ready findings with transparent evidence and concrete remediation — specific fixes tied to the exact file and line, so teams can identify and address security issues faster.

The Broader Context

A full repository code review is part of a broader set of capabilities that AWS has been building into its Security Agent. The agent is designed to continuously validate application security from design to deployment, covering automated application security reviews and on-demand penetration testing.

The penetration testing feature reached general availability on March 31, 2026, making it the first of the three capabilities — design review, code review, and penetration testing — to move beyond preview. Design review and full repository code review remain in preview.

AWS Security Agent is context-aware — it understands your application design, your code, and your specific security requirements. It continuously scans for security violations and runs penetration tests on demand, instantly and without scheduling.

Under the hood, the agent runs a specialized multi-agent pipeline — a coordinated swarm of purpose-built agents, each responsible for one phase of the testing workflow. For code review specifically, that means analyzing architecture, tracking data flows, and building a picture of how the application actually behaves — not just what it looks like on the surface.

What This Means for DevOps Teams

For development teams, the most practical implication is speed and specificity. Traditional security review cycles often create friction — findings come back late, lack context, or require a security specialist to interpret. Fixes tied to specific files and lines change that dynamic.

The key differentiator is that the agent ingests source code, architecture diagrams, and documentation to understand how the application was designed before it tries to identify problems. This enables it to identify how individual vulnerabilities connect into higher-severity attack chains — the kind of chained exploits traditional scanners are architecturally blind to.

For DevSecOps practitioners trying to shift security left, that’s a significant step. Security findings that arrive with context and ready-to-implement fixes are far more likely to get addressed quickly — and correctly.

“AWS Security Agent’s full repository review shows AppSec moving from pattern-matching to architectural reasoning. That has gravity. By tracing trust boundaries, data flows, and chained exploits across the codebase, AWS positions the cloud platform itself as where security reasoning happens.”

“That reshapes procurement logic for security teams and competitive ground for scanners. Buyers will weigh whether platform-native reasoning, bundled at no extra charge, displaces tools they already license. Vendors that only match patterns will struggle to justify their place in the pipeline,” said Mitch Ashley, VP and Practice Lead, Software Lifecycle Engineering, The Futurum Group​​​​​​​​​​​​​​​.

Available Now in Preview

AWS is prioritizing free early access for customers, giving defenders the opportunity to strengthen their codebases and share what they learn so the whole industry can benefit. AWS is also actively soliciting feedback via the built-in mechanism in the Security Agent web application or by contacting account teams.

For organizations already using AWS Security Agent, enabling full repository code review is accessible directly through the Security Agent console.

It’s still early, and preview status means the experience will continue to evolve. But the direction is clear: AI-assisted security that understands your application architecture, not just your code patterns, is becoming a practical option for development teams — not just a research concept.



from DevOps.com https://ift.tt/ztV9SWk
Labels:

Comments

Post a Comment

Popular posts from this blog

Cursor’s New SDK Turns AI Coding Agents Into Deployable Infrastructure

For most of its life, Cursor has been an IDE. A very good one. But with the public beta of the Cursor SDK, the company is making a different kind of move — one that should get the attention of DevOps teams. The Cursor SDK is a TypeScript library that gives engineers programmatic access to the same runtime, models, and agent harness that power Cursor’s desktop app, CLI, and web interface. In short, the agents that used to live inside an editor can now be invoked from anywhere in your stack. That’s a meaningful shift in how AI coding tools fit into software delivery pipelines. From the Editor to the Pipeline If you’ve used Cursor before, the workflow is familiar — you interact with an agent in real time, asking it to write functions, fix bugs, or review code. The SDK breaks that dependency on interactive use. Now you can call those same agents programmatically, from a CI/CD trigger, a backend service, or embedded inside another tool. Getting started is a single inst...
Post a Comment
Read more

Mistral Moves Coding Agents to the Cloud — and Gets Out of Your Way

For the past year or so, AI coding agents have been tethered to your local machine. You kick off a task, watch the terminal, and babysit every step. It works — but it’s not exactly hands-free. Mistral just changed that. On April 29, the Paris-based AI company announced remote coding agents for its Vibe platform, powered by a new model called Mistral Medium 3.5. The idea is simple: Instead of running coding sessions on your laptop, they now run in the cloud — asynchronously, in parallel, and without you watching over them. What’s Actually New Coding sessions can now work through long tasks while you’re away. Many can run in parallel, and you no longer become the bottleneck at every step the agent takes. That’s the core pitch. You start a task from the Mistral Vibe CLI or directly from Le Chat — Mistral’s AI assistant — and the agent handles the rest. When it’s done, it opens a pull request on GitHub and notifies you, so you review the result inste...
Post a Comment
Read more

OpenAI Debuts Symphony to Orchestrate Coding Agents at Scale

OpenAI has unveiled Symphony, an open-source specification that shifts how software development teams deploy AI in workflows, moving from interactive coding assistance toward continuous orchestration of autonomous agents. Symphony reframes project management tools as operational hubs for AI-driven coding. Rather than prompting an assistant for individual tasks, developers assign work through issue trackers, allowing agents to execute tasks in parallel and deliver outputs for human review. The change reflects a trend in enterprise AI in which systems are increasingly embedded into production pipelines rather than used as standalone tools. Symphony emerged from internal experimentation at   OpenAI , where engineers attempted to scale the use of   Codex   across multiple concurrent sessions. While the agents proved capable, human operators became the limiting factor. Engineers found they could only manage a handful of sessions before coordination overhead offset pro...
Post a Comment
Read more