AWS amazonq documentation change
Summary
Restructured documentation to clarify code review processes, added details about reviewing recent changes vs entire files, and introduced explicit 'How it works' section explaining git diff integration and review initiation workflow.
Security assessment
Changes focus on operational workflow clarification rather than addressing specific vulnerabilities. While security vulnerability detection is mentioned as a capability, the modifications primarily explain process mechanics (git diff usage, review scoping) without introducing new security features or addressing disclosed weaknesses.
Diff
diff --git a/amazonq/latest/qdeveloper-ug/code-reviews.md b/amazonq/latest/qdeveloper-ug/code-reviews.md index 162c74ba0..e67352b50 100644 --- a//amazonq/latest/qdeveloper-ug/code-reviews.md +++ b//amazonq/latest/qdeveloper-ug/code-reviews.md @@ -5 +5 @@ -Types of code issuesQuotas +How it worksTypes of code issuesQuotas @@ -9,5 +9 @@ Types of code issuesQuotas -Amazon Q Developer can review your codebase for security vulnerabilities and code quality issues to improve the posture of your applications throughout the development cycle. You can initiate a review of an entire codebase, analyzing all files in your local project or workspace, or enable auto reviews that assess your code as you write it. - -During a code review, Amazon Q assesses both your custom code and third-party libraries in your code. Before starting a code review, Amazon Q applies filtering to ensure that only relevant code is reviewed. As part of the filtering process, Amazon Q excludes unsupported languages, test code, and open source code. - -When Amazon Q discovers a potential security vulnerability or quality issue in your code, it generates a code issue with a description of the issue and a recommended fix. For some issues, you can generate and apply a code fix, which updates your code files in-place. +Amazon Q Developer can review your codebase for security vulnerabilities and code quality issues to improve the posture of your applications throughout the development cycle. You can review an entire codebase, analyzing all files in your local project or workspace, or review a single file. You can also enable auto reviews that assess your code as you write it. @@ -20,0 +17,2 @@ For information on supported IDEs for this feature, see [Supported IDEs](./q-in- + * How it works + @@ -27,2 +24,0 @@ For information on supported IDEs for this feature, see [Supported IDEs](./q-in- - * [Understanding code issues generated by Amazon Q Developer](./understand-code-issues.html) - @@ -37,0 +34,10 @@ For information on supported IDEs for this feature, see [Supported IDEs](./q-in- +## How it works + +During a code review, Amazon Q assesses both your custom code and third-party libraries in your code. Before starting a code review, Amazon Q applies filtering to ensure that only relevant code is reviewed. As part of the filtering process, Amazon Q excludes unsupported languages, test code, and open source code. + +Amazon Q can either review your recent code changes, or an entire file or project. To initiate a review, you open your code folder in your IDE, and then ask Amazon Q to review your code from the chat panel. + +By default, if you simply ask Amazon Q to review your code, it will review only the code changes in the active file in your IDE. Code changes are determined by the output of the `git diff` command on your file. If there is no diff file is present, Amazon Q will review the entire code file. If no file is open, it will search for any code changes in the project to review. + +Similarly, if you ask Amazon Q to review your entire project or workspace, it will first attempt to review your code changes. If there is no diff file present, it will review your entire codebase. + @@ -83 +89 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Handling special cases +Chatting about code