AWS securityagent documentation change
Summary
Enhanced documentation of code review features including expanded configuration details, on-demand scans, and clearer finding locations
Security assessment
Changes clarify existing security features (code scanning, PR analysis, remediation) but don't address vulnerabilities. No evidence of patching security issues.
Diff
diff --git a/securityagent/latest/userguide/understand-lifecycle.md b/securityagent/latest/userguide/understand-lifecycle.md index 74ca4bec4..cb34e1b46 100644 --- a//securityagent/latest/userguide/understand-lifecycle.md +++ b//securityagent/latest/userguide/understand-lifecycle.md @@ -36 +36 @@ Resource | What it is | Why it’s scoped per application -**Code review settings** | Configuration of which connected repositories have automated code review enabled | Teams control which repositories receive automated security feedback based on their application’s needs. +**Code review settings** | Configuration of code review capabilities including connected sources, scan settings, and PR comment enablement | Each application has its own repositories and security review needs configured independently. @@ -54 +54 @@ GitHub repositories are integrated through a multi-step process that connects or - * **Code review** \- Automated security analysis of pull requests + * **Code review** \- Full source code scanning and automated pull request analysis @@ -58 +58 @@ GitHub repositories are integrated through a multi-step process that connects or - * **Penetration test remediation** \- Automated pull requests with vulnerability fixes for penetration testing findings + * **Automatic code remediation** \- Automated pull requests with vulnerability fixes for code review and penetration testing findings @@ -97 +97 @@ This model supports point-in-time architectural security assessments. -### Code reviews: Automatic and independent +### Code reviews: Reusable configurations with on-demand scans and automatic PR analysis @@ -99 +99 @@ This model supports point-in-time architectural security assessments. -Code reviews integrate into your GitHub workflow without manual configuration per review: +Code reviews provide two modes of operation for securing your source code: @@ -101 +101 @@ Code reviews integrate into your GitHub workflow without manual configuration pe - * **Automatic trigger** \- AWS Security Agent automatically analyzes pull requests in repositories where code review is enabled + * **Full code reviews (web application)** \- Create code review configurations that select GitHub repositories or S3 sources, then run comprehensive scans on demand. Each run performs static analysis across your full source code and generates findings with remediation guidance. You can re-run the same code review configuration as your code evolves. @@ -103 +103 @@ Code reviews integrate into your GitHub workflow without manual configuration pe - * **Independent reviews** \- Each pull request receives its own independent security analysis + * **Pull request comments (GitHub)** \- Enable automated analysis for connected GitHub repositories. AWS Security Agent automatically reviews pull requests when they are marked as ready for review and posts security findings as comments directly in GitHub. @@ -105 +104,0 @@ Code reviews integrate into your GitHub workflow without manual configuration pe - * **Findings in GitHub** \- Security findings appear as comments on pull requests, not in the Security Agent Web Application @@ -109,2 +108 @@ Code reviews integrate into your GitHub workflow without manual configuration pe - -This model embeds security feedback directly into your development workflow. +Both modes use your configured code review settings (security vulnerabilities, custom requirements, or both) and support automated code remediation through pull requests. @@ -133 +131,3 @@ The hierarchy determines where you configure and access different resources: - * View findings from penetration tests and design reviews + * Create, manage, and run code reviews against connected repositories and S3 sources + + * View findings from penetration tests, code reviews, and design reviews @@ -140 +140 @@ The hierarchy determines where you configure and access different resources: - * View code review findings as pull request comments + * View pull request code review findings as pull request comments @@ -142 +142 @@ The hierarchy determines where you configure and access different resources: - * Receive automated remediation pull requests for penetration testing findings (when enabled in the Agent Space) + * Receive automated remediation pull requests for code review and penetration testing findings (when enabled in the Agent Space) @@ -149 +149 @@ The hierarchy determines where you configure and access different resources: -Code review findings and penetration test remediation pull requests appear in GitHub. Penetration test and design review findings appear in the Security Agent Web Application. +Pull request code review findings appear in GitHub. Full code review, penetration test, and design review findings appear in the Security Agent Web Application.