aws AWS News Blog ·

AWS Security Agent Enhances DevSecOps with Threat Modeling and IDE Integrations

blogsecurityawsengineer
feature announcement

AWS Security Agent has introduced several new features, including threat modeling, expanded code review capabilities with pull request scanning and remediation, and new IDE integrations like Kiro power and a Claude Code plugin. These updates aim to proactively secure applications throughout the development lifecycle by identifying and mitigating risks earlier. The new features are available in AWS commercial regions and are geared towards engineers and architects involved in application security and development.

  • Threat Modeling Integration
  • IDE and AI Integrations (Kiro, Claude Code)
  • Expanded Code Review Capabilities
  • Broader Repository and Documentation Support
  • Compliance and Security Requirements Integration
Features (2)
  • Threat Modeling Integration

    AWS Security Agent now offers threat modeling capabilities, analyzing design documents or source code to identify threats and suggest mitigations using the STRIDE framework.

  • IDE and AI Integrations (Kiro, Claude Code)

    Users can now leverage Kiro power and a Claude Code plugin to perform code reviews, generate threat models, and remediate findings directly within their IDE or CLI via an open MCP integration.

Enhancements (3)
  • Expanded Code Review Capabilities

    Code review functionality is enhanced with pull request scanning, remediation, security requirements packs, and simulated validation. New integrations support GitHub, GitLab, Bitbucket, and Confluence.

  • Broader Repository and Documentation Support

    Code review scans now support GitLab and Bitbucket (SaaS and self-hosted), alongside GitHub, and can integrate with Confluence to use existing documentation as context.

  • Compliance and Security Requirements Integration

    The agent validates security requirements against managed compliance packs (e.g., AWS Well Architected, NIST CSF, PCI DSS) or custom organizational requirements, mapping findings to compliance posture.

Read the original announcement →

https://aws.amazon.com/blogs/aws/aws-security-agent-adds-threat-modeling-kiro-power-and-claude-code-plugin-and-more/

Related releases