Developers are juggling multiple, tedious, time-consuming tasks every day that fall under code maintenance and security—often working in unfamiliar codebases. Do they fix a security vulnerability or stay on track with their project? Do they open the Pandora’s box of a framework migration when it’s not clear the impact to the codebase and how much of a time sink it will be?
Whether it's centrally-driven mandates from platform and security teams or daily code scanning alerts, developers could spend all their time paying down technical debt but their codebase would never be debt-free.
The exciting thing is that paying down technical debt does not have to be a zero-sum game—where every hour spent paying down debt costs an hour on new feature development. Instead, it can be automated, requiring minimal developer time.
Read on to discover the silver bullet that will give developers back precious time to create and be more productive on the things that matter to their business and customers.
How do you automate code refactoring at scale?
Traditionally, making any code changes has required a developer to download code to their laptop, import it into the IDE, refactor it, and then push it back to source code management (SCM). Solutions that rely on repo-by-repo changes to text-based code (even those augmented by IDE automation and AI) don’t scale when maintaining a large codebase.
The minute new code is deployed, it becomes a maintained asset that’s everyone’s business. Software assets span entire organizations, and teams must coordinate changes across multiple places within the same repository and across multiple repositories. Whether it’s updating a dependency version, replacing one API call with another, or adding arguments, the touchpoints in the code can be extensive (and even unknown by developers).
What if you could simplify large-scale code refactoring work with sophisticated rules that can be applied automatically across your codebase?
For example, the requirements for upgrading from JUnit 4 to 5 are immediately enumerable and can be built into rules that are applied to working code. In this case, we’re changing the old expected exception on the @Test annotation for the new ‘assertThrows’ call.
Automated refactoring at scale is enabled by two innovations: the Lossless Semantic Tree (LST) code representation and OpenRewrite recipes that programmatically drive code search and transformation actions. Basically, you run recipes against the LST, which is a full-fidelity artifact of the code that preserves type attribution and formatting. Recipes accurately change the code (which you can then commit), as well as deliver data about the codebase for impact analysis.
OpenRewrite: Foundational tech for complex auto-refactoring
The OpenRewrite open source project and ecosystem is the foundation for automating broad and complex refactoring operations. Individual developers use OpenRewrite recipes to search, fix, and analyze code one repository at a time.
The project is made up of a community of developers, security researchers, OSS maintainers, and more—all dedicated to contributing and improving recipes. Recipes can represent a single, stand-alone operation or can be linked together with other recipes to accomplish a larger goal—ultimately making whole framework migrations and large-scale vulnerability remediations possible.
For example, the Spring Boot 3.2 recipe scoops up migrations from earlier versions, as well as associated dependencies, to enable teams to start wherever they are in version adoption. The OWASP Top Ten recipe comprises fixes for the most critical vulnerabilities identified to date that can be applied across your code at once.
The ability for developers to automate complex code changes by creating, customizing, and sharing recipes beats tedious, repetitive code changes by hand. If you can dream of the refactoring, you can build it as an OpenRewrite recipe to automate the action at scale.
As an Apache 2.0 licensed project, OpenRewrite is available for broad use as well. This type of license permits the use, modification, distribution, and sublicense of the software with minimal restrictions, allowing end-users to create their own proprietary software and offer the licensed code of the original software to customers. This has enabled Amazon Web Services (AWS) to leverage the OpenRewrite technology for local use in their recently announced Amazon Q Code Transformation AI assistant.
Amazon Q Code Transformation with OpenRewrite
Amazon Q Code Transformation is an AI assistant that automates Java application upgrades leveraging OpenRewrite technology. It automatically analyzes the existing code, generates a transformation plan, and completes the transformation tasks suggested by the plan.
Danilo Poccia, Chief Evangelist at AWS, shares that “...an internal Amazon team of five people successfully upgraded one thousand production applications from Java 8 to 17 in two days. It took, on average, 10 minutes to upgrade applications, and the longest one took less than an hour.” He acknowledged that this was normally a project that would have taken their team two to three days per application.
In addition, AWS is joining the OpenRewrite open source community and planning to contribute recipes and improvements. This is a recognition that the OpenRewrite community is a critical component enabling development teams to simplify code maintenance efforts—and make faster and more substantial progress toward a debt-free world.
Eliminate tech debt at scale with the Moderne Platform
The Moderne Platform is enabling a big step in technical debt elimination, leveraging the OpenRewrite recipe ecosystem at enterprise scale.
Moderne is designed to provide horizontal scalability for maintaining and securing source code where development teams can process all the code at once, not just on the repositories on their laptops. This is accomplished with the platform’s unique IP that can batch-build and serialize LSTs, then store them on disk, enabling near-real-time actions, analysis, and collaboration across a codebase.
With Moderne, platform teams and developers access a “code warehouse” environment for understanding the state of their code, analyzing the impact of changes, automating code changes across repositories, mass approving pull requests (PRs), and tracking the progress of change.
From the Moderne DevCenter dashboard, teams can work together on common goals for their codebase as shown in Figure 4. The dashboard is not just about information, it’s about directed action. You can see the status of a migration and click into details of the upgrade, enabling you to review and commit changes. You can see the extent of security exposure and click a button to fix the vulnerabilities. And because all large code changes start with analysis, the top code visualizations are highlighted for review.
The ability to collaborate and automate change across your entire codebase with Moderne can be the silver bullet for eliminating technical debt:
- A framework migration that might take three months to coordinate across 100’s of applications can be done in days.
- A security threat that entirely consumes engineering time for a whole month can be done in hours.
- Performing an analysis to determine the impact of a breaking API change across your codebase can take minutes.
- All those common static analysis issues that could take months for developers to clean up can be done in minutes, and regularly.
What’s more, not only can you automate the work of major framework migrations, like to Java 21 or to Spring Boot 3.x, you can follow the status of those migrations. Not only can you offer automated remediations for security vulnerabilities, you can better manage the risk profile of your codebase.
You can also take advantage of the Moderne IDE plugin, which provides a multi-repo IDE experience enabling developers to research, analyze, and refactor code at scale without leaving their flow.
Try out the Moderne SaaS Platform and the Moderne IDE plugin.
Revive your stagnant codebase
Today’s constantly evolving, inscrutable codebases must be continuously maintained and secured. But that’s not the reality. Instead, development teams are lugging the technical debt along as they strive (and struggle) to deliver new features.
When code is not maintained regularly, it accrues security weaknesses and vulnerabilities. It becomes harder to understand and navigate, as well as more expensive and resource-intensive to maintain. It limits the ability to leverage the best technologies and tools. And, ultimately, it becomes a drag on developer productivity and creativity.
Open up your code for new, innovative possibilities with automated refactoring and analysis at scale.
Contact us for more information on how to get started.