Interactions replaces Veracode with Moderne for vulnerability remediation and much more

Pat Johnson and Chris Prendergast
|
September 5, 2024
Interactions-Moderne Case Study
Contents

Key Takeaways

When Interactions, a leader in creating conversational AI assistants for large-scale enterprises, embarked on a journey to modernize their tech stack, they faced many challenges. Like many technology companies, over time Interactions had accumulated natural technical debt across many areas of their stack due to the manual nature of remediation along with running on legacy JDKs. This hampered their ability to innovate at the pace they wanted. 

They needed a solution that could not only address these issues but also keep them compliant with strict security standards. This is where Moderne came into play, transforming their development process and elevating their capabilities to new heights. This case study reviews how Interactions is putting Moderne automation to work on their codebases.

Interactions: Pioneering AI-driven virtual assistants

Interactions specializes in building virtual assistants for customer support that combine the best of AI with human intelligence to promote efficient and productive customer conversations. These assistants, primarily used in voice channels, act as the first point of contact, efficiently handling customer interactions before involving human agents. By leveraging advanced natural language processing (NLP), these virtual assistants offer seamless self-service options, significantly reducing the need for live agent support while providing effortless experiences to millions of customers and lowering their clients’ operational costs.

What sets Interactions apart is the deep integration of these virtual assistants with client data systems, enabling the AI to perform complex tasks traditionally handled by humans, such as accessing customer information and executing transactions. This powerful blend of AI and human-assisted services has positioned Interactions as a leader in various industries, from telecommunications to retail.

Supporting this innovation is a highly skilled engineering team divided into two main groups: Professional Services and Platform Engineering. The Professional Services team, led by Nathan Doe, Director of Application Development at Interactions, customizes virtual assistant solutions to meet each client’s specific needs, building on the core platform and integrating it with client systems. Meanwhile, the Platform Engineering team focuses on maintaining and enhancing the foundational platform that powers all of Interactions’ offerings.

Doe explains: “Our goal is to ensure that our applications are up-to-date, secure, and easier to maintain, allowing us to provide the best possible solutions to our clients.”

Java is the primary language driving Interactions’ development, with Python and JavaScript used for specific tasks. Their tech stack is built on Spring Boot, with Maven managing projects and GitLab handling continuous integration and deployment (CI/CD). With around 300 repositories and 25 million lines of code, Interactions’ development teams, located across the U.S. and India, work around the clock to keep their projects moving forward, maintaining a continuous development cycle.

Maintaining their extensive codebase, which included outdated Java applications and legacy frameworks, was challenging under normal circumstances. Because Interactions operates in a billable work model, this added to the challenge of executing code updates and upgrades. The need to estimate, plan, and gain approval for every non-billable task added layers of complexity that could slow down essential modernization efforts, making it difficult to maintain the agility needed to keep their technology stack current and secure.

Moderne offered a comprehensive solution that automated code migration, security remediation, and code clean-up, enabling Interactions to streamline their code maintenance, reduce manual effort, and focus on delivering high-quality, customized solutions to their clients.

Remediating security vulnerabilities proactively

The Interactions security tool at the time, Veracode, was primarily focused on basic vulnerability scanning. While it served its purpose, it lacked the remediation capabilities needed to address the growing technical debt and perform large-scale code remediations. This meant the process of remediation was extremely manual and time-consuming, particularly given the scale of their codebase.

Moderne offered a game-changing solution with its ability to automate security remediation—and do it at scale. 

“At first, we were about to renew with Veracode, but when we discovered Moderne, it was clear that it could do so much more,” Doe shares. “We saw it as a no-brainer because we could address a bunch of our technical debt along with the vulnerability reporting. It quickly became evident that Moderne was much better at doing a lot more than just basic vulnerability scanning.”

Interactions implemented a custom security recipe that automated the process of identifying and fixing vulnerable dependencies. Brian Montgomery, Interactions Engineering Manager, adds, “Historically, we wouldn’t have been able to do this on any reasonable timeline. Now, we run the vulnerable dependency fix at a bi-monthly interval or it can be run on-demand, and it’s made a world of difference.”

This proactive approach to security has allowed Interactions to stay ahead of potential threats, ensuring their applications are secure without the need for extensive manual intervention. The regular automated checks provided by Moderne have become an integral part of their security strategy, delivering peace of mind and allowing the team to focus on more strategic initiatives.

Modernizing the Java tech stack, continuously

Another key challenge Interactions faced was modernizing their aging tech stack. With all their applications running on Java 8 and older versions of Spring Boot, the need for an upgrade was urgent. Doe states that it was their “big goal to get off of these legacy JDKs”—migrating to Java 17, and eventually Java 21, while also updating their Spring Boot versions.

Moderne played a crucial role in this process. “We used Moderne to run the Java 21 and Spring Boot 3 migration recipes on several core libraries,” Doe explained. “That alone probably saved us weeks of effort.” By automating the migration process across multiple repositories, Moderne significantly reduced the time and effort required, allowing Interactions to quickly bring their technology up to date. This modernization not only improved performance but also ensured that their applications were built on a more secure and maintainable foundation.

Automating code quality and standardization

Beyond modernization and security, Interactions also needed to improve the overall quality and consistency of their code. With no standardized coding practices in place, the codebase had become inconsistent, making it harder to maintain and troubleshoot. Additionally, ensuring that code was clean and ready for deployment was an ongoing challenge in their CI/CD pipeline.

Moderne helped Interactions address these issues by enabling automated code clean-up and enforcing coding standards. “One of the goals was to try to leverage Moderne to put some kind of rules in place and some kind of best practices,” Doe said. For example, they began by running a simple recipe to standardize formatting across the codebase, which was initially met with some resistance but ultimately led to significant improvements in code quality.

This clean-up process has been integrated into their CI/CD pipeline, helping to ensure that code is consistently formatted and free of common issues before it reaches production. As a result, Interactions has seen a marked improvement in the quality and maintainability of their code, making their development process more efficient and less prone to errors.

Custom OpenRewrite recipe development opens opportunities 

Moderne and OpenRewrite open the door to automating a large, practically limitless, array of code search, refactoring, and impact analysis operations that would normally be manual and tedious. If the right OpenRewrite recipe is not available out-of-the-box, all it takes is customizing recipes to support an organization’s needs.

Brendan Thomas, a Senior Applications Developer at Interactions, discovered the power of recipe customization early on. Tasked with integrating an internal test framework across multiple customer applications, Thomas realized that the manual process of adding and configuring the necessary modules was both time-consuming and prone to error. He was able to create a tailored recipe that automated this integration.

“It was pretty straightforward once I got the hang of it,” Thomas remarked, highlighting how the combination of Moderne training, documentation, and open-source examples enabled him to quickly get up to speed. He was able to tailor the recipe precisely to the needs of their applications, automating the deployment of the test framework across multiple projects. This not only significantly reduced the time and effort required but also ensured consistency across all applications.

Achieving a more agile and secure codebase with Moderne 

The benefits of using Moderne have been profound for Interactions. Not only have they implemented regular vulnerability remediation and successfully migrated to a more modern tech stack, but they have also significantly reduced the time and effort required to maintain their codebase. The Moderne automation also meant that maintenance tasks that would have otherwise required lengthy approvals and manual effort could be accomplished with minimal disruption, fitting seamlessly into their billable workflows.

What’s more, the standardization of coding practices across the organization has improved code quality and consistency, further reducing their technical debt. “We’ve been able to achieve stylistic standardizations across the organization, which has been helpful,” says Doe. 

In terms of working with Moderne, Doe notes that “The Moderne team has been extremely responsive and engaging, definitely more than Veracode by an order of magnitude.” They particularly appreciated how the Moderne team engaged deeply with their needs, offering one-on-one support and even making adjustments to the product based on their feedback. Moderne’s customer support enhanced their overall experience with the platform.

In terms of next steps with Moderne, Doe would like to see developers driving code changes more, and initial response to the Moderne IDE plugin has been very positive. Doe shared that “The response so far has been, ‘Wow, this is amazing. I can do this kind of stuff from my IDE, and I don’t have to go and ask people where things are.’”

The Moderne Platform flexibility and depth have enabled them to address a wide range of use cases, from security to code modernization, and everything in between.

“There really isn’t another product doing what Moderne is doing,” Doe stated. “The ability to find things across a large set of codebases is invaluable.” 

For Interactions, Moderne has not only solved their immediate technical challenges but has also provided a foundation for continued innovation. It enables Interactions to fulfill its brand promise of delivering effortless self-service automation and fast resolution to millions of customers. As they look to the future, the partnership between Interactions and Moderne is set to grow even stronger, driving further improvements in their development process and ensuring they remain at the forefront of technology.

To learn how Moderne can help you secure, modernize, and standardize your codebase more effectively, contact us.