Migration Engineering with OpenRewrite: The Recipe for Success

How adaptable is your technology stack to changes in business requirements, technological advancements, and the availability of new and better tools? When you can more easily secure, upgrade, move, or modernize your code, that means you can adapt quickly and efficiently to changes in technology and markets. That’s what Migration Engineering is all about, which we’ll be exploring in this workshop.

We’ll discuss and demonstrate how to write custom recipes using OpenRewrite, an open source auto-refactoring tool that enables large-scale code analysis and transformations for your teams. You’ll learn the composition of recipes as we walk through a number of examples, then we’ll demonstrate how to write custom recipes using OpenRewrite. We will assemble these recipes with the visitor pattern, and show how to stitch recipes together with YAML, with Refaster-style templates, with Semgrep matchers, and more. We’ll also show how Generative AI can be applied to accelerate recipe development.

This is a comprehensive look at all kinds of recipe development that will enable you to come away fully equipped to plan and exercise large-scale code transformations in your organization.

Outline

• What is Migration Engineering? (15 minutes)
• Introducing OpenRewrite (30 minutes) ** From source code as text to the Lossless Semantic Tree ** How the OpenRewrite community is organized
• Recipe Exercise #1: change all integer literals to 42 (because 42 is the answer to life, the universe, and everything) (30 minutes)
• Recipe Exercise #2: fixing SAST issues with Refaster-style templates (30 minutes)
• Recipe Exercise #3: finding and securing Personally Identifiable Information (1 hour) ** Introducing search markers ** Introducing Data Tables for impact analysis ** Securing endpoints that expose PII
• Recipe Exercise #4: finding and fixing SQL injection (1 hour) ** Using OpenRewrite’s support for Semgrep-style local data flow analysis ** Contributing a security recipe to the open source catalog of OWASP Top Ten recipes
• Mass remediation: using our first recipes to issue pull requests or commits to many repositories at once (15 minutes)
• Visualization #1: Visualizing the distribution of Gradle versions in a codebase (30 minutes) ** Connecting Jupyter Notebooks to OpenRewrite Data Tables ** Building a simple bar chart of Gradle version distribution across hundreds of repositories.
• Visualization #2: Visualizing unused binary dependencies in Maven and Gradle projects (30 minutes) ** Use of network analysis tools in Jupyter for visualizing large scale directed graphs
• Where to integrate Migration Engineering into the SDLC (15 minutes)
• Open recipe development lab (1.5 hours)
• Demo: Using AI to jumpstart recipe writing