Moderne Recipes
This doc includes every recipe that is exclusive to users of Moderne. For a full list of all recipes, check out our recipe catalog. For more information about how to use Moderne for automating code refactoring and analysis at scale, contact us.
rewrite-ai-search
- Find comments' language distribution
- Find method invocations that resemble a pattern
- Fix mis-encoded French comments, javadocs and pom.xml comments
- Fix mis-encoded comments in French
- Fix mis-encoded comments in French in pom.xml files
- Get embeddings for code snippets in code
- Get recommendations
- List all methods used
rewrite-android
- Change Android SDK version
- Migrate to Android Gradle Plugin 7.2
- Migrate to Android Gradle Plugin 7.3
- Migrate to Android Gradle Plugin 7.4
- Migrate to Android Gradle Plugin 8.0
- Migrate to Android Gradle Plugin 8.1
- Migrate to Android Gradle Plugin 8.2
- Migrate to Android Gradle Plugin 8.3
- Migrate to Android Gradle Plugin 8.4
- Migrate to Android Gradle Plugin 8.5
- Migrate to Android Gradle Plugin 8.6
- Migrate to Android Gradle Plugin 8.7
- Upgrade Android Gradle Plugin (AGP) version
- Upgrade to Android SDK 33
- Upgrade to Android SDK 34
- Upgrade to Android SDK 35
rewrite-circleci
rewrite-codemods
- A story should not have a redundant name property
- Add React imports
- Adds
DefaultThememodule augmentation to typescript projects. - Applies a codemod to all source files
- Combination of all deprecations
- Convert
vartolet - Converts ExpansionPanel to use ExpansionPanel component
- Converts GridList to use Grid component
- Converts JSS styles to styled-components
- Converts JSS to TypeScript in React components
- Converts
rootReftoref - Converts
sxprop tosxstyle prop - Converts all
@mui/materialsubmodule imports to the root module - Converts base imports to use React hooks
- Converts components to use the v4 adapter module
- Deprecated hierarchy separator in title property
- Disallow Jasmine globals
- Disallow
ifstatements as the only statement inifblocks withoutelse. - Disallow
new Array(). - Disallow
parseInt()andNumber.parseInt()in favor of binary, octal, and hexadecimal literals - Disallow alias methods
- Disallow arrow functions where they could be confused with comparisons
- Disallow awaiting non-promise values.
- Disallow classes that only have static members.
- Disallow comparing
undefinedusingtypeof. - Disallow else blocks after return statements in if statements
- Disallow equal signs explicitly at the beginning of regular expressions
- Disallow extra closing tags for components without children
- Disallow extra closing tags for components without children
- Disallow initializing variables to undefined
- Disallow leading or trailing decimal points in numeric literals
- Disallow member access from
awaitexpression. - Disallow missing parentheses around multiline JSX
- Disallow missing parentheses around multiline JSX
- Disallow multiple empty lines
- Disallow multiple spaces
- Disallow multiple spaces between inline JSX props
- Disallow multiple spaces between inline JSX props
- Disallow negated conditions.
- Disallow nested ternary expressions.
- Disallow number literals with zero fractions or dangling dots.
- Disallow or enforce spaces inside of blocks after opening block and before closing block
- Disallow or enforce spaces inside of blocks after opening block and before closing block in
<template> - Disallow problematic leaked values from being rendered
- Disallow redundant return statements
- Disallow renaming import, export, and destructured assignments to the same name
- Disallow returning/yielding
Promise.resolve()/reject()inasyncfunctions or promise callbacks. - Disallow shorthand type conversions
- Disallow target="_blank" attribute without rel="noreferrer"
- Disallow ternary operators when simpler alternatives exist
- Disallow the use of
Math.powin favor of the ** operator - Disallow the use of the
nullliteral. - Disallow trailing whitespace at the end of lines
- Disallow unnecessary JSX expressions when literals alone are sufficient or enforce JSX expressions on literals in JSX children or attributes
- Disallow unnecessary JSX expressions when literals alone are sufficient or enforce JSX expressions on literals in JSX children or attributes
- Disallow unnecessary calls to
.bind() - Disallow unnecessary computed property keys in objects and classes
- Disallow unnecessary fragments
- Disallow unnecessary labels
- Disallow unnecessary mustache interpolations
- Disallow unnecessary parentheses
- Disallow unnecessary parentheses in
<template> - Disallow unnecessary semicolons
- Disallow unnecessary spread.
- Disallow unnecessary v-bind directives
- Disallow unreadable array destructuring.
- Disallow unsupported Vue.js syntax on the specified version
- Disallow usage of this in template
- Disallow usage of unknown DOM property
- Disallow use of
Object.prototype.hasOwnProperty.call()and prefer use ofObject.hasOwn() - Disallow use of deprecated functions from before version 27
- Disallow useless
undefined. - Disallow useless array
lengthcheck. - Disallow useless fallback when spreading in object literals.
- Disallow using
Object.assignwith an object literal as the first argument and prefer the use of object spread instead - Disallow using jest.mock() factories without an explicit type parameter
- Disallow using the
thisargument in array methods. - Disallow whitespace before properties
- Do not define a title in meta
- Do not use a
forloop that can be replaced with afor-ofloop. - Do not use leading/trailing space between
console.logparameters. - Do not use testing-library directly on stories
- Enforce JSX indentation
- Enforce JSX indentation
- Enforce PascalCase for user-defined JSX components
- Enforce Promise or callback style in nextTick
- Enforce a convention in module import order
- Enforce a newline after import statements
- Enforce a particular style for multiline comments
- Enforce a specific function type for function components
- Enforce a specific parameter name in catch clauses.
- Enforce better string content.
- Enforce boolean attributes notation in JSX
- Enforce closing bracket location in JSX
- Enforce closing bracket location in JSX
- Enforce closing tag location for multiline JSX
- Enforce closing tag location for multiline JSX
- Enforce combining multiple
Array#push()into one call. - Enforce consistent brace style for all control statements
- Enforce consistent brace style for blocks
- Enforce consistent brace style for blocks in
<template> - Enforce consistent brace style for case clauses.
- Enforce consistent case for text encoding identifiers.
- Enforce consistent comma style
- Enforce consistent comma style in
<template> - Enforce consistent indentation
- Enforce consistent indentation in
<script> - Enforce consistent indentation in HTML comments
- Enforce consistent line breaks after opening and before closing braces
- Enforce consistent line breaks after opening and before closing braces in
<template> - Enforce consistent line breaks inside function parentheses
- Enforce consistent linebreak style
- Enforce consistent linebreak style for operators
- Enforce consistent linebreak style for operators in
<template> - Enforce consistent linebreaks in curly braces in JSX attributes and expressions
- Enforce consistent linebreaks in curly braces in JSX attributes and expressions
- Enforce consistent newlines before and after dots
- Enforce consistent newlines before and after dots in
<template> - Enforce consistent relative URL style.
- Enforce consistent spacing after the `//` or `/*` in a comment
- Enforce consistent spacing around `*` operators in generator functions
- Enforce consistent spacing before `function` definition opening parenthesis
- Enforce consistent spacing before and after commas
- Enforce consistent spacing before and after commas in
<template> - Enforce consistent spacing before and after keywords
- Enforce consistent spacing before and after keywords in
<template> - Enforce consistent spacing before and after semicolons
- Enforce consistent spacing before and after the arrow in arrow functions
- Enforce consistent spacing before and after the arrow in arrow functions in
<template> - Enforce consistent spacing before blocks
- Enforce consistent spacing before or after unary operators
- Enforce consistent spacing before or after unary operators in
<template> - Enforce consistent spacing between keys and values in object literal properties
- Enforce consistent spacing between keys and values in object literal properties in
<template> - Enforce consistent spacing inside array brackets
- Enforce consistent spacing inside array brackets in
<template> - Enforce consistent spacing inside braces
- Enforce consistent spacing inside braces in
<template> - Enforce consistent spacing inside computed property brackets
- Enforce consistent spacing inside parentheses
- Enforce consistent spacing inside parentheses in
<template> - Enforce consistent usage of destructuring assignment of props, state, and context
- Enforce correct
Errorsubclassing. - Enforce dot notation whenever possible
- Enforce dot notation whenever possible in
<template> - Enforce explicitly comparing the length or size property of a value.
- Enforce line breaks after each array element
- Enforce line breaks after each array element in
<template> - Enforce line breaks after opening and before closing block-level tags
- Enforce line breaks between arguments of a function call
- Enforce linebreaks after opening and before closing array brackets
- Enforce linebreaks after opening and before closing array brackets in
<template> - Enforce location of semicolons
- Enforce lowercase test names
- Enforce maximum of props on a single line in JSX
- Enforce maximum of props on a single line in JSX
- Enforce new lines between multi-line properties in Vue components
- Enforce newlines between operands of ternary expressions
- Enforce newlines between operands of ternary expressions in
<template> - Enforce no spaces between braces.
- Enforce or ban the use of inline type-only markers for named imports
- Enforce or disallow capitalization of the first letter of a comment
- Enforce or disallow parentheses when invoking a constructor with no arguments
- Enforce or disallow spaces around equal signs in JSX attributes
- Enforce or disallow spaces around equal signs in JSX attributes
- Enforce or disallow spaces inside of curly braces in JSX attributes and expressions
- Enforce or disallow spaces inside of curly braces in JSX attributes and expressions
- Enforce order of attributes
- Enforce order of component top-level elements
- Enforce order of component top-level elements
- Enforce order of defineEmits and defineProps compiler macros
- Enforce order of properties in components
- Enforce placing object properties on separate lines
- Enforce placing object properties on separate lines in
<template> - Enforce propTypes declarations alphabetical sorting
- Enforce proper case for numeric literals.
- Enforce proper position of the first property in JSX
- Enforce proper position of the first property in JSX
- Enforce props alphabetical sorting
- Enforce props alphabetical sorting
- Enforce props indentation in JSX
- Enforce props indentation in JSX
- Enforce props with default values to be optional
- Enforce shorthand or standard form for React fragments
- Enforce sorted import declarations within modules
- Enforce spacing around colons of switch statements
- Enforce spacing before closing bracket in JSX
- Enforce spacing between rest and spread operators and their expressions
- Enforce specific casing for the component naming style in template
- Enforce static class names order
- Enforce test and it usage conventions
- Enforce that props are read-only
- Enforce the casing of component name in components options
- Enforce the consistent use of either backticks, double, or single quotes
- Enforce the consistent use of either double or single quotes in JSX attributes
- Enforce the location of arrow function bodies
- Enforce the location of single-line statements
- Enforce the style of numeric separators by correctly grouping digits.
- Enforce the use of Unicode escapes instead of hexadecimal escapes.
- Enforce the use of
Buffer.from()andBuffer.alloc()instead of the deprecatednew Buffer(). - Enforce the use of
Math.trunc()instead of bitwise operators. - Enforce the use of
newfor all builtins, exceptString,Number,Boolean,Symbol, andBigInt. - Enforce throwing
TypeErrorin type checking conditions. - Enforce unified line brake in HTML comments
- Enforce unified spacing in HTML comments
- Enforce use of defineOptions instead of default export.
- Enforce using the digits argument with
Number#toFixed(). - Enforce using the separator argument with
Array#join(). - Enforce v-for directive's delimiter style
- Enforce valid titles
- Enforce variables to be declared either together or separately in functions
- Enforce whitespace in and around the JSX opening and closing brackets
- Enforce whitespace in and around the JSX opening and closing brackets
- Enforce writing style for handlers in v-on directives
- Enforces consistent spacing inside TypeScript type generics
- Ensure all imports appear before other statements
- Ensures presets are safe to use
- Expect space before the type declaration in the named tuple
- Fix whitespace-insensitive template indentation.
- Forbid empty named import
- Forbid import of modules using absolute paths
- Forbid import statements with CommonJS module.exports
- Forbid importing packages through relative paths
- Forbid namespace (a.k.a. "wildcard"
*) imports. - Forbid repeated import of the same module in multiple places
- Forbid unnecessary path segments in import and require statements
- Format TypeScript using ESLint Prettier plugin
- Generate named exports from CommonJS modules
- Improve regexes by making them shorter, consistent, and safer.
- Indentation for binary operators
- Interactions should be awaited
- Lifecycle methods should be methods on the prototype, not class fields
- Lint TypeScript code using ESLint
- Lint source code with ESLint
- Migrate
ImageResponseimports - Migrate to the New Image Component
- Moves date pickers to
@mui/x-date-picker - Moves lab modules to
@mui/material - Moves tree view to
@mui/x-tree-view - Next.js Codemods for API Updates
- Optimizes imports
- Prefer JavaScript modules (ESM) over CommonJS.
- Prefer
.addEventListener()and.removeEventListener()over on-functions. - Prefer
.at()method for index access andString#charAt(). - Prefer
.before()over.insertBefore(),.replaceWith()over.replaceChild(), prefer one of.before(),.after(),.append()or.prepend()overinsertAdjacentText()andinsertAdjacentElement(). - Prefer
.find()and.findLast()over the first or last element from.filter(). - Prefer
.flatMap()over.map().flat(). - Prefer
.includes()over.indexOf()andArray#some()when checking for existence or non-existence. - Prefer
.querySelector()over.getElementById(),.querySelectorAll()over.getElementsByClassName()and.getElementsByTagName(). - Prefer
.some()over.filter().lengthcheck and.{find,findLast}(). - Prefer
Array#flat()over legacy techniques to flatten arrays. - Prefer
Array#{indexOf,lastIndexOf}()overArray#{findIndex,findLastIndex}()when looking for the index of an item. - Prefer
Date.now()to get the number of milliseconds since the Unix Epoch. - Prefer
KeyboardEvent#keyoverKeyboardEvent#keyCode. - Prefer
Node#append()overNode#appendChild(). - Prefer
Numberstatic properties over global ones. - Prefer
Reflect.apply()overFunction#apply(). - Prefer
RegExp#test()overString#match()andRegExp#exec(). - Prefer
Set#has()overArray#includes()when checking for existence or non-existence. - Prefer
String#replaceAll()over regex searches with the global flag. - Prefer
String#slice()overString#substr()andString#substring(). - Prefer
String#startsWith()&String#endsWith()overRegExp#test(). - Prefer
String#trimStart()/String#trimEnd()overString#trimLeft()/String#trimRight(). - Prefer
childNode.remove()overparentNode.removeChild(childNode). - Prefer
export…fromwhen re-exporting. - Prefer
for…ofover theforEachmethod. - Prefer
switchover multipleelse-if. - Prefer await expect(...).resolves over expect(await ...) syntax
- Prefer borrowing methods from the prototype instead of the instance.
- Prefer default parameters over reassignment.
- Prefer mock resolved/rejected shorthands for promises
- Prefer modern Math APIs over legacy patterns.
- Prefer negative index over
.length - indexwhen possible. - Prefer omitting the catch binding parameter.
- Prefer reading a JSON file as a buffer.
- Prefer ternary expressions over simple
if-elsestatements. - Prefer the spread operator over
Array.from(),Array#concat(),Array#{slice,toSpliced}()andString#split(''). - Prefer using
.dataseton DOM elements over calling attribute methods. - Prefer using
Object.fromEntries()to transform a list of key-value pairs into an object. - Prefer using
Set#sizeinstead ofArray#length. - Prefer using
String,Number,BigInt,Boolean, andSymboldirectly. - Prefer using the
node:protocol when importing Node.js builtin modules. - Prepends emotion cache
- Prevent abbreviations.
- React class component to function component
- Recommended ESLint Styling
- Recommended Jest code cleanup
- Recommended Storybook code cleanup
- Recommended svelte code cleanup
- Recommended vue code cleanup
- Remove "use strict" directives
- Remove
<a>Tags From Link Components - Remove system props and add them to the
sxprop - Removes
Unstyledsuffix from base components - Removes
componentprop from base components - Removes
imgPropsprop from Avatar component - Rename Next Image Imports
- Rename Next Image Imports
- Renames CSS properties for Box component
- Renames CSS variables
- Renames
Muiclassname prefix - Renames
TextFieldtoInput - Renames
alphaprop toopacity - Renames
closeIconprop tocloseButtonIcon - Renames
collapsedHeightprop totransitionCollapsedHeight - Renames
colorprop tocolorOverride - Renames
componentprop toas - Renames
gapprop tospacing - Renames
optionprop togetOptionLabel - Renames
rowprop toflexDirection="row" - Renames base components to slots
- Renames components to slots
- Replace all function expressions with only
returnstatement with simple arrow - Replace lodash and underscore array functions with native JavaScript
- Replace lodash and underscore function functions with native JavaScript
- Replace lodash and underscore object functions with native JavaScript
- Replace lodash and underscore utility functions with native JavaScript
- Replaces
@muiimports with@mui/material - Require
Array.isArray()instead ofinstanceof Array. - Require
letorconstinstead ofvar - Require
newwhen throwing an error. - Require a newline after each call in a method chain
- Require a specific member delimiter style for interfaces and type literals
- Require braces around arrow function bodies
- Require consistent spacing around type annotations
- Require const declarations for variables that are never reassigned after declared
- Require destructuring from arrays and/or objects
- Require empty lines around comments
- Require escape sequences to use uppercase values.
- Require key attribute for conditionally rendered repeated components
- Require one JSX element per line
- Require one JSX element per line
- Require or disallow "Yoda" conditions
- Require or disallow Unicode byte order mark (BOM)
- Require or disallow an empty line between class members
- Require or disallow assignment operator shorthand where possible
- Require or disallow logical assignment operator shorthand
- Require or disallow method and property shorthand syntax for object literals
- Require or disallow method and property shorthand syntax for object literals in
<template> - Require or disallow newline at the end of files
- Require or disallow newlines around variable declarations
- Require or disallow newlines between sibling tags in template
- Require or disallow padding lines between blocks
- Require or disallow padding lines between statements
- Require or disallow padding lines in component definition
- Require or disallow padding within blocks
- Require or disallow semicolons instead of ASI
- Require or disallow spacing around embedded expressions of template strings
- Require or disallow spacing around embedded expressions of template strings in
<template> - Require or disallow spacing around the `` in `yield` expressions
- Require or disallow spacing between function identifiers and their invocations
- Require or disallow spacing between function identifiers and their invocations in
<template> - Require or disallow spacing between function identifiers and their invocations. Alias of `function-call-spacing`.
- Require or disallow spacing between template tags and their literals
- Require or disallow strict mode directives
- Require or disallow trailing commas
- Require or disallow trailing commas in
<template> - Require or prevent a new line after jsx elements and expressions
- Require or prevent a new line after jsx elements and expressions.
- Require parentheses around arrow function arguments
- Require parentheses around immediate `function` invocations
- Require parenthesis around regex literals
- Require quotes around object literal property names
- Require quotes around object literal property names in
<template> - Require spacing around infix operators
- Require spacing around infix operators in
<template> - Require static class names in template to be in a separate class attribute
- Require template literals instead of string concatenation
- Require template literals instead of string concatenation in
<template> - Require the use of === and !== in
<template> - Require the use of
===and!== - Require using .only and .skip over f and x
- Require using arrow functions for callbacks
- Require variables within the same declaration block to be sorted
- Run Putout
- Stories should use PascalCase
- Story files should have a default export
- Suggest using jest.spyOn()
- Suggest using test.todo
- Suggest using the built-in comparison matchers
- Suggest using toBe() for primitive literals
- Suggest using toContain()
- Suggest using toHaveLength()
- Transform AMD style
define()calls to ES6importstatements - Transform AMP HOC into page config
- Transform Anonymous Components into Named Components
- Transform CommonJS style
require()calls to ES6importstatements - Update the theme creation from
@mui/system@v5to be compatible with@pigment-css/react - Update the usage of the
sxprop to be compatible with@pigment-css/react - Updates
borderRadiusprop values - Updates
circleprop tovariant="circular" - Updates
circularprop tovariant="circular" - Updates
downprop for Hidden component - Updates
justifyprop tojustifyContentfor Grid component - Updates
minRowsandmaxRowsprops for TextareaAutosize component - Updates
overlapprop tovariant="dot" - Updates
roundvalues for theme typography - Updates
sizeprop for IconButton component - Updates
variantprop for Chip component - Updates
variantprop for CircularProgress component - Updates
variantprop for Fab component - Updates
variantprop for Skeleton component - Updates
variantprop usage - Updates
widthvalues for theme breakpoints - Updates base imports to use named exports
- Updates createMuiTheme usage
- Updates import paths for core styles
- Updates link underline on hover
- Updates props for Dialog component
- Updates props for DialogTitle component
- Updates props for Modal component
- Updates props for Table component
- Updates scroll buttons for Tabs component
- Updates the usage of
styledfrom@mui/system@v5to be compatible with@pigment-css/react - Updates the usage of the
@mui/material/Grid2,@mui/system/Grid, and@mui/joy/Gridcomponents to their updated APIs. - Updates theme breakpoints
- Updates theme options
- Updates theme palette mode
- Updates theme spacing
- Updates theme spacing API
- Updates usage of ThemeProvider
- Updates usage of
@mui/styles - Updates usage of
@mui/types - Updates usage of styled engine provider
- Updates usage of transitions
- Updates usage of useAutocomplete
- Updates usage of useTransitionProps
- Updates withMobileDialog higher-order component
- Updates withWidth higher-order component
- Upgrade ECMAScript 5 to ECMAScript 6
- Use Built-in Font
- Use
viewportexport - Use
withRouter - Use destructured variables over properties.
- Use expect from @storybook/jest
- disallow dynamic slot name
- disallow spaces around equal signs in attribute
- disallow to use of the store itself as an operand. Need to use $ prefix or get function.
- disallow unnecessary mustache interpolations
- enforce consistent indentation
- enforce consistent spacing after the in a HTML comment
- enforce order of attributes
- enforce quotes style of HTML attributes
- enforce self-closing style
- enforce the location of first attribute
- enforce the maximum number of attributes per line
- enforce unified spacing in mustache
- enforce use of shorthand syntax in attribute
- enforce use of shorthand syntax in directives
- require class directives instead of ternary expressions
- require or disallow a space before tag's closing brackets
- require style directives instead of style attribute
rewrite-codemods-ng
- Update to Angular v15
- Update to Angular v16
- Update to Angular v17
- Update to Angular v18
- Update to Angular v19
- Upgrade Angular versions
rewrite-compiled-analysis
- Change
List#addtoList#plusand verify. - Verify compilation
rewrite-comprehension
- Comprehend code
- Update README
- Update the README for an OpenRewrite recipe repository
rewrite-concourse
- Change Concourse value
- Change resource version
- Find pinned resources by type
- Find privileged
resource_typedefinitions. - Find resource
- Update git resource
source.urireferences
rewrite-dotnet
- Analyze a .NET project using upgrade-assistant
- Upgrade a .NET project using upgrade-assistant
- Upgrade to .NET 6.0 using upgrade-assistant
- Upgrade to .NET 7.0 using upgrade-assistant
- Upgrade to .NET 8.0 using upgrade-assistant
- Upgrade to .NET 9.0 using upgrade-assistant
rewrite-jackson
- Migrate classes from Jackson Codehaus (legacy) to Jackson FasterXML
- Migrate dependencies from Jackson Codehaus (legacy) to FasterXML
- Migrate from Jackson Codehaus (legacy) to Jackson FasterXML
- Migrate serialization annotation processor
- Migrate to Jackson
@JsonInclude - Remove Codehaus Jackson annotations if doubly annotated
- Transfer @JsonSerialize arguments from Codehaus to FasterXML
rewrite-java-security
- Dependency insight for C#
- Enable CSRF attack prevention
- Find AWS secrets
- Find Artifactory secrets
- Find Azure secrets
- Find Discord secrets
- Find GitHub secrets
- Find Google secrets
- Find Heroku secrets
- Find JWT secrets
- Find Jackson default type mapping enablement
- Find MailChimp secrets
- Find Mailgun secrets
- Find NPM secrets
- Find PGP secrets
- Find PayPal secrets
- Find Picatic secrets
- Find RSA private keys
- Find SSH secrets
- Find SendGrid secrets
- Find Slack secrets
- Find Square secrets
- Find Stripe secrets
- Find Telegram secrets
- Find Twilio secrets
- Find Twitter secrets
- Find and fix vulnerable Nuget dependencies
- Find and fix vulnerable dependencies
- Find generic secrets
- Find licenses in use in third-party dependencies
- Find passwords used in URLs
- Find secrets
- Find secrets with regular expressions
- Find sensitive API endpoints
- Find text-direction changes
- Find vulnerable uses of Jackson
@JsonTypeInfo - Fix CWE-338 with
SecureRandom - Improper privilege management
- Insecure JMS deserialization
- Insecure cookies
- Java security best practices
- Partial path traversal vulnerability
- Prevent clickjacking
- Regular Expression Denial of Service (ReDOS)
- Remediate OWASP A01:2021 Broken access control
- Remediate OWASP A02:2021 Cryptographic failures
- Remediate OWASP A03:2021 Injection
- Remediate OWASP A05:2021 Security misconfiguration
- Remediate OWASP A06:2021 Vulnerable and outdated components
- Remediate OWASP A08:2021 Software and data integrity failures
- Remediate vulnerabilities from the OWASP Top Ten
- Remove unused dependencies
- Secure Spring service exporters
- Secure random
- Secure the use of Jackson default typing
- Secure the use of SnakeYAML's constructor
- SecureRandom seeds are not constant or predictable
- Software bill of materials
- Upgrade C# dependency versions
- Use
Files#createTempDirectory - Use secure temporary file creation
- XML parser XXE vulnerability
- Zip slip
rewrite-kubernetes
- Add Kubernetes configuration
- Add RBAC rules
- Cap exceeds resource value
- Change Kubernetes API version
- Ensure CPU limits are set
- Ensure CPU request is set
- Ensure image pull policy is
Always - Ensure lifecycle rule on
StorageBucket - Ensure liveness probe is configured
- Ensure memory limits are set
- Ensure memory request is set
- Ensure readiness probe is configured
- Find annotation
- Find annotation
- Find disallowed image tags
- Find exceeds resource limit
- Find exceeds resource ratio
- Find hardcoded IP addresses
- Find image by name
- Find label
- Find missing configuration
- Find missing image digest
- Find non-TLS Ingresses
- Find uses of
externalIP - Kubernetes best practices
- Limit root capabilities in a container
- Migrate to Kubernetes API v1.16
- Migrate to Kubernetes API v1.22
- Migrate to Kubernetes API v1.25
- Migrate to Kubernetes API v1.26
- Migrate to Kubernetes API v1.27
- Migrate to Kubernetes API v1.29
- Migrate to Kubernetes API v1.32
- No host IPC sharing
- No host network sharing
- No host process ID sharing
- No privilege escalation
- No privileged containers
- No root containers
- Read-only root filesystem
- Service type
- Update
ServiceexternalIP - Update image name
rewrite-nodejs
- Find Node.js projects
- Find and fix vulnerable npm dependencies
- Javascript UI library insights
- Javascript database interaction library insights
- Javascript form handling library insights
- Javascript linting & formatting library insights
- Javascript real-time communication library insights
- Javascript security library insights
- Javascript server-side frameworks insights
- Javascript state management library insights
- Javascript task runners & build tools insights
- Javascript testing library insights
- Javascript utility library insights
- Node.js dependency insight
- Upgrade Node.js dependencies
rewrite-reactive-streams
- Migrate to Reactor 3.5
- Reactor Best Practices
- Replace
DirectProcessor.create()withSinks.many().multicast().directBestEffort() - Replace
EmitterProcessor.create()withSinks.many().multicast().onBackpressureBuffer() - Replace
EmitterProcessor.create(Boolean)withSinks.many().multicast().onBackpressureBuffer(Queues.SMALL_BUFFER_SIZE, Boolean) - Replace
EmitterProcessor.create(int)withSinks.many().multicast().onBackpressureBuffer(int) - Replace
EmitterProcessor.create(int, Boolean)withSinks.many().multicast().onBackpressureBuffer(int, Boolean) - Replace
MonoProcessor.create()withSinks.one() - Replace
ReplayProcessor.cacheLast()withSinks.many().replay().latest() - Replace
ReplayProcessor.cacheLast()withSinks.many().replay().latest() - Replace
ReplayProcessor.create()withSinks.many().replay().all() - Replace
ReplayProcessor.create(int)withSinks.many().replay().limit(int) - Replace
ReplayProcessor.create(int, false)withSinks.many().replay().limit(int) - Replace
ReplayProcessor.create(int, true)withSinks.many().replay().all(int) - Replace
ReplayProcessor.createSizeAndTimeout(int, Duration)withSinks.many().replay().limit(int, duration) - Replace
ReplayProcessor.createSizeAndTimeout(int, Duration, Scheduler)withSinks.many().replay().limit(int, Duration, Scheduler) - Replace
ReplayProcessor.createTimeout(Duration)withSinks.many().replay().limit(duration) - Replace
ReplayProcessor.createTimeout(Duration, Scheduler)withSinks.many().replay().limit(Duration, Scheduler) - Replace
UnicastProcessor.create()withSinks.many().unicast().onBackpressureBuffer() - Replace
UnicastProcessor.create(Queue)withSinks.many().unicast().onBackpressureBuffer(Queue) - Replace
UnicastProcessor.create(Queue, Consumer, Disposable)withSinks.many().unicast().onBackpressureBuffer(Queue, Disposable) - Replace
UnicastProcessor.create(Queue, Disposable)withSinks.many().unicast().onBackpressureBuffer(Queue, Disposable) - Replace
doAfterSuccessOrErrorcalls withtapoperator - Replace various
Processor.cachecalls with theirSinksequivalent - Replace various
Processor.createcalls with theirSinksequivalent
rewrite-sql
- Change a SQL function name
- Find SQL function
- Find SQL in code and resource files
- Format SQL in string text blocks
rewrite-terraform
- Add Terraform configuration
- Best practices for AWS
- Best practices for Azure
- Best practices for GCP
- Disable Instance Metadata Service version 1
- Disable Kubernetes dashboard
- Enable API gateway caching
- Enable Azure Storage Account Trusted Microsoft Services access
- Enable Azure Storage secure transfer required
- Enable VPC Flow Logs for subnetworks
- Enable VPC flow logs and intranode visibility
- Enable
PodSecurityPolicycontroller on Google Kubernetes Engine (GKE) clusters - Enable geo-redundant backups on PostgreSQL server
- Enable point-in-time recovery for DynamoDB
- Encrypt Aurora clusters
- Encrypt Azure VM data disk with ADE/CMK
- Encrypt CodeBuild projects
- Encrypt DAX storage at rest
- Encrypt DocumentDB storage
- Encrypt EBS snapshots
- Encrypt EBS volume launch configurations
- Encrypt EBS volumes
- Encrypt EFS Volumes in ECS Task Definitions in transit
- Encrypt ElastiCache Redis at rest
- Encrypt ElastiCache Redis in transit
- Encrypt Neptune storage
- Encrypt RDS clusters
- Encrypt Redshift storage at rest
- Ensure AKS policies add-on
- Ensure AKV secrets have an expiration date set
- Ensure AWS CMK rotation is enabled
- Ensure AWS EFS with encryption for data at rest is enabled
- Ensure AWS EKS cluster endpoint access is publicly disabled
- Ensure AWS Elasticsearch domain encryption for data at rest is enabled
- Ensure AWS Elasticsearch domains have
EnforceHTTPSenabled - Ensure AWS Elasticsearch has node-to-node encryption enabled
- Ensure AWS IAM password policy has a minimum of 14 characters
- Ensure AWS Lambda function is configured for function-level concurrent execution limit
- Ensure AWS Lambda functions have tracing enabled
- Ensure AWS RDS database instance is not publicly accessible
- Ensure AWS S3 object versioning is enabled
- Ensure Amazon EKS control plane logging enabled for all log types
- Ensure Azure App Service Web app redirects HTTP to HTTPS
- Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days
- Ensure Azure PostgreSQL database server with SSL connection is enabled
- Ensure Azure SQL Server threat detection alerts are enabled for all threat types
- Ensure Azure SQL server audit log retention is greater than 90 days
- Ensure Azure SQL server send alerts to field value is set
- Ensure Azure application gateway has WAF enabled
- Ensure Azure key vault is recoverable
- Ensure CloudTrail log file validation is enabled
- Ensure EC2 is EBS optimized
- Ensure ECR repositories are encrypted
- Ensure FTP Deployments are disabled
- Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
- Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
- Ensure GCP VM instances have block project-wide SSH keys feature enabled
- Ensure GCP cloud storage bucket with uniform bucket-level access are enabled
- Ensure IAM password policy expires passwords within 90 days or less
- Ensure IAM password policy prevents password reuse
- Ensure IAM password policy requires at least one lowercase letter
- Ensure IAM password policy requires at least one number
- Ensure IAM password policy requires at least one symbol
- Ensure IAM password policy requires at least one uppercase letter
- Ensure IP forwarding on instances is disabled
- Ensure Kinesis Stream is securely encrypted
- Ensure MSSQL servers have email service and co-administrators enabled
- Ensure MySQL is using the latest version of TLS encryption
- Ensure MySQL server databases have Enforce SSL connection enabled
- Ensure MySQL server disables public network access
- Ensure MySQL server enables Threat Detection policy
- Ensure MySQL server enables geo-redundant backups
- Ensure PostgreSQL server disables public network access
- Ensure PostgreSQL server enables Threat Detection policy
- Ensure PostgreSQL server enables infrastructure encryption
- Ensure RDS database has IAM authentication enabled
- Ensure RDS instances have Multi-AZ enabled
- Ensure Send email notification for high severity alerts is enabled
- Ensure Send email notification for high severity alerts to admins is enabled
- Ensure VPC subnets do not assign public IP by default
- Ensure Web App has incoming client certificates enabled
- Ensure Web App uses the latest version of HTTP
- Ensure Web App uses the latest version of TLS encryption
- Ensure a security contact phone number is present
- Ensure activity log retention is set to 365 days or greater
- Ensure all keys have an expiration date
- Ensure app service enables HTTP logging
- Ensure app service enables detailed error messages
- Ensure app service enables failed request tracing
- Ensure app services use Azure files
- Ensure binary authorization is used
- Ensure compute instances launch with shielded VM enabled
- Ensure data stored in an S3 bucket is securely encrypted at rest
- Ensure detailed monitoring for EC2 instances is enabled
- Ensure enhanced monitoring for Amazon RDS instances is enabled
- Ensure key vault allows firewall rules settings
- Ensure key vault enables purge protection
- Ensure key vault key is backed by HSM
- Ensure key vault secrets have
content_typeset - Ensure log profile is configured to capture all activities
- Ensure managed identity provider is enabled for app services
- Ensure private cluster is enabled when creating Kubernetes clusters
- Ensure public network access enabled is set to False for mySQL servers
- Ensure respective logs of Amazon RDS are enabled
- Ensure secure boot for shielded GKE nodes is enabled
- Ensure shielded GKE nodes are enabled
- Ensure standard pricing tier is selected
- Ensure storage account uses latest TLS version
- Ensure the GKE metadata server is enabled
- Ensure the S3 bucket has access logging enabled
- Ensure the storage container storing activity logs is not publicly accessible
- Find Terraform resource
- Make ECR tags immutable
- Scan images pushed to ECR
- Set Azure Storage Account default network access to deny
- Use HTTPS for Cloudfront distribution
- Use a long enough byte length for
randomresources