Moderne Recipes

This doc includes every recipe that is exclusive to users of Moderne. For a full list of all recipes, check out our recipe catalog. For more information about how to use Moderne for automating code refactoring and analysis at scale, contact us.

rewrite-ai-search

• Find comments' language distribution
• Find method invocations that resemble a pattern
• Fix mis-encoded French comments, javadocs and pom.xml comments
• Fix mis-encoded comments in French
• Get embeddings for code snippets in code
• Get recommendations
• List all methods used

rewrite-android

• Change Android SDK version
• Migrate to Android Gradle Plugin 7.2
• Migrate to Android Gradle Plugin 7.3
• Migrate to Android Gradle Plugin 7.4
• Migrate to Android Gradle Plugin 8.0
• Migrate to Android Gradle Plugin 8.1
• Migrate to Android Gradle Plugin 8.2
• Migrate to Android Gradle Plugin 8.3
• Migrate to Android Gradle Plugin 8.4
• Migrate to Android Gradle Plugin 8.5
• Migrate to Android Gradle Plugin 8.6
• Migrate to Android Gradle Plugin 8.7
• Upgrade Android Gradle Plugin (AGP) version
• Upgrade to Android SDK 33
• Upgrade to Android SDK 34
• Upgrade to Android SDK 35

rewrite-circleci

• Install an orb
• Update CircleCI image

rewrite-codemods-ng

• Update to Angular v15
• Update to Angular v16
• Update to Angular v17
• Update to Angular v18
• Update to Angular v19
• Upgrade Angular versions

rewrite-compiled-analysis

• Change List#add to List#plus and verify.
• Verify compilation

rewrite-comprehension

• Code comprehension with unit test examples
• Comprehend code
• Search for a class that uses the given design technique
• Update README
• Update the README for an OpenRewrite recipe repository

rewrite-concourse

• Change Concourse value
• Change resource version
• Find pinned resources by type
• Find privileged resource_type definitions.
• Find resource
• Update git resource source.uri references

rewrite-dotnet

• Analyze a .NET project using upgrade-assistant
• Upgrade a .NET project using upgrade-assistant
• Upgrade to .NET 6.0 using upgrade-assistant
• Upgrade to .NET 7.0 using upgrade-assistant
• Upgrade to .NET 8.0 using upgrade-assistant
• Upgrade to .NET 9.0 using upgrade-assistant

rewrite-hibernate

• Find JPQL definitions
• Fix conflicting class type annotation Hibernate 6.6
• Migrate to Hibernate 6.6.x
• Remove table from single table inherited entity

rewrite-jackson

• Migrate classes from Jackson Codehaus (legacy) to Jackson FasterXML
• Migrate dependencies from Jackson Codehaus (legacy) to FasterXML
• Migrate from Jackson Codehaus (legacy) to Jackson FasterXML
• Migrate serialization annotation processor
• Migrate to Jackson @JsonInclude
• Remove Codehaus Jackson annotations if doubly annotated
• Transfer @JsonSerialize arguments from Codehaus to FasterXML

rewrite-java-security

• Dependency insight for C#
• Enable CSRF attack prevention
• Find AWS secrets
• Find Artifactory secrets
• Find Azure secrets
• Find Discord secrets
• Find Facebook secrets
• Find GitHub secrets
• Find Google secrets
• Find Heroku secrets
• Find JWT secrets
• Find Jackson default type mapping enablement
• Find MailChimp secrets
• Find Mailgun secrets
• Find NPM secrets
• Find PGP secrets
• Find PayPal secrets
• Find Picatic secrets
• Find RSA private keys
• Find SSH secrets
• Find SendGrid secrets
• Find Slack secrets
• Find Square secrets
• Find Stripe secrets
• Find Telegram secrets
• Find Twilio secrets
• Find Twitter secrets
• Find and fix vulnerable Nuget dependencies
• Find and fix vulnerable dependencies
• Find generic secrets
• Find licenses in use in third-party dependencies
• Find passwords used in URLs
• Find secrets
• Find secrets with regular expressions
• Find sensitive API endpoints
• Find text-direction changes
• Find vulnerable uses of Jackson @JsonTypeInfo
• Fix CWE-338 with SecureRandom
• Improper privilege management
• Insecure JMS deserialization
• Insecure cookies
• Java security best practices
• Partial path traversal vulnerability
• Prevent clickjacking
• Regular Expression Denial of Service (ReDOS)
• Remediate OWASP A01:2021 Broken access control
• Remediate OWASP A02:2021 Cryptographic failures
• Remediate OWASP A03:2021 Injection
• Remediate OWASP A05:2021 Security misconfiguration
• Remediate OWASP A06:2021 Vulnerable and outdated components
• Remediate OWASP A08:2021 Software and data integrity failures
• Remediate vulnerabilities from the OWASP Top Ten
• Remove unused dependencies
• Secure Spring service exporters
• Secure random
• Secure the use of Jackson default typing
• Secure the use of SnakeYAML's constructor
• SecureRandom seeds are not constant or predictable
• Software bill of materials
• Upgrade C# dependency versions
• Use Files#createTempDirectory
• Use secure temporary file creation
• XML parser XXE vulnerability
• Zip slip

rewrite-kubernetes

• Add Kubernetes configuration
• Add RBAC rules
• Cap exceeds resource value
• Change Kubernetes API version
• Ensure CPU limits are set
• Ensure CPU request is set
• Ensure image pull policy is Always
• Ensure lifecycle rule on StorageBucket
• Ensure liveness probe is configured
• Ensure memory limits are set
• Ensure memory request is set
• Ensure readiness probe is configured
• Find annotation
• Find annotation
• Find disallowed image tags
• Find exceeds resource limit
• Find exceeds resource ratio
• Find hardcoded IP addresses
• Find image by name
• Find label
• Find missing configuration
• Find missing image digest
• Find non-TLS Ingresses
• Find uses of externalIP
• Kubernetes best practices
• Limit root capabilities in a container
• Migrate to Kubernetes API v1.16
• Migrate to Kubernetes API v1.22
• Migrate to Kubernetes API v1.25
• Migrate to Kubernetes API v1.26
• Migrate to Kubernetes API v1.27
• Migrate to Kubernetes API v1.29
• Migrate to Kubernetes API v1.32
• No host IPC sharing
• No host network sharing
• No host process ID sharing
• No privilege escalation
• No privileged containers
• No root containers
• Read-only root filesystem
• Service type
• Update Service externalIP
• Update image name

rewrite-nodejs

• Find Node.js projects
• Find and fix vulnerable npm dependencies
• Javascript UI library insights
• Javascript database interaction library insights
• Javascript form handling library insights
• Javascript linting & formatting library insights
• Javascript real-time communication library insights
• Javascript security library insights
• Javascript server-side frameworks insights
• Javascript state management library insights
• Javascript task runners & build tools insights
• Javascript testing library insights
• Javascript utility library insights
• Node.js dependency insight
• Upgrade Node.js dependencies

rewrite-reactive-streams

• Migrate to Reactor 3.5
• Reactor Best Practices
• Replace DirectProcessor.create() with Sinks.many().multicast().directBestEffort()
• Replace EmitterProcessor.create() with Sinks.many().multicast().onBackpressureBuffer()
• Replace EmitterProcessor.create(Boolean) with Sinks.many().multicast().onBackpressureBuffer(Queues.SMALL_BUFFER_SIZE, Boolean)
• Replace EmitterProcessor.create(int) with Sinks.many().multicast().onBackpressureBuffer(int)
• Replace EmitterProcessor.create(int, Boolean) with Sinks.many().multicast().onBackpressureBuffer(int, Boolean)
• Replace MonoProcessor.create() with Sinks.one()
• Replace ReplayProcessor.cacheLast() with Sinks.many().replay().latest()
• Replace ReplayProcessor.cacheLast() with Sinks.many().replay().latest()
• Replace ReplayProcessor.create() with Sinks.many().replay().all()
• Replace ReplayProcessor.create(int) with Sinks.many().replay().limit(int)
• Replace ReplayProcessor.create(int, false) with Sinks.many().replay().limit(int)
• Replace ReplayProcessor.create(int, true) with Sinks.many().replay().all(int)
• Replace ReplayProcessor.createSizeAndTimeout(int, Duration) with Sinks.many().replay().limit(int, duration)
• Replace ReplayProcessor.createSizeAndTimeout(int, Duration, Scheduler) with Sinks.many().replay().limit(int, Duration, Scheduler)
• Replace ReplayProcessor.createTimeout(Duration) with Sinks.many().replay().limit(duration)
• Replace ReplayProcessor.createTimeout(Duration, Scheduler) with Sinks.many().replay().limit(Duration, Scheduler)
• Replace UnicastProcessor.create() with Sinks.many().unicast().onBackpressureBuffer()
• Replace UnicastProcessor.create(Queue) with Sinks.many().unicast().onBackpressureBuffer(Queue)
• Replace UnicastProcessor.create(Queue, Consumer, Disposable) with Sinks.many().unicast().onBackpressureBuffer(Queue, Disposable)
• Replace UnicastProcessor.create(Queue, Disposable) with Sinks.many().unicast().onBackpressureBuffer(Queue, Disposable)
• Replace doAfterSuccessOrError calls with tap operator
• Replace various Processor.cache calls with their Sinks equivalent
• Replace various Processor.create calls with their Sinks equivalent

rewrite-spring

• Add @Valid annotation to fields
• Comment deprecated methods in Spring 3.4
• Comment on @MockitoSpyBean and @MockitoBean in @Configuration
• Migrate Spring Boot Management Endpoint Security properties to 3.4
• Migrate Spring Boot properties to 3.4
• Migrate @Endpoints defaultAccess value
• Migrate ConditionalOnAvailableEndpoint for Spring Boot 3.4
• Migrate management endpoint access value
• Migrate to Spring Boot 3.4
• Migrate to Spring Cloud 2024
• Migrate to Spring Framework 6.2
• Migrate to Spring Security 6.4
• Remove Replace.NONE from @AutoConfigureTestDatabase
• Spring Boot 3.4 best practices
• Upgrade Gradle 8 to 8.4+ for Spring Boot 3.4
• Upgrade Gradle to 7.6.4+ for Spring Boot 3.4
• Upgrade MyBatis to Spring Boot 3.4
• Upgrade dependencies to Spring Cloud 2024

rewrite-sql

• Change a SQL function name
• Find SQL function
• Find SQL in code and resource files
• Format SQL in string text blocks

rewrite-terraform

• Add Terraform configuration
• Best practices for AWS
• Best practices for Azure
• Best practices for GCP
• Disable Instance Metadata Service version 1
• Disable Kubernetes dashboard
• Enable API gateway caching
• Enable Azure Storage Account Trusted Microsoft Services access
• Enable Azure Storage secure transfer required
• Enable VPC Flow Logs for subnetworks
• Enable VPC flow logs and intranode visibility
• Enable PodSecurityPolicy controller on Google Kubernetes Engine (GKE) clusters
• Enable geo-redundant backups on PostgreSQL server
• Enable point-in-time recovery for DynamoDB
• Encrypt Aurora clusters
• Encrypt Azure VM data disk with ADE/CMK
• Encrypt CodeBuild projects
• Encrypt DAX storage at rest
• Encrypt DocumentDB storage
• Encrypt EBS snapshots
• Encrypt EBS volume launch configurations
• Encrypt EBS volumes
• Encrypt EFS Volumes in ECS Task Definitions in transit
• Encrypt ElastiCache Redis at rest
• Encrypt ElastiCache Redis in transit
• Encrypt Neptune storage
• Encrypt RDS clusters
• Encrypt Redshift storage at rest
• Ensure AKS policies add-on
• Ensure AKV secrets have an expiration date set
• Ensure AWS CMK rotation is enabled
• Ensure AWS EFS with encryption for data at rest is enabled
• Ensure AWS EKS cluster endpoint access is publicly disabled
• Ensure AWS Elasticsearch domain encryption for data at rest is enabled
• Ensure AWS Elasticsearch domains have EnforceHTTPS enabled
• Ensure AWS Elasticsearch has node-to-node encryption enabled
• Ensure AWS IAM password policy has a minimum of 14 characters
• Ensure AWS Lambda function is configured for function-level concurrent execution limit
• Ensure AWS Lambda functions have tracing enabled
• Ensure AWS RDS database instance is not publicly accessible
• Ensure AWS S3 object versioning is enabled
• Ensure Amazon EKS control plane logging enabled for all log types
• Ensure Azure App Service Web app redirects HTTP to HTTPS
• Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days
• Ensure Azure PostgreSQL database server with SSL connection is enabled
• Ensure Azure SQL Server threat detection alerts are enabled for all threat types
• Ensure Azure SQL server audit log retention is greater than 90 days
• Ensure Azure SQL server send alerts to field value is set
• Ensure Azure application gateway has WAF enabled
• Ensure Azure key vault is recoverable
• Ensure CloudTrail log file validation is enabled
• Ensure EC2 is EBS optimized
• Ensure ECR repositories are encrypted
• Ensure FTP Deployments are disabled
• Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
• Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
• Ensure GCP VM instances have block project-wide SSH keys feature enabled
• Ensure GCP cloud storage bucket with uniform bucket-level access are enabled
• Ensure IAM password policy expires passwords within 90 days or less
• Ensure IAM password policy prevents password reuse
• Ensure IAM password policy requires at least one lowercase letter
• Ensure IAM password policy requires at least one number
• Ensure IAM password policy requires at least one symbol
• Ensure IAM password policy requires at least one uppercase letter
• Ensure IP forwarding on instances is disabled
• Ensure Kinesis Stream is securely encrypted
• Ensure MSSQL servers have email service and co-administrators enabled
• Ensure MySQL is using the latest version of TLS encryption
• Ensure MySQL server databases have Enforce SSL connection enabled
• Ensure MySQL server disables public network access
• Ensure MySQL server enables Threat Detection policy
• Ensure MySQL server enables geo-redundant backups
• Ensure PostgreSQL server disables public network access
• Ensure PostgreSQL server enables Threat Detection policy
• Ensure PostgreSQL server enables infrastructure encryption
• Ensure RDS database has IAM authentication enabled
• Ensure RDS instances have Multi-AZ enabled
• Ensure Send email notification for high severity alerts is enabled
• Ensure Send email notification for high severity alerts to admins is enabled
• Ensure VPC subnets do not assign public IP by default
• Ensure Web App has incoming client certificates enabled
• Ensure Web App uses the latest version of HTTP
• Ensure Web App uses the latest version of TLS encryption
• Ensure a security contact phone number is present
• Ensure activity log retention is set to 365 days or greater
• Ensure all keys have an expiration date
• Ensure app service enables HTTP logging
• Ensure app service enables detailed error messages
• Ensure app service enables failed request tracing
• Ensure app services use Azure files
• Ensure binary authorization is used
• Ensure compute instances launch with shielded VM enabled
• Ensure data stored in an S3 bucket is securely encrypted at rest
• Ensure detailed monitoring for EC2 instances is enabled
• Ensure enhanced monitoring for Amazon RDS instances is enabled
• Ensure key vault allows firewall rules settings
• Ensure key vault enables purge protection
• Ensure key vault key is backed by HSM
• Ensure key vault secrets have content_type set
• Ensure log profile is configured to capture all activities
• Ensure managed identity provider is enabled for app services
• Ensure private cluster is enabled when creating Kubernetes clusters
• Ensure public network access enabled is set to False for mySQL servers
• Ensure respective logs of Amazon RDS are enabled
• Ensure secure boot for shielded GKE nodes is enabled
• Ensure shielded GKE nodes are enabled
• Ensure standard pricing tier is selected
• Ensure storage account uses latest TLS version
• Ensure the GKE metadata server is enabled
• Ensure the S3 bucket has access logging enabled
• Ensure the storage container storing activity logs is not publicly accessible
• Find Terraform resource
• Make ECR tags immutable
• Scan images pushed to ECR
• Set Azure Storage Account default network access to deny
• Use HTTPS for Cloudfront distribution
• Use a long enough byte length for random resources