Moderne Recipes

Name: OpenRewrite
Author: Moderne

This doc includes every recipe that is exclusive to users of Moderne. For a full list of all recipes, check out our recipe catalog. For more information about how to use Moderne for automating code refactoring and analysis at scale, contact us.

rewrite-ai

io.moderne.ai.FindAgentsInUse
- Find AI agents configuration files
- Scans codebases to identify usage of AI agents by looking at the agent configuration files present in the repository.
io.moderne.ai.FindLibrariesInUse
- Find AI libraries in use
- Scans codebases to identify usage of AI services. Detects AI libraries across Java dependencies. Useful for auditing and understanding AI integration patterns.
io.moderne.ai.FindModelsInUse
- Find AI models in use
- Scans codebases to identify usage of Large Language Models (LLMs). Detects model references and configuration patterns across Java classes, properties files, YAML configs... Useful for identifying model usage.

rewrite-ai-search

io.moderne.ai.FindCommentsLanguage
- Find comments' language distribution
- Finds all comments and uses AI to predict which language the comment is in.
io.moderne.ai.FixMisencodedCommentsInFrench
- Fix mis-encoded French comments, javadocs and pom.xml comments
- Fixes mis-encoded French comments in your code, javadocs and in your pom.xml files. Mis-encoded comments contain a ? or � character.
io.moderne.ai.ListAllMethodsUsed
- List all methods used
- List all methods used in any Java source file.
io.moderne.ai.SpellCheckCommentsInFrench
- Fix mis-encoded comments in French
- Use spellchecker to fix mis-encoded French comments in comments, JavaDocs, properties or XML files. Mis-encoded comments will contain either '?' or '�'.
io.moderne.ai.research.FindCodeThatResembles
- Find method invocations that resemble a pattern
- This recipe uses two phase AI approach to find a method invocation that resembles a search string.
io.moderne.ai.research.GetCodeEmbedding
- Get embeddings for code snippets in code
- This recipe calls an AI model to get an embedding for either classes or methods which can then be used for downstream tasks.
io.moderne.ai.research.GetRecommendations
- Get recommendations
- This recipe calls an AI model to get recommendations for modernizing the code base by looking at a sample of method declarations.

rewrite-android

org.openrewrite.android.ChangeAndroidSdkVersion
- Change Android SDK version
- Change compileSdk, compileSdkVersion, targetSdk and targetSdkVersion in an Android Gradle build file to the argument version.
org.openrewrite.android.MigrateToAndroidGradlePlugin_7_2
- Migrate to Android Gradle Plugin 7.2
- Recipes to migrate to Android Gradle Plugin version 7.2.
org.openrewrite.android.MigrateToAndroidGradlePlugin_7_3
- Migrate to Android Gradle Plugin 7.3
- Recipes to migrate to Android Gradle Plugin version 7.3.
org.openrewrite.android.MigrateToAndroidGradlePlugin_7_4
- Migrate to Android Gradle Plugin 7.4
- Recipes to migrate to Android Gradle Plugin version 7.4.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_0
- Migrate to Android Gradle Plugin 8.0
- Recipes to migrate to Android Gradle Plugin version 8.0.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_1
- Migrate to Android Gradle Plugin 8.1
- Recipes to migrate to Android Gradle Plugin version 8.1.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_2
- Migrate to Android Gradle Plugin 8.2
- Recipes to migrate to Android Gradle Plugin version 8.2.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_3
- Migrate to Android Gradle Plugin 8.3
- Recipes to migrate to Android Gradle Plugin version 8.3.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_4
- Migrate to Android Gradle Plugin 8.4
- Recipes to migrate to Android Gradle Plugin version 8.4.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_5
- Migrate to Android Gradle Plugin 8.5
- Recipes to migrate to Android Gradle Plugin version 8.5.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_6
- Migrate to Android Gradle Plugin 8.6
- Recipes to migrate to Android Gradle Plugin version 8.6.
org.openrewrite.android.MigrateToAndroidGradlePlugin_8_7
- Migrate to Android Gradle Plugin 8.7
- Recipes to migrate to Android Gradle Plugin version 8.7.
org.openrewrite.android.UpgradeAndroidGradlePluginVersion
- Upgrade Android Gradle Plugin (AGP) version
- Upgrade Android Gradle Plugin (AGP) version and update the Gradle Wrapper version. Compatible versions are published in the AGP release notes.
org.openrewrite.android.UpgradeToAndroidSDK33
- Upgrade to Android SDK 33
- Recipes to upgrade to Android SDK version 33.
org.openrewrite.android.UpgradeToAndroidSDK34
- Upgrade to Android SDK 34
- Recipes to upgrade to Android SDK version 34.
org.openrewrite.android.UpgradeToAndroidSDK35
- Upgrade to Android SDK 35
- Recipes to upgrade to Android SDK version 35.

rewrite-angular

org.openrewrite.angular.search.FindAngularComponent
- Find Angular component
- Locates usages of Angular components across the codebase including template elements and other references. If componentName is null, finds all Angular components.

rewrite-azul

io.moderne.azul.EliminateUnusedClasses
- Eliminate unused classes
- Deprecate and later delete classes that are unused, as detected by Azul Intelligence Cloud.
io.moderne.azul.search.FindReachableMethods
- Find reachable methods
- Find all methods defined in the repository's source code that are reachable.

rewrite-circleci

org.openrewrite.circleci.InstallOrb
- Install an orb
- Install a CircleCI orb if it is not already installed.
org.openrewrite.circleci.UpdateImage
- Update CircleCI image
- See the list of pre-built CircleCI images.

rewrite-codemods-ng

org.openrewrite.codemods.migrate.angular.ApplyAngularCLI
- Upgrade Angular versions
- Run ng update to upgrade Angular CLI and Angular Core to the specified version.
org.openrewrite.codemods.migrate.angular.v15
- Update to Angular v15
- Upgrade to Angular v15 through ApplyAngularCLI.
org.openrewrite.codemods.migrate.angular.v16
- Update to Angular v16
- Upgrade to Angular v16 through ApplyAngularCLI.
org.openrewrite.codemods.migrate.angular.v17
- Update to Angular v17
- Upgrade to Angular v17 through ApplyAngularCLI.
org.openrewrite.codemods.migrate.angular.v18
- Update to Angular v18
- Upgrade to Angular v18 through ApplyAngularCLI.
org.openrewrite.codemods.migrate.angular.v19
- Update to Angular v19
- Upgrade to Angular v19 through ApplyAngularCLI.
org.openrewrite.codemods.migrate.angular.v20
- Update to Angular v20
- Upgrade to Angular v20 through ApplyAngularCLI.
org.openrewrite.codemods.migrate.angular.v21
- Update to Angular v21
- Upgrade to Angular v21 through ApplyAngularCLI.

rewrite-compiled-analysis

io.moderne.compiled.verification.ChangeListMethodAndVerify
- Change List#add to List#plus and verify
- We know this won't compile.
io.moderne.compiled.verification.VerifyCompilation
- Verify compilation
- This is a task that runs after another recipe to verify that the changes made by that recipe would result in a successful compilation.

rewrite-concourse

org.openrewrite.concourse.ChangeResourceVersion
- Change resource version
- Pin or unpin a resource to a particular version.
org.openrewrite.concourse.ChangeValue
- Change Concourse value
- Change every value matching the key pattern.
org.openrewrite.concourse.FindResource
- Find resource
- Find a Concourse resource by name.
org.openrewrite.concourse.UpdateGitResourceUri
- Update git resource source.uri references
- Update git resource source.uri URI values to point to a new URI value.
org.openrewrite.concourse.search.FindPinnedResource
- Find pinned resources by type
- Find resources of a particular type that have pinned versions.
org.openrewrite.concourse.search.FindPrivilegedResourceType
- Find privileged resource_type definitions
- By default, resource_type definitions are unprivileged.

rewrite-cryptography

io.moderne.cryptography.FindRSAKeyGenParameters
- Find RSA key generation parameters
- Finds RSAKeyGenParameterSpec instantiations and extracts their parameter values into a data table.
io.moderne.cryptography.FindSSLSocketParameters
- Find SSL socket configuration parameters
- Finds SSLSocket setter method invocations and extracts their parameter values into a data table.
io.moderne.cryptography.FindSecurityModifications
- Find Security class modifications
- Finds invocations of java.security.Security methods that modify security configuration such as removeProvider, addProvider, insertProviderAt, setProperty, and removeProperty.
io.moderne.cryptography.FindSecuritySetProperties
- Find Security.setProperty(..) calls for certain properties
- There is a defined set of properties that should not be set using Security.setProperty(..) as they can lead to security vulnerabilities.
io.moderne.cryptography.PostQuantumCryptography
- Post quantum cryptography
- This recipe searches for instances in code that may be impacted by post quantum cryptography. Applications may need to support larger key sizes, different algorithms, or use crypto agility to handle the migration. The recipe includes detection of hardcoded values that affect behavior in a post-quantum world, programmatic configuration that may prevent algorithm changes, and general cryptographic usage patterns that should be reviewed.

rewrite-dotnet

org.openrewrite.dotnet.MigrateToNet6
- Upgrade to .NET 6.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 6.0.
org.openrewrite.dotnet.MigrateToNet7
- Upgrade to .NET 7.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 7.0.
org.openrewrite.dotnet.MigrateToNet8
- Upgrade to .NET 8.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 8.0.
org.openrewrite.dotnet.MigrateToNet9
- Upgrade to .NET 9.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 9.0.
org.openrewrite.dotnet.UpgradeAssistant
- Upgrade a .NET project using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to a newer version of .NET.
org.openrewrite.dotnet.UpgradeAssistantAnalyze
- Analyze a .NET project using upgrade-assistant
- Run upgrade-assistant analyze across a repository to analyze changes required to upgrade projects to a newer version of .NET. This recipe will generate an org.openrewrite.dotnet.UpgradeAssistantAnalysis data table containing the report details.

rewrite-elastic

io.moderne.elastic.elastic9.ChangeApiNumericFieldType
- Change numeric field type with conversion
- Adds conversion methods with null checks for numeric type changes in Elasticsearch 9 API.
io.moderne.elastic.elastic9.ChangeApiNumericFieldTypes
- Change numeric field types for Elasticsearch 9
- Handles changes between different numeric types (Long to Integer, int to Long...) in Elasticsearch 9 API responses by adding appropriate conversion methods with null checks.
io.moderne.elastic.elastic9.MigrateDenseVectorElementType
- Migrate DenseVectorProperty.elementType from String to DenseVectorElementType enum
- In Elasticsearch 9, DenseVectorProperty.elementType() returns DenseVectorElementType enum instead of String, and the builder method elementType(String) now accepts the enum type. This recipe handles both builder calls and getter calls.
io.moderne.elastic.elastic9.MigrateDenseVectorSimilarity
- Migrate DenseVectorProperty.similarity from String to DenseVectorSimilarity enum
- In Elasticsearch 9, DenseVectorProperty.similarity() returns DenseVectorSimilarity enum instead of String, and the builder method similarity(String) now accepts the enum type. This recipe handles both builder calls and getter calls.
io.moderne.elastic.elastic9.MigrateMatchedQueries
- Migrate matchedQueries from List to Map
- In Elasticsearch Java Client 9.0, Hit.matchedQueries() changed from returning List<String> to Map<String, Double>. This recipe migrates the usage by adding .keySet() for iterations and using new ArrayList<>(result.keySet()) for assignments.
io.moderne.elastic.elastic9.MigrateScriptSource
- Migrate script source from String to Script/ScriptSource
- Migrates Script.source(String) calls to use ScriptSource.scriptString(String) wrapper in Elasticsearch Java client 9.x.
io.moderne.elastic.elastic9.MigrateSpanTermQueryValue
- Migrate SpanTermQuery.value() from String to FieldValue
- In Elasticsearch 9, SpanTermQuery.value() returns a FieldValue instead of String. This recipe updates calls to handle the new return type by checking if it's a string and extracting the string value.
io.moderne.elastic.elastic9.MigrateToElasticsearch9
- Migrate from Elasticsearch 8 to 9
- This recipe performs a comprehensive migration from Elasticsearch 8 to Elasticsearch 9, addressing breaking changes, API removals, deprecations, and required code modifications.
io.moderne.elastic.elastic9.RenameApiField
- Rename Elasticsearch valueBody() methods
- In Elasticsearch Java Client 9.0, the generic valueBody() method and valueBody(...) builder methods have been replaced with specific getter and setter methods that better reflect the type of data being returned. Similarly, for GetRepositoryResponse, the result field also got altered to repositories.
io.moderne.elastic.elastic9.RenameApiFields
- Rename API fields for Elasticsearch 9
- Renames various API response fields from valueBody to align with Elasticsearch 9 specifications.
io.moderne.elastic.elastic9.UseNamedValueParameters
- Use NamedValue parameters instead of Map
- Migrates indicesBoost and dynamicTemplates parameters from Map to NamedValue in Elasticsearch Java client 9.x.

rewrite-hibernate

io.moderne.hibernate.MigrateToHibernate40
- Migrate to Hibernate 4.0.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating from Hibernate 3.x to 4.0.x, including migration of collection annotations to their JPA 2.0 equivalents.
io.moderne.hibernate.MigrateToHibernate66
- Migrate to Hibernate 6.6.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 6.6.x.
io.moderne.hibernate.MigrateToHibernate70
- Migrate to Hibernate 7.0.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 7.0.x.
io.moderne.hibernate.MigrateToHibernate71
- Migrate to Hibernate 7.1.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 7.0.x.
io.moderne.hibernate.MigrateToHibernate72
- Migrate to Hibernate 7.2.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 7.2.x.
io.moderne.hibernate.search.FindJPQLDefinitions
- Find JPQL definitions (Moderne Edition)
- Find Java Persistence Query Language definitions in the codebase.
io.moderne.hibernate.update40.MigrateJoinTableToCollectionTable
- Migrate @JoinTable to @CollectionTable for element collections (Moderne Edition)
- Replaces @JoinTable with @CollectionTable when used alongside @CollectionOfElements or @ElementCollection. @CollectionTable is the JPA 2.0 standard for defining the table that stores element collections.
io.moderne.hibernate.update66.FixConflictingClassTypeAnnotations
- Fix conflicting class type annotation Hibernate 6.6 (Moderne Edition)
- Since Hibernate 6.6 a mapped class can have either @MappedSuperclass or @Embeddable, or @Entity. This recipe removes @Entity from classes annotated with @MappedSuperclass or @Embeddable. For the moment die combination of @MappedSuperclass or @Embeddable is advised to migrate to Single Table Inheritance but still accepted and therefore stays.
io.moderne.hibernate.update66.MigrateCascadeTypes
- Migrate Hibernate CascadeType constants (Moderne Edition)
- Moving away from deprecated Hibernate CascadeType constants. CascadeType.SAVE_UPDATE -> CascadeType.PERSIST and/or CascadeType.MERGE, CascadeType.DELETE -> CascadeType.REMOVE.
io.moderne.hibernate.update66.RemoveTableFromInheritedEntity
- Remove table from single table inherited entity (Moderne Edition)
- For Single Table Inherited Entities Hibernate ignores the @Table annotation on child entities. From Version 6.6 it is considered an error.
io.moderne.hibernate.update70.AddCascadePersistToIdMappedAssociations
- Migrate implicit cascade=PERSIST for @Id and @MapsId associations (Moderne Edition)
- Hibernate used to automatically enable cascade=PERSIST for association fields annotated @Id or @MapsId. This was undocumented and unexpected behavior, and no longer supported in Hibernate 7. Existing code which relies on this behavior will be modified by addition of explicit cascade=PERSIST to the association fields.
io.moderne.hibernate.update70.CompositeUserTypeSessionFactoryImplementor
- Remove leaking of SessionFactoryImplementor from org.hibernate.usertype.CompositeUserType invocations and implementations (Moderne Edition)
- Remove leaking of SessionFactoryImplementor from org.hibernate.usertype.CompositeUserType invocations and implementations.
io.moderne.hibernate.update70.MigrateConfigurableToGeneratorCreationContext
- Migrate Configurable.configure() to use GeneratorCreationContext (Moderne Edition)
- In Hibernate 7.0, Configurable.configure() now takes a GeneratorCreationContext parameter instead of ServiceRegistry. This recipe migrates method signatures and call sites.
io.moderne.hibernate.update70.MigrateIntegratorMethod
- Migrate Hibernate Integrator#integrate method (Moderne Edition)
- Migrate Hibernate Integrator#integrate method from deprecated signature to Hibernate 7 compatible signature. Changes integrate(Metadata, SessionFactoryImplementor, SessionFactoryServiceRegistry) to integrate(Metadata, BootstrapContext, SessionFactoryImplementor).
io.moderne.hibernate.update70.MigrateJdbcTypeToJdbcTypeCode
- Migrate @JdbcType to @JdbcTypeCode (Moderne Edition)
- In Hibernate 7.0, various JDBC types were moved to internal packages. Use @JdbcTypeCode with SqlTypes constants instead of @JdbcType with specific classes.
io.moderne.hibernate.update70.MigrateLockOptionsToDirectParameters
- Migrate LockOptions to direct parameters (Moderne Edition)
- Migrates deprecated LockOptions usage to direct parameters in method calls. As of JPA 3.2 and Hibernate 7, LockMode, Timeout, and PessimisticLockScope are passed directly to find(), refresh(), and lock() methods instead of being wrapped in a LockOptions object.
io.moderne.hibernate.update70.MigrateMetamodelImplementor
- Migrate MetamodelImplementor to Hibernate 7.0 (Moderne Edition)
- In Hibernate 7.0, MetamodelImplementor has been split into MappingMetamodel for ORM-specific operations and JpaMetamodel for JPA-standard operations. This recipe migrates the usage based on which methods are called.
io.moderne.hibernate.update70.MigrateNaturalIdLoadAccess
- Migrate NaturalIdLoadAccess method calls (Moderne Edition)
- Migrates NaturalIdLoadAccess#using(Object...) to using(Map.of(...)) variants for Hibernate 7.0.
io.moderne.hibernate.update70.MigrateNaturalIdMultiLoadAccess
- Migrate NaturalIdMultiLoadAccess method calls (Moderne Edition)
- Migrates NaturalIdMultiLoadAccess#compoundValue(Object...) to Map.of(...) variants for Hibernate 7.0.
io.moderne.hibernate.update70.MigrateSessionInterface
- Migrate Session interface method calls (Moderne Edition)
- Migrates code using deprecated Session interface methods to their Hibernate 7.0 replacements.
io.moderne.hibernate.update70.MigrateSessionToDeferToJPA
- Migrate Session save/update/delete method calls (Moderne Edition)
- Migrates code using deprecated Session load/get/refresh/save/update/delete methods to their Hibernate 7.0 replacements.
io.moderne.hibernate.update70.MigrateSetFlushModeToSetQueryFlushMode
- Migrate setFlushMode() to setQueryFlushMode() (Moderne Edition)
- In Hibernate 7.0, CommonQueryContract.setFlushMode(FlushModeType) has been replaced with setQueryFlushMode(QueryFlushMode). This recipe migrates the method call and converts FlushModeType parameters to their QueryFlushMode equivalents.
io.moderne.hibernate.update70.MigrateToHibernate7JFR
- Migrate to Hibernate 7 JFR APIs (Moderne Edition)
- Migrates deprecated JFR integration APIs to their Hibernate 7 replacements. EventManager becomes EventMonitor and HibernateMonitoringEvent becomes DiagnosticEvent.
io.moderne.hibernate.update70.MigrateToTargetEmbeddable
- Migrate to @TargetEmbeddable (Moderne Edition)
- Migrates code using removed @Target to to Hibernate 7.0's @TargetEmbeddable equivalent. Removes misused @Target annotations.
io.moderne.hibernate.update70.RemoveUnnecessaryCastToSession
- Remove unnecessary cast to Session for SessionFactory.createEntityManager() (Moderne Edition)
- In Hibernate 7.0, SessionFactory.createEntityManager() explicitly returns Session, making casts to Session unnecessary.
io.moderne.hibernate.update70.ReplaceHibernateWithJakartaAnnotations
- Replace hibernate annotations with Jakarta variants (Moderne Edition)
- Tries to replaces annotations that have been removed in Hibernate 7.0 with its Jakarta equivalent, such as Table, @Where, @OrderBy, etc. If a annotation is used with arguments that do not have a direct replacement, the annotation is not replaced at all.
io.moderne.hibernate.update70.ReplaceSessionLockRequest
- Replace Session.buildLockRequest with LockOptions (Moderne Edition)
- Migrates Session.buildLockRequest(LockOptions.X) calls to use session.lock(entity, new LockOptions(LockMode.X)) in Hibernate 7.0.
io.moderne.hibernate.update70.UnboxingTransactionTimeout
- Null safe Transaction#getTimeout() (Moderne Edition)
- JPA 3.2 adds #getTimeout but uses Integer whereas Hibernate has historically used int. Note that this raises the possibility of a NullPointerException during migration if, e.g., performing direct comparisons on the timeout value against an in (auto unboxing). This recipe adds ternary operators where Transaction#getTimeout() is used and a negative value will be used if the getTimeout() resulted in a null value.
io.moderne.hibernate.update70.UserTypeNullSafeGetSharedSessionContractImplementorRecipe
- Remove leaking of SharedSessionContractImplementor from org.hibernate.usertype.UserType invocations (Moderne Edition)
- Remove leaking of SharedSessionContractImplementor from org.hibernate.usertype.UserType invocations.
io.moderne.hibernate.update70.UserTypeSharedSessionContractImplementor
- Remove leaking of SharedSessionContractImplementor from org.hibernate.usertype.UserType implementations (Moderne Edition)
- Remove leaking of SharedSessionContractImplementor from org.hibernate.usertype.UserType implementations.

rewrite-jasperreports

io.moderne.jasperreports.MigrateExporterConfigToJasper6
- Update JasperReports exporter configuration
- Updates deprecated exporter parameter imports to the new configuration classes introduced in JasperReports 6. This includes migrating from parameter classes to configuration classes for PDF, HTML, CSV, and other exporters.
io.moderne.jasperreports.MigrateXlsToXlsxExporter
- Migrate JRXlsExporter to JRXlsxExporter
- Migrates the deprecated JRXlsExporter to the new JRXlsxExporter class in JasperReports 6. Also updates related configuration classes from XLS to XLSX variants.
io.moderne.jasperreports.UpgradeToJasperReports5
- Migrate to JasperReports 5.6.x
- Migrates JasperReports from 4.6.0 to 5.6.x. This recipe includes minimal breaking changes, allowing teams to test and validate the migration before proceeding to version 6.
io.moderne.jasperreports.UpgradeToJasperReports6
- Migrate to JasperReports 6
- Migrates JasperReports from 5.x to 6.x with the new exporter API, XLS to XLSX move, and removal of Spring JasperReports views.
io.moderne.jasperreports.v5.MigrateExporterSetParameter
- Migrate JasperReports exporter setParameter to new API
- Migrates deprecated setParameter calls on JasperReports exporters to the new API using setExporterInput and setExporterOutput.
io.moderne.jasperreports.v5.MigratePrintServiceExporterConfiguration
- Migrate JRPrintServiceExporterParameter to SimplePrintServiceExporterConfiguration
- Migrates JRPrintServiceExporterParameter setParameter calls to use SimplePrintServiceExporterConfiguration.

rewrite-java-application-server

io.moderne.java.server.jboss.DeleteJBossDescriptors
- Delete JBoss deployment descriptor files
- Removes jboss-web.xml and jboss-deployment-structure.xml files as they are no longer needed after a migration.
io.moderne.java.server.jboss.PlanJBossMigration
- Plan JBoss migration
- Analyzes the repository to plan a JBoss migration, identifying JBoss descriptor files (jboss-web.xml, jboss-deployment-structure.xml) and recording them in a data table.
io.moderne.java.server.jboss.migrate.jetty.MigrateJBossToJetty
- Migrate JBoss to Jetty
- Comprehensive migration from JBoss to Jetty.
io.moderne.java.server.jboss.migrate.jetty.devcenter.JBossToJettyMigrationCard$Scanner
- JBoss to Jetty migration scanner
- Scans for JBoss and Jetty configuration files.

rewrite-java-security

org.openrewrite.csharp.dependencies.DependencyInsight
- Dependency insight for C#
- Finds dependencies in *.csproj and packages.config.
org.openrewrite.csharp.dependencies.DependencyVulnerabilityCheck
- Find and fix vulnerable Nuget dependencies
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
org.openrewrite.csharp.dependencies.UpgradeDependencyVersion
- Upgrade C# dependency versions
- Upgrades dependencies in *.csproj and packages.config.
org.openrewrite.java.dependencies.AddExplicitTransitiveDependencies
- Add explicit transitive dependencies
- Detects when Java source code or configuration files reference types from transitive Maven dependencies and promotes those transitive dependencies to explicit direct dependencies in the pom.xml. This ensures the build is resilient against changes in transitive dependency trees of upstream libraries.
org.openrewrite.java.dependencies.DependencyLicenseCheck
- Find licenses in use in third-party dependencies
- Locates and reports on all licenses in use.
org.openrewrite.java.dependencies.DependencyVulnerabilityCheck
- Find and fix vulnerable dependencies
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Upgrades dependencies versioned according to Semantic Versioning. ## Customizing Vulnerability Data This recipe can be customized by extending DependencyVulnerabilityCheckBase and overriding the vulnerability data sources: - baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file using ResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. - supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods return List<Vulnerability> objects. Vulnerability data can be loaded from CSV files using ResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer) or constructed programmatically. To customize, extend DependencyVulnerabilityCheckBase and override one or both methods depending on your needs. For example, override supplementalVulnerabilities() to add custom CVEs while keeping the standard vulnerability database, or override baselineVulnerabilities() to use an entirely different vulnerability data source. Last updated: 2026-02-09T1116.
org.openrewrite.java.dependencies.RemoveUnusedDependencies
- Remove unused dependencies
- Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This is best effort and not guaranteed to work well in all cases; false positives are still possible. This recipe takes reflective access into account: - When reflective access to a class is made unambiguously via a string literal, such as: Class.forName("java.util.List") that is counted correctly. - When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: - When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
org.openrewrite.java.dependencies.SoftwareBillOfMaterials
- Software bill of materials
- Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
org.openrewrite.java.security.FindTextDirectionChanges
- Find text-direction changes
- Finds unicode control characters which can change the direction text is displayed in. These control characters can alter how source code is presented to a human reader without affecting its interpretation by tools like compilers. So a malicious patch could pass code review while introducing vulnerabilities. Note that text direction-changing unicode control characters aren't inherently malicious. These characters can appear for legitimate reasons in code written in or dealing with right-to-left languages. See: https://trojansource.codes/ for more information.
org.openrewrite.java.security.FixCwe338
- Fix CWE-338 with SecureRandom
- Use a cryptographically strong pseudo-random number generator (PRNG).
org.openrewrite.java.security.ImproperPrivilegeManagement
- Improper privilege management
- Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.
org.openrewrite.java.security.JavaSecurityBestPractices
- Java security best practices
- Applies security best practices to Java code.
org.openrewrite.java.security.OwaspA01
- Remediate OWASP A01:2021 Broken access control
- OWASP A01:2021 describes failures related to broken access control.
org.openrewrite.java.security.OwaspA02
- Remediate OWASP A02:2021 Cryptographic failures
- OWASP A02:2021 describes failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data. This recipe seeks to remediate these vulnerabilities.
org.openrewrite.java.security.OwaspA03
- Remediate OWASP A03:2021 Injection
- OWASP A03:2021 describes failures related to user-supplied data being used to influence program state to operate outside of its intended bounds. This recipe seeks to remediate these vulnerabilities.
org.openrewrite.java.security.OwaspA05
- Remediate OWASP A05:2021 Security misconfiguration
- OWASP A05:2021 describes failures related to security misconfiguration.
org.openrewrite.java.security.OwaspA06
- Remediate OWASP A06:2021 Vulnerable and outdated components
- OWASP A06:2021 describes failures related to vulnerable and outdated components.
org.openrewrite.java.security.OwaspA08
- Remediate OWASP A08:2021 Software and data integrity failures
- OWASP A08:2021 software and data integrity failures.
org.openrewrite.java.security.OwaspTopTen
- Remediate vulnerabilities from the OWASP Top Ten
- OWASP publishes a list of the most impactful common security vulnerabilities. These recipes identify and remediate vulnerabilities from the OWASP Top Ten.
org.openrewrite.java.security.PartialPathTraversalVulnerability
- Partial path traversal vulnerability
- Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()). To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out"). The check is bypassed although /outnot is not under the /out directory. It's important to understand that the terminating slash may be removed when using various String representations of the File object. For example, on Linux, println(new File("/var")) will print /var, but println(new File("/var", "/") will print /var/; however, println(new File("/var", "/").getCanonicalPath()) will print /var.
org.openrewrite.java.security.RegularExpressionDenialOfService
- Regular Expression Denial of Service (ReDOS)
- ReDoS is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). See the OWASP description of this attack here for more details.
org.openrewrite.java.security.SecureRandom
- Secure random
- Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of java.util.Random with java.security.SecureRandom.
org.openrewrite.java.security.SecureRandomPrefersDefaultSeed
- SecureRandom seeds are not constant or predictable
- Remove SecureRandom#setSeed(*) method invocations having constant or predictable arguments.
org.openrewrite.java.security.SecureTempFileCreation
- Use secure temporary file creation
- java.io.File.createTempFile() has exploitable default file permissions. This recipe migrates to the more secure java.nio.file.Files.createTempFile().
org.openrewrite.java.security.UseFilesCreateTempDirectory
- Use Files#createTempDirectory
- Use Files#createTempDirectory when the sequence File#createTempFile(..)->File#delete()->File#mkdir() is used for creating a temp directory.
org.openrewrite.java.security.XmlParserXXEVulnerability
- XML parser XXE vulnerability
- Avoid exposing dangerous features of the XML parser by updating certain factory settings.
org.openrewrite.java.security.ZipSlip
- Zip slip
- Zip slip is an arbitrary file overwrite critical vulnerability, which typically results in remote command execution. A fuller description of this vulnerability is available in the Snyk documentation on it.
org.openrewrite.java.security.marshalling.InsecureJmsDeserialization
- Insecure JMS deserialization
- JMS Object messages depend on Java Serialization for marshalling/unmarshalling of the message payload when ObjectMessage#getObject is called. Deserialization of untrusted data can lead to security flaws.
org.openrewrite.java.security.marshalling.SecureJacksonDefaultTyping
- Secure the use of Jackson default typing
- See the blog post on this subject.
org.openrewrite.java.security.marshalling.SecureSnakeYamlConstructor
- Secure the use of SnakeYAML's constructor
- See the paper on this subject.
org.openrewrite.java.security.search.FindJacksonDefaultTypeMapping
- Find Jackson default type mapping enablement
- ObjectMapper#enableTypeMapping(..) can lead to vulnerable deserialization.
org.openrewrite.java.security.search.FindSensitiveApiEndpoints
- Find sensitive API endpoints
- Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
org.openrewrite.java.security.search.FindVulnerableJacksonJsonTypeInfo
- Find vulnerable uses of Jackson @JsonTypeInfo
- Identify where attackers can deserialize gadgets into a target field.
org.openrewrite.java.security.secrets.FindArtifactorySecrets
- Find Artifactory secrets
- Locates Artifactory secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindAwsSecrets
- Find AWS secrets
- Locates AWS secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindAzureSecrets
- Find Azure secrets
- Locates Azure secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindDiscordSecrets
- Find Discord secrets
- Locates Discord secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindFacebookSecrets
- Find Facebook secrets
- Locates Facebook secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindGenericSecrets
- Find generic secrets
- Locates generic secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindGitHubSecrets
- Find GitHub secrets
- Locates GitHub secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindGoogleSecrets
- Find Google secrets
- Locates Google secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindHerokuSecrets
- Find Heroku secrets
- Locates Heroku secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindJwtSecrets
- Find JWT secrets
- Locates JWTs stored in plain text in code.
org.openrewrite.java.security.secrets.FindMailChimpSecrets
- Find MailChimp secrets
- Locates MailChimp secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindMailgunSecrets
- Find Mailgun secrets
- Locates Mailgun secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindNpmSecrets
- Find NPM secrets
- Locates NPM secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindPasswordInUrlSecrets
- Find passwords used in URLs
- Locates URLs that contain passwords in plain text.
org.openrewrite.java.security.secrets.FindPayPalSecrets
- Find PayPal secrets
- Locates PayPal secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindPgpSecrets
- Find PGP secrets
- Locates PGP secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindPicaticSecrets
- Find Picatic secrets
- Locates Picatic secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindRsaSecrets
- Find RSA private keys
- Locates RSA private keys stored in plain text in code.
org.openrewrite.java.security.secrets.FindSecrets
- Find secrets
- Locates secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindSecretsByPattern
- Find secrets with regular expressions
- A secret is a literal that matches any one of the provided patterns.
org.openrewrite.java.security.secrets.FindSendGridSecrets
- Find SendGrid secrets
- Locates SendGrid secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindSlackSecrets
- Find Slack secrets
- Locates Slack secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindSquareSecrets
- Find Square secrets
- Locates Square secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindSshSecrets
- Find SSH secrets
- Locates SSH secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindStripeSecrets
- Find Stripe secrets
- Locates Stripe secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindTelegramSecrets
- Find Telegram secrets
- Locates Telegram secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindTwilioSecrets
- Find Twilio secrets
- Locates Twilio secrets stored in plain text in code.
org.openrewrite.java.security.secrets.FindTwitterSecrets
- Find Twitter secrets
- Locates Twitter secrets stored in plain text in code.
org.openrewrite.java.security.servlet.CookieSetSecure
- Insecure cookies
- Check for use of insecure cookies. Cookies should be marked as secure. This ensures that the cookie is sent only over HTTPS to prevent cross-site scripting attacks.
org.openrewrite.java.security.spring.CsrfProtection
- Enable CSRF attack prevention
- Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. See the full OWASP cheatsheet.
org.openrewrite.java.security.spring.InsecureSpringServiceExporter
- Secure Spring service exporters
- The default Java deserialization mechanism is available via ObjectInputStream class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’s RemoteInvocationSerializingExporter uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least HttpInvokerServiceExporter and SimpleHttpInvokerServiceExporter that extend RemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.
org.openrewrite.java.security.spring.PreventClickjacking
- Prevent clickjacking
- The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
org.openrewrite.recipe.rewrite-java-security.InlineDeprecatedMethods
- Inline deprecated delegating methods
- Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
org.openrewrite.text.FindHardcodedLoopbackAddresses
- Find hard-coded loopback IPv4 addresses
- Locates mentions of hard-coded IPv4 addresses from the loopback IP range. The loopback IP range includes 127.0.0.0 to 127.255.255.255. This detects the entire localhost/loopback subnet range, not just the commonly used 127.0.0.1.
org.openrewrite.text.FindHardcodedPrivateIPAddresses
- Find hard-coded private IPv4 addresses
- Locates mentions of hard-coded IPv4 addresses from private IP ranges. Private IP ranges include: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 It is not detecting the localhost subnet 127.0.0.0 to 127.255.255.255.
org.openrewrite.text.RemoveHardcodedIPAddressesFromComments
- Remove hard-coded IP addresses from comments
- Removes hard-coded IPv4 addresses from comments when they match private IP ranges or loopback addresses. This targets IP addresses that are commented out in various comment formats: Private IP ranges: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 Loopback IP range: * 127.0.0.0 to 127.255.255.255 Supported comment formats: * C-style line comments (//) * C-style block comments (/* */) * Shell/Python style comments (#) * XML comments () * YAML comments (#) * Properties file comments (# or !) For line comments, the entire line is removed. For block comments, only the IP address is removed.

rewrite-kafka

io.moderne.kafka.MigrateAdminListConsumerGroups
- Migrate Admin.listConsumerGroups() to listGroups()
- Migrates the deprecated Admin.listConsumerGroups() method to listGroups() and updates related types for Kafka 4.1 compatibility.
io.moderne.kafka.MigrateAlterConfigsToIncrementalAlterConfigs
- Migrate AdminClient.alterConfigs() to incrementalAlterConfigs()
- Migrates the removed AdminClient.alterConfigs() method to incrementalAlterConfigs() for Kafka 4.0 compatibility.
io.moderne.kafka.MigrateConsumerCommittedToSet
- Migrate KafkaConsumer.committed(TopicPartition) to committed(Set<TopicPartition>)
- Migrates from the removed KafkaConsumer.committed(TopicPartition) to committed(Set<TopicPartition>) for Kafka 4.0 compatibility. Converts single TopicPartition arguments to Collections.singleton() calls.
io.moderne.kafka.MigrateConsumerGroupStateToGroupState
- Migrate ConsumerGroupState to GroupState
- Migrates from the deprecated ConsumerGroupState to GroupState for Kafka 4.0 compatibility. ConsumerGroupState was deprecated in favor of GroupState which supports both consumer groups and share groups.
io.moderne.kafka.MigrateConsumerPollToDuration
- Migrate KafkaConsumer.poll(long) to poll(Duration)
- Migrates from the deprecated KafkaConsumer.poll(long) to poll(Duration) for Kafka 4.0 compatibility. Converts millisecond timeout values to Duration.ofMillis() calls.
io.moderne.kafka.MigrateSendOffsetsToTransaction
- Migrate deprecated sendOffsetsToTransaction to use ConsumerGroupMetadata
- Migrates from the deprecated KafkaProducer.sendOffsetsToTransaction(Map, String) to sendOffsetsToTransaction(Map, ConsumerGroupMetadata) for Kafka 4.0 compatibility. This recipe uses a conservative approach with new ConsumerGroupMetadata(groupId).
io.moderne.kafka.MigrateToKafka23
- Migrate to Kafka 2.3
- Migrate applications to the latest Kafka 2.3 release.
io.moderne.kafka.MigrateToKafka24
- Migrate to Kafka 2.4
- Migrate applications to the latest Kafka 2.4 release.
io.moderne.kafka.MigrateToKafka25
- Migrate to Kafka 2.5
- Migrate applications to the latest Kafka 2.5 release.
io.moderne.kafka.MigrateToKafka26
- Migrate to Kafka 2.6
- Migrate applications to the latest Kafka 2.6 release.
io.moderne.kafka.MigrateToKafka27
- Migrate to Kafka 2.7
- Migrate applications to the latest Kafka 2.7 release.
io.moderne.kafka.MigrateToKafka28
- Migrate to Kafka 2.8
- Migrate applications to the latest Kafka 2.8 release.
io.moderne.kafka.MigrateToKafka30
- Migrate to Kafka 3.0
- Migrate applications to the latest Kafka 3.0 release.
io.moderne.kafka.MigrateToKafka31
- Migrate to Kafka 3.1
- Migrate applications to the latest Kafka 3.1 release.
io.moderne.kafka.MigrateToKafka32
- Migrate to Kafka 3.2
- Migrate applications to the latest Kafka 3.2 release.
io.moderne.kafka.MigrateToKafka33
- Migrate to Kafka 3.3
- Migrate applications to the latest Kafka 3.3 release.
io.moderne.kafka.MigrateToKafka40
- Migrate to Kafka 4.0
- Migrate applications to the latest Kafka 4.0 release. This includes updating dependencies to 4.0.x, ensuring Java 11+ for clients and Java 17+ for brokers/tools, and handling changes.
io.moderne.kafka.MigrateToKafka41
- Migrate to Kafka 4.1
- Migrate applications to the latest Kafka 4.1 release. This includes updating dependencies to 4.1.x, migrating deprecated Admin API methods, updating Streams configuration properties, and removing deprecated broker properties.
io.moderne.kafka.RemoveDeprecatedKafkaProperties
- Remove deprecated Kafka property
- Removes a specific Kafka property that is no longer supported in Kafka 4.0.
io.moderne.kafka.UpgradeJavaForKafkaBroker
- Upgrade Java to 17+ for Kafka broker/tools
- Ensures Java 17 or higher is used when Kafka broker or tools dependencies are present.
io.moderne.kafka.UpgradeJavaForKafkaClients
- Upgrade Java to 11+ for Kafka clients
- Ensures Java 11 or higher is used when Kafka client libraries are present.
io.moderne.kafka.streams.MigrateJoinedNameMethod
- Migrate Joined.named() to Joined.as()
- In Kafka Streams 2.3, Joined.named() was deprecated in favor of Joined.as(). Additionally, the name() method was deprecated for removal and should not be used.
io.moderne.kafka.streams.MigrateKStreamToTable
- Migrate KStream to KTable conversion to use toTable() method
- In Kafka Streams 2.5, a new toTable() method was added to simplify converting a KStream to a KTable. This recipe replaces the manual aggregation pattern .groupByKey().reduce((oldVal, newVal) -> newVal) with the more concise .toTable() method.
io.moderne.kafka.streams.MigrateKafkaStreamsStoreMethod
- Migrate deprecated KafkaStreams#store method
- In Kafka Streams 2.5, the method KafkaStreams#store(String storeName, QueryableStoreType<T> storeType) was deprecated. It only allowed querying active stores and did not support any additional query options. Use the new StoreQueryParameters API instead.
io.moderne.kafka.streams.MigrateRetryConfiguration
- Migrate deprecated retry configuration to task timeout
- In Kafka 2.7, RETRIES_CONFIG and RETRY_BACKOFF_MS_CONFIG were deprecated in favor of TASK_TIMEOUT_MS_CONFIG. This recipe migrates the old retry configuration to the new task timeout configuration, attempting to preserve the retry budget by multiplying retries × backoff time. If only one config is present, it falls back to 60000ms (1 minute).
io.moderne.kafka.streams.MigrateStreamsUncaughtExceptionHandler
- Migrate to StreamsUncaughtExceptionHandler API
- Migrates from the JVM-level Thread.UncaughtExceptionHandler to Kafka Streams' StreamsUncaughtExceptionHandler API introduced in version 2.8. This new API provides explicit control over how the Streams client should respond to uncaught exceptions (REPLACE_THREAD, SHUTDOWN_CLIENT, or SHUTDOWN_APPLICATION).
io.moderne.kafka.streams.MigrateTaskAndThreadMetadata
- Migrate TaskMetadata and ThreadMetadata
- Migrates TaskMetadata and ThreadMetadata from org.apache.kafka.streams.processor package to org.apache.kafka.streams package, and updates TaskMetadata.taskId() calls to include .toString() for String compatibility.
io.moderne.kafka.streams.MigrateTaskMetadataTaskId
- Migrate TaskMetadata.taskId() to return TaskId
- In Kafka Streams 3.0, TaskMetadata.taskId() changed its return type from String to TaskId. This recipe adds .toString() calls where necessary to maintain String compatibility.
io.moderne.kafka.streams.MigrateWindowStorePutMethod
- Migrate WindowStore.put() to include timestamp
- In Kafka Streams 2.4, WindowStore.put() requires a timestamp parameter. This recipe adds context.timestamp() as the third parameter.
io.moderne.kafka.streams.ProcessingGuaranteeExactlyOnceToBeta
- Migrate exactly_once to exactly_once_beta
- Kafka Streams 2.6 introduces the exactly-once semantics v2, which is a more efficient implementation with improved internal handling. Though it is beta, it’s fully backward-compatible from the API standpoint, but internally it uses a different transaction/commit protocol. Starting from 3.0, it becomes the default "exactly_once_v2".
io.moderne.kafka.streams.ProcessingGuaranteeExactlyOnceToV2
- Migrate exactly_once and exactly_once_beta to exactly_once_v2
- Kafka Streams 2.6 introduces the exactly-once semantics v2, which is a more efficient implementation with improved internal handling. Starting from 3.0, it becomes the default "exactly_once_v2".
io.moderne.kafka.streams.RemovePartitionGrouperConfiguration
- Remove PartitionGrouper configuration
- Starting with Kafka Streams 2.4, the PartitionGrouper API was deprecated and partition grouping is now fully handled internally by the library. This recipe removes the deprecated PARTITION_GROUPER_CLASS_CONFIG configuration.

rewrite-kubernetes

org.openrewrite.kubernetes.AddConfiguration
- Add Kubernetes configuration
- Add default required configuration when it is missing.
org.openrewrite.kubernetes.ChangeApiVersion
- Change Kubernetes API version
- Change the Kubernetes API version in a resource.
org.openrewrite.kubernetes.ImagePullPolicyAlways
- Ensure image pull policy is Always
- Ensures the latest version of a tag is deployed each time.
org.openrewrite.kubernetes.KubernetesBestPractices
- Kubernetes best practices
- Applies best practices to Kubernetes manifests.
org.openrewrite.kubernetes.LifecycleRuleOnStorageBucket
- Ensure lifecycle rule on StorageBucket
- When defining a rule, you can specify any set of conditions for any action. The following configuration defines a rule to delete all objects older than 7 days in a bucket.
org.openrewrite.kubernetes.LimitContainerCapabilities
- Limit root capabilities in a container
- Limiting the admission of containers with capabilities ensures that only a small number of containers have extended capabilities outside the default range.
org.openrewrite.kubernetes.MissingCpuLimits
- Ensure CPU limits are set
- A system without managed quotas could eventually collapse due to inadequate resources for the tasks it bares.
org.openrewrite.kubernetes.MissingCpuRequest
- Ensure CPU request is set
- If a container is created in a namespace that has a default CPU limit, and the container does not specify its own CPU limit, then the container is assigned the default CPU limit.
org.openrewrite.kubernetes.MissingMemoryLimits
- Ensure memory limits are set
- With no limit set, kubectl allocates more and more memory to the container until it runs out.
org.openrewrite.kubernetes.MissingMemoryRequest
- Ensure memory request is set
- A container is guaranteed to have as much memory as it requests, but is not allowed to use more memory than the limit set. This configuration may save resources and prevent an attack on an exploited container.
org.openrewrite.kubernetes.MissingPodLivenessProbe
- Ensure liveness probe is configured
- The kubelet uses liveness probes to know when to schedule restarts for containers. Restarting a container in a deadlock state can help to make the application more available, despite bugs.
org.openrewrite.kubernetes.MissingPodReadinessProbe
- Ensure readiness probe is configured
- Using the Readiness Probe ensures teams define what actions need to be taken to prevent failure and ensure recovery in case of unexpected errors.
org.openrewrite.kubernetes.NoHostIPCSharing
- No host IPC sharing
- Preventing sharing of host PID/IPC namespace, networking, and ports ensures proper isolation between Docker containers and the underlying host.
org.openrewrite.kubernetes.NoHostNetworkSharing
- No host network sharing
- When using the host network mode for a container, that container’s network stack is not isolated from the Docker host, so the container shares the host’s networking namespace and does not get its own IP-address allocation.
org.openrewrite.kubernetes.NoHostProcessIdSharing
- No host process ID sharing
- Sharing the host process ID namespace breaks the isolation between container images and can make processes visible to other containers in the pod. This includes all information in the /proc directory, which can sometimes include passwords or keys, passed as environment variables.
org.openrewrite.kubernetes.NoPrivilegeEscalation
- No privilege escalation
- Does not allow a process to gain more privileges than its parent process.
org.openrewrite.kubernetes.NoPrivilegedContainers
- No privileged containers
- Privileged containers are containers that have all of the root capabilities of a host machine, allowing access to resources that are not accessible in ordinary containers.
org.openrewrite.kubernetes.NoRootContainers
- No root containers
- Containers that run as root frequently have more permissions than their workload requires which, in case of compromise, could help an attacker further their exploits.
org.openrewrite.kubernetes.ReadOnlyRootFilesystem
- Read-only root filesystem
- Using an immutable root filesystem and a verified boot mechanism prevents against attackers from "owning" the machine through permanent local changes.
org.openrewrite.kubernetes.UpdateContainerImageName
- Update image name
- Search for image names that match patterns and replace the components of the name with new values.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_16
- Migrate to Kubernetes API v1.16
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.16.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_22
- Migrate to Kubernetes API v1.22
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.22.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_25
- Migrate to Kubernetes API v1.25
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.25.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_26
- Migrate to Kubernetes API v1.26
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.26.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_27
- Migrate to Kubernetes API v1.27
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.27.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_29
- Migrate to Kubernetes API v1.29
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.29.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_32
- Migrate to Kubernetes API v1.32
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.32.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_33
- Migrate to Kubernetes API v1.33
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.33.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_34
- Migrate to Kubernetes API v1.34
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.34.
org.openrewrite.kubernetes.migrate.MigrateToAPIv1_35
- Migrate to Kubernetes API v1.35
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.35.
org.openrewrite.kubernetes.rbac.AddRuleToRole
- Add RBAC rules
- Add RBAC rules to ClusterRoles or namespaced Roles.
org.openrewrite.kubernetes.resource.CapResourceValueToMaximum
- Cap exceeds resource value
- Cap resource values that exceed a specific maximum.
org.openrewrite.kubernetes.resource.FindExceedsResourceRatio
- Find exceeds resource ratio
- Find resource manifests that have requests to limits ratios beyond a specific maximum.
org.openrewrite.kubernetes.resource.FindExceedsResourceValue
- Find exceeds resource limit
- Find resource manifests that have limits set beyond a specific maximum.
org.openrewrite.kubernetes.search.FindAnnotation
- Find annotation
- Find annotations that optionally match a given regex.
org.openrewrite.kubernetes.search.FindDisallowedImageTags
- Find disallowed image tags
- The set of image tags to find which are considered disallowed.
org.openrewrite.kubernetes.search.FindHarcodedIPAddresses
- Find hardcoded IP addresses
- Find hardcoded IP address anywhere in text-based files.
org.openrewrite.kubernetes.search.FindImage
- Find image by name
- The image name to search for in containers and initContainers.
org.openrewrite.kubernetes.search.FindMissingDigest
- Find missing image digest
- Find instances of a container name that fails to specify a digest.
org.openrewrite.kubernetes.search.FindMissingOrInvalidAnnotation
- Find annotation
- Find annotations that optionally match a given value.
org.openrewrite.kubernetes.search.FindMissingOrInvalidLabel
- Find label
- Find labels that optionally match a given regex.
org.openrewrite.kubernetes.search.FindNonTlsIngress
- Find non-TLS Ingresses
- Find Ingress resources that don't disallow HTTP or don't have TLS configured.
org.openrewrite.kubernetes.search.FindResourceMissingConfiguration
- Find missing configuration
- Find Kubernetes resources with missing configuration.
org.openrewrite.kubernetes.services.FindServiceExternalIPs
- Find uses of externalIP
- Find any Service whose externalIP list contains, or does not contain, one of a list of IPs.
org.openrewrite.kubernetes.services.FindServicesByType
- Service type
- Type of Kubernetes Service to find.
org.openrewrite.kubernetes.services.UpdateServiceExternalIP
- Update Service externalIP
- Swap out an IP address with another one in Service externalIP settings.

rewrite-migrate-python

org.openrewrite.python.migrate.FindAifcModule
- Find deprecated aifc module usage
- The aifc module was deprecated in Python 3.11 and removed in Python 3.13. Use third-party audio libraries instead.
org.openrewrite.python.migrate.FindAsyncioCoroutineDecorator
- Find deprecated @asyncio.coroutine decorator
- Find usage of the deprecated @asyncio.coroutine decorator which was removed in Python 3.11. Convert to async def syntax with await instead of yield from.
org.openrewrite.python.migrate.FindAudioopModule
- Find deprecated audioop module usage
- The audioop module was deprecated in Python 3.11 and removed in Python 3.13. Use pydub, numpy, or scipy for audio operations.
org.openrewrite.python.migrate.FindCgiModule
- Find deprecated cgi module usage
- The cgi module was deprecated in Python 3.11 and removed in Python 3.13. Use urllib.parse for query string parsing, html.escape() for escaping, and web frameworks or email.message for form handling.
org.openrewrite.python.migrate.FindCgiParseQs
- Find removed cgi.parse_qs() usage
- cgi.parse_qs() was removed in Python 3.8. Use urllib.parse.parse_qs() instead.
org.openrewrite.python.migrate.FindCgiParseQsl
- Find removed cgi.parse_qsl() usage
- cgi.parse_qsl() was removed in Python 3.8. Use urllib.parse.parse_qsl() instead.
org.openrewrite.python.migrate.FindCgitbModule
- Find deprecated cgitb module usage
- The cgitb module was deprecated in Python 3.11 and removed in Python 3.13. Use the standard logging and traceback modules for error handling.
org.openrewrite.python.migrate.FindChunkModule
- Find deprecated chunk module usage
- The chunk module was deprecated in Python 3.11 and removed in Python 3.13. Implement IFF chunk reading manually or use specialized libraries.
org.openrewrite.python.migrate.FindCryptModule
- Find deprecated crypt module usage
- The crypt module was deprecated in Python 3.11 and removed in Python 3.13. Use bcrypt, argon2-cffi, or passlib instead.
org.openrewrite.python.migrate.FindDistutilsUsage
- Find deprecated distutils module usage
- Find imports of the deprecated distutils module which was removed in Python 3.12. Migrate to setuptools or other modern build tools.
org.openrewrite.python.migrate.FindElementGetchildren
- Find deprecated Element.getchildren() usage
- Find usage of getchildren() method on XML Element objects. Deprecated in Python 3.9. Use list(element) instead.
org.openrewrite.python.migrate.FindFunctoolsCmpToKey
- Find functools.cmp_to_key() usage
- Find usage of functools.cmp_to_key() which is a Python 2 compatibility function. Consider using a key function directly.
org.openrewrite.python.migrate.FindHtmlParserUnescape
- Find removed HTMLParser.unescape() usage
- HTMLParser.unescape() was removed in Python 3.9. Use html.unescape() instead.
org.openrewrite.python.migrate.FindImghdrModule
- Find deprecated imghdr module usage
- The imghdr module was deprecated in Python 3.11 and removed in Python 3.13. Use filetype, python-magic, or Pillow instead.
org.openrewrite.python.migrate.FindImpUsage
- Find deprecated imp module usage
- Find imports of the deprecated imp module which was removed in Python 3.12. Migrate to importlib.
org.openrewrite.python.migrate.FindLocaleGetdefaultlocale
- Find deprecated locale.getdefaultlocale() usage
- locale.getdefaultlocale() was deprecated in Python 3.11. Use locale.setlocale(), locale.getlocale(), or locale.getpreferredencoding(False) instead.
org.openrewrite.python.migrate.FindMacpathModule
- Find removed macpath module usage
- The macpath module was removed in Python 3.8. Use os.path instead.
org.openrewrite.python.migrate.FindMailcapModule
- Find deprecated mailcap module usage
- The mailcap module was deprecated in Python 3.11 and removed in Python 3.13. Use mimetypes module for MIME type handling.
org.openrewrite.python.migrate.FindMsilibModule
- Find deprecated msilib module usage
- The msilib module was deprecated in Python 3.11 and removed in Python 3.13. Use platform-specific tools for MSI creation.
org.openrewrite.python.migrate.FindNisModule
- Find deprecated nis module usage
- The nis module was deprecated in Python 3.11 and removed in Python 3.13. There is no direct replacement.
org.openrewrite.python.migrate.FindNntplibModule
- Find deprecated nntplib module usage
- The nntplib module was deprecated in Python 3.11 and removed in Python 3.13. NNTP is largely obsolete; consider alternatives if needed.
org.openrewrite.python.migrate.FindOsPopen
- Find deprecated os.popen() usage
- os.popen() has been deprecated since Python 3.6. Use subprocess.run() or subprocess.Popen() instead for better control over process creation and output handling.
org.openrewrite.python.migrate.FindOsSpawn
- Find deprecated os.spawn*() usage
- The os.spawn*() family of functions are deprecated. Use subprocess.run() or subprocess.Popen() instead.
org.openrewrite.python.migrate.FindOssaudiodevModule
- Find deprecated ossaudiodev module usage
- The ossaudiodev module was deprecated in Python 3.11 and removed in Python 3.13. There is no direct replacement.
org.openrewrite.python.migrate.FindPathlibLinkTo
- Find deprecated Path.link_to() usage
- Find usage of Path.link_to() which was deprecated in Python 3.10 and removed in 3.12. Use hardlink_to() instead (note: argument order is reversed).
org.openrewrite.python.migrate.FindPipesModule
- Find deprecated pipes module usage
- The pipes module was deprecated in Python 3.11 and removed in Python 3.13. Use subprocess with shlex.quote() for shell escaping.
org.openrewrite.python.migrate.FindPlatformPopen
- Find removed platform.popen() usage
- platform.popen() was removed in Python 3.8. Use os.popen() or subprocess.run() instead.
org.openrewrite.python.migrate.FindReTemplate
- Find deprecated re.template() / re.TEMPLATE usage
- re.template() and re.TEMPLATE were deprecated in Python 3.11 and removed in 3.13.
org.openrewrite.python.migrate.FindRemovedModules312
- Find modules removed in Python 3.12
- Find imports of modules that were removed in Python 3.12, including asynchat, asyncore, and smtpd.
org.openrewrite.python.migrate.FindShutilRmtreeOnerror
- Find deprecated shutil.rmtree(onerror=...) parameter
- The onerror parameter of shutil.rmtree() was deprecated in Python 3.12 in favor of onexc. The onexc callback receives the exception object directly rather than an exc_info tuple.
org.openrewrite.python.migrate.FindSndhdrModule
- Find deprecated sndhdr module usage
- The sndhdr module was deprecated in Python 3.11 and removed in Python 3.13. Use filetype or audio libraries like pydub instead.
org.openrewrite.python.migrate.FindSocketGetFQDN
- Find socket.getfqdn() usage
- Find usage of socket.getfqdn() which can be slow and unreliable. Consider using socket.gethostname() instead.
org.openrewrite.python.migrate.FindSpwdModule
- Find deprecated spwd module usage
- The spwd module was deprecated in Python 3.11 and removed in Python 3.13. There is no direct replacement.
org.openrewrite.python.migrate.FindSslMatchHostname
- Find deprecated ssl.match_hostname()
- Find usage of the deprecated ssl.match_hostname() function which was removed in Python 3.12. Use ssl.SSLContext.check_hostname instead.
org.openrewrite.python.migrate.FindSunauModule
- Find deprecated sunau module usage
- The sunau module was deprecated in Python 3.11 and removed in Python 3.13. Use soundfile or pydub instead.
org.openrewrite.python.migrate.FindSysCoroutineWrapper
- Find removed sys.set_coroutine_wrapper() / sys.get_coroutine_wrapper()
- sys.set_coroutine_wrapper() and sys.get_coroutine_wrapper() were deprecated in Python 3.7 and removed in Python 3.8.
org.openrewrite.python.migrate.FindSysLastExcInfo
- Find deprecated sys.last_type / sys.last_value / sys.last_traceback
- sys.last_type, sys.last_value, and sys.last_traceback were deprecated in Python 3.12. Use sys.last_exc instead.
org.openrewrite.python.migrate.FindTarfileFilemode
- Find removed tarfile.filemode usage
- tarfile.filemode was removed in Python 3.8. Use stat.filemode() instead.
org.openrewrite.python.migrate.FindTelnetlibModule
- Find deprecated telnetlib module usage
- The telnetlib module was deprecated in Python 3.11 and removed in Python 3.13. Consider using telnetlib3 from PyPI, direct socket usage, or SSH-based alternatives like paramiko.
org.openrewrite.python.migrate.FindTempfileMktemp
- Find deprecated tempfile.mktemp() usage
- Find usage of tempfile.mktemp() which is deprecated due to security concerns (race condition). Use mkstemp() or NamedTemporaryFile() instead.
org.openrewrite.python.migrate.FindUrllibParseSplitFunctions
- Find deprecated urllib.parse split functions
- Find usage of deprecated urllib.parse split functions (splithost, splitport, etc.) removed in Python 3.14. Use urlparse() instead.
org.openrewrite.python.migrate.FindUrllibParseToBytes
- Find deprecated urllib.parse.to_bytes() usage
- Find usage of urllib.parse.to_bytes() which was deprecated in Python 3.8 and removed in 3.14. Use str.encode() directly.
org.openrewrite.python.migrate.FindUuModule
- Find deprecated uu module usage
- The uu module was deprecated in Python 3.11 and removed in Python 3.13. Use base64 module instead for encoding binary data.
org.openrewrite.python.migrate.FindXdrlibModule
- Find deprecated xdrlib module usage
- The xdrlib module was deprecated in Python 3.11 and removed in Python 3.13. Use struct module for binary packing/unpacking.
org.openrewrite.python.migrate.MigrateAsyncioCoroutine
- Migrate @asyncio.coroutine to async def
- Migrate functions using the deprecated @asyncio.coroutine decorator to use async def syntax. Also transforms yield from to await. The decorator was removed in Python 3.11.
org.openrewrite.python.migrate.ReplaceArrayFromstring
- Replace array.fromstring() with array.frombytes()
- Replace fromstring() with frombytes() on array objects. The fromstring() method was deprecated in Python 3.2 and removed in 3.14.
org.openrewrite.python.migrate.ReplaceArrayTostring
- Replace array.tostring() with array.tobytes()
- Replace tostring() with tobytes() on array objects. The tostring() method was deprecated in Python 3.2 and removed in 3.14.
org.openrewrite.python.migrate.ReplaceAstBytes
- Replace ast.Bytes with ast.Constant
- The ast.Bytes node type was deprecated in Python 3.8 and removed in Python 3.14. Replace with ast.Constant and check isinstance(node.value, bytes).
org.openrewrite.python.migrate.ReplaceAstEllipsis
- Replace ast.Ellipsis with ast.Constant
- The ast.Ellipsis node type was deprecated in Python 3.8 and removed in Python 3.14. Replace with ast.Constant and check node.value is ....
org.openrewrite.python.migrate.ReplaceAstNameConstant
- Replace ast.NameConstant with ast.Constant
- The ast.NameConstant node type was deprecated in Python 3.8 and removed in Python 3.14. Replace with ast.Constant and check node.value in (True, False, None).
org.openrewrite.python.migrate.ReplaceAstNum
- Replace ast.Num with ast.Constant
- The ast.Num node type was deprecated in Python 3.8 and removed in Python 3.14. Replace with ast.Constant and check isinstance(node.value, (int, float, complex)).
org.openrewrite.python.migrate.ReplaceAstStr
- Replace ast.Str with ast.Constant
- The ast.Str node type was deprecated in Python 3.8 and removed in Python 3.14. Replace with ast.Constant and check isinstance(node.value, str).
org.openrewrite.python.migrate.ReplaceCalendarConstants
- Replace deprecated calendar constants with uppercase
- Replace deprecated mixed-case calendar constants like calendar.January with their uppercase equivalents like calendar.JANUARY. The mixed-case constants were deprecated in Python 3.12.
org.openrewrite.python.migrate.ReplaceCollectionsAbcImports
- Replace collections ABC imports with collections.abc
- Migrate deprecated abstract base class imports from collections to collections.abc. These imports were deprecated in Python 3.3 and removed in Python 3.10.
org.openrewrite.python.migrate.ReplaceConditionNotifyAll
- Replace Condition.notifyAll() with Condition.notify_all()
- Replace notifyAll() method calls with notify_all(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
org.openrewrite.python.migrate.ReplaceConfigparserReadfp
- Replace ConfigParser.readfp() with read_file()
- The ConfigParser.readfp() method was deprecated in Python 3.2 and removed in Python 3.13. Replace with read_file().
org.openrewrite.python.migrate.ReplaceConfigparserSafeConfigParser
- Replace configparser.SafeConfigParser with ConfigParser
- The configparser.SafeConfigParser class was deprecated in Python 3.2 and removed in Python 3.12. Replace with configparser.ConfigParser.
org.openrewrite.python.migrate.ReplaceDatetimeUtcFromTimestamp
- Replace datetime.utcfromtimestamp() with datetime.fromtimestamp(ts, UTC)
- The datetime.utcfromtimestamp() method is deprecated in Python 3.12. Replace it with datetime.fromtimestamp(ts, datetime.UTC) for timezone-aware datetime objects.
org.openrewrite.python.migrate.ReplaceDatetimeUtcNow
- Replace datetime.utcnow() with datetime.now(UTC)
- The datetime.utcnow() method is deprecated in Python 3.12. Replace it with datetime.now(datetime.UTC) for timezone-aware datetime objects.
org.openrewrite.python.migrate.ReplaceDistutilsVersion
- Replace deprecated distutils.version usage
- Detect usage of deprecated distutils.version.LooseVersion and distutils.version.StrictVersion. These should be migrated to packaging.version.Version. Note: Manual migration is required as packaging.version.Version is not a drop-in replacement.
org.openrewrite.python.migrate.ReplaceElementGetiterator
- Replace Element.getiterator() with Element.iter()
- Replace getiterator() with iter() on XML Element objects. The getiterator() method was deprecated in Python 3.9.
org.openrewrite.python.migrate.ReplaceEventIsSet
- Replace Event.isSet() with Event.is_set()
- Replace isSet() method calls with is_set(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
org.openrewrite.python.migrate.ReplaceGettextDeprecations
- Replace deprecated gettext l*gettext() functions
- Replace deprecated gettext functions like lgettext() with their modern equivalents like gettext(). The l*gettext() functions were removed in Python 3.11.
org.openrewrite.python.migrate.ReplaceLocaleResetlocale
- Replace locale.resetlocale() with locale.setlocale(LC_ALL, '')
- The locale.resetlocale() function was deprecated in Python 3.11 and removed in Python 3.13. Replace with locale.setlocale(locale.LC_ALL, '').
org.openrewrite.python.migrate.ReplacePercentFormatWithFString
- Replace % formatting with f-string
- Replace "..." % (...) expressions with f-strings (Python 3.6+). Only converts %s and %r specifiers where the format string is a literal and the conversion is safe.
org.openrewrite.python.migrate.ReplacePkgutilFindLoader
- Replace pkgutil.find_loader() with importlib.util.find_spec()
- The pkgutil.find_loader() function was deprecated in Python 3.12. Replace with importlib.util.find_spec(). Note: returns ModuleSpec, use .loader for loader.
org.openrewrite.python.migrate.ReplacePkgutilGetLoader
- Replace pkgutil.get_loader() with importlib.util.find_spec()
- The pkgutil.get_loader() function was deprecated in Python 3.12. Replace with importlib.util.find_spec(). Note: returns ModuleSpec, use .loader for loader.
org.openrewrite.python.migrate.ReplaceStrFormatWithFString
- Replace str.format() with f-string
- Replace "...".format(...) calls with f-strings (Python 3.6+). Only converts cases where the format string is a literal and the conversion is safe.
org.openrewrite.python.migrate.ReplaceThreadGetName
- Replace Thread.getName() with Thread.name
- Replace getName() method calls with the name property. Deprecated in Python 3.10, removed in 3.12.
org.openrewrite.python.migrate.ReplaceThreadIsAlive
- Replace Thread.isAlive() with Thread.is_alive()
- Replace isAlive() method calls with is_alive(). Deprecated in Python 3.1 and removed in 3.9.
org.openrewrite.python.migrate.ReplaceThreadIsDaemon
- Replace Thread.isDaemon() with Thread.daemon
- Replace isDaemon() method calls with the daemon property. Deprecated in Python 3.10, removed in 3.12.
org.openrewrite.python.migrate.ReplaceThreadSetDaemon
- Replace Thread.setDaemon() with Thread.daemon = ...
- Replace setDaemon() method calls with daemon property assignment. Deprecated in Python 3.10, removed in 3.12.
org.openrewrite.python.migrate.ReplaceThreadSetName
- Replace Thread.setName() with Thread.name = ...
- Replace setName() method calls with name property assignment. Deprecated in Python 3.10, removed in 3.12.
org.openrewrite.python.migrate.ReplaceThreadingActiveCount
- Replace threading.activeCount() with threading.active_count()
- Replace threading.activeCount() with threading.active_count(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
org.openrewrite.python.migrate.ReplaceThreadingCurrentThread
- Replace threading.currentThread() with threading.current_thread()
- Replace threading.currentThread() with threading.current_thread(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
org.openrewrite.python.migrate.ReplaceTypingCallableWithCollectionsAbcCallable
- Replace typing.Callable with collections.abc.Callable
- PEP 585 deprecated typing.Callable in Python 3.9. Replace with collections.abc.Callable for type annotations.
org.openrewrite.python.migrate.ReplaceTypingDictWithDict
- Replace typing.Dict with dict
- PEP 585 deprecated typing.Dict in Python 3.9. Replace with the built-in dict type for generic annotations.
org.openrewrite.python.migrate.ReplaceTypingListWithList
- Replace typing.List with list
- PEP 585 deprecated typing.List in Python 3.9. Replace with the built-in list type for generic annotations.
org.openrewrite.python.migrate.ReplaceTypingOptionalWithUnion
- Replace typing.Optional[X] with X | None
- PEP 604 introduced the | operator for union types in Python 3.10. Replace Optional[X] with the more concise X | None syntax.
org.openrewrite.python.migrate.ReplaceTypingSetWithSet
- Replace typing.Set with set
- PEP 585 deprecated typing.Set in Python 3.9. Replace with the built-in set type for generic annotations.
org.openrewrite.python.migrate.ReplaceTypingText
- Replace typing.Text with str
- typing.Text is deprecated as of Python 3.11. It was an alias for str for Python 2/3 compatibility. Replace with str.
org.openrewrite.python.migrate.ReplaceTypingTupleWithTuple
- Replace typing.Tuple with tuple
- PEP 585 deprecated typing.Tuple in Python 3.9. Replace with the built-in tuple type for generic annotations.
org.openrewrite.python.migrate.ReplaceTypingUnionWithPipe
- Replace typing.Union[X, Y] with X | Y
- PEP 604 introduced the | operator for union types in Python 3.10. Replace Union[X, Y, ...] with the more concise X | Y | ... syntax.
org.openrewrite.python.migrate.ReplaceUnittestDeprecatedAliases
- Replace deprecated unittest method aliases
- Replace deprecated unittest.TestCase method aliases like assertEquals with their modern equivalents like assertEqual. These aliases were removed in Python 3.11/3.12.
org.openrewrite.python.migrate.UpgradeToPython310
- Upgrade to Python 3.10
- Migrate deprecated APIs and adopt new syntax for Python 3.10 compatibility. This includes adopting PEP 604 union type syntax (X | Y) and other modernizations between Python 3.9 and 3.10.
org.openrewrite.python.migrate.UpgradeToPython311
- Upgrade to Python 3.11
- Migrate deprecated and removed APIs for Python 3.11 compatibility. This includes handling removed modules, deprecated functions, and API changes between Python 3.10 and 3.11.
org.openrewrite.python.migrate.UpgradeToPython312
- Upgrade to Python 3.12
- Migrate deprecated and removed APIs for Python 3.12 compatibility. This includes detecting usage of the removed imp module and other legacy modules that were removed in Python 3.12.
org.openrewrite.python.migrate.UpgradeToPython313
- Upgrade to Python 3.13
- Migrate deprecated and removed APIs for Python 3.13 compatibility. This includes detecting usage of modules removed in PEP 594 ('dead batteries') and other API changes between Python 3.12 and 3.13.
org.openrewrite.python.migrate.UpgradeToPython314
- Upgrade to Python 3.14
- Migrate deprecated and removed APIs for Python 3.14 compatibility. This includes replacing deprecated AST node types with ast.Constant and other API changes between Python 3.13 and 3.14.
org.openrewrite.python.migrate.UpgradeToPython38
- Upgrade to Python 3.8
- Migrate deprecated APIs and detect legacy patterns for Python 3.8 compatibility.
org.openrewrite.python.migrate.UpgradeToPython39
- Upgrade to Python 3.9
- Migrate deprecated APIs for Python 3.9 compatibility. This includes PEP 585 built-in generics, removed base64 functions, and deprecated XML Element methods.
org.openrewrite.python.migrate.langchain.FindDeprecatedLangchainAgents
- Find deprecated LangChain agent patterns
- Find usage of deprecated LangChain agent patterns including initialize_agent, AgentExecutor, and LLMChain. These were deprecated in LangChain v0.2 and removed in v1.0.
org.openrewrite.python.migrate.langchain.FindLangchainCreateReactAgent
- Find create_react_agent usage (replace with create_agent)
- Find from langgraph.prebuilt import create_react_agent which should be replaced with from langchain.agents import create_agent in LangChain v1.0.
org.openrewrite.python.migrate.langchain.ReplaceLangchainClassicImports
- Replace langchain legacy imports with langchain_classic
- Migrate legacy chain, retriever, and indexing imports from langchain to langchain_classic. These were moved in LangChain v1.0.
org.openrewrite.python.migrate.langchain.ReplaceLangchainCommunityImports
- Replace langchain imports with langchain_community
- Migrate third-party integration imports from langchain to langchain_community. These integrations were moved in LangChain v0.2.
org.openrewrite.python.migrate.langchain.ReplaceLangchainProviderImports
- Replace langchain_community imports with provider packages
- Migrate provider-specific imports from langchain_community to dedicated provider packages like langchain_openai, langchain_anthropic, etc.
org.openrewrite.python.migrate.langchain.UpgradeToLangChain02
- Upgrade to LangChain 0.2
- Migrate to LangChain 0.2 by updating imports from langchain to langchain_community and provider-specific packages.
org.openrewrite.python.migrate.langchain.UpgradeToLangChain1
- Upgrade to LangChain 1.0
- Migrate to LangChain 1.0 by applying all v0.2 migrations and then moving legacy functionality to langchain_classic.

rewrite-nodejs

org.openrewrite.nodejs.DependencyVulnerabilityCheck
- Find and fix vulnerable npm dependencies
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
org.openrewrite.nodejs.UpgradeDependencyVersion
- Upgrade Node.js dependencies
- Upgrade matching Node.js direct dependencies.
org.openrewrite.nodejs.search.DatabaseInteractionInsights
- Javascript database interaction library insights
- Discover which popular javascript database interaction libraries (Sequelize, TypeORM, Mongoose, etc.) are being used in your projects.
org.openrewrite.nodejs.search.DependencyInsight
- Node.js dependency insight
- Identify the direct and transitive Node.js dependencies used in a project.
org.openrewrite.nodejs.search.FindNodeProjects
- Find Node.js projects
- Find Node.js projects and summarize data about them.
org.openrewrite.nodejs.search.FormHandlingInsights
- Javascript form handling library insights
- Discover which popular javascript form handling libraries (Formik, React Hook Form, Yup, etc.) are being used in your projects.
org.openrewrite.nodejs.search.LintingFormattingInsights
- Javascript linting & formatting library insights
- Discover which popular javascript linting and formatting libraries (ESLint, Prettier, Stylelint, etc.) are being used in your projects.
org.openrewrite.nodejs.search.RealTimeCommunicationInsights
- Javascript real-time communication library insights
- Discover which popular javascript real-time communication libraries (Socket.io, Ws, SockJS, etc.) are being used in your projects.
org.openrewrite.nodejs.search.SecurityInsights
- Javascript security library insights
- Discover which popular javascript security libraries (Helmet, Cors, Bcrypt, etc.) are being used in your projects.
org.openrewrite.nodejs.search.ServerSideFrameworksInsights
- Javascript server-side frameworks insights
- Discover which popular javascript server-side frameworks (Express, Koa, Hapi, etc.) are being used in your projects.
org.openrewrite.nodejs.search.StateManagementInsights
- Javascript state management library insights
- Discover which popular javascript state management libraries (Redux, MobX, Vuex, etc.) are being used in your projects.
org.openrewrite.nodejs.search.TaskRunnersBuildToolsInsights
- Javascript task runners & build tools insights
- Discover which popular javascript task runners and build tools (Webpack, Parcel, Gulp, etc.) are being used in your projects.
org.openrewrite.nodejs.search.TestingInsights
- Javascript testing library insights
- Discover which popular javascript testing libraries (Jest, Mocha, Chai, etc.) are being used in your projects.
org.openrewrite.nodejs.search.UIInsights
- Javascript UI library insights
- Discover which popular javascript UI libraries (React, Vue.js, Angular, etc.) are being used in your projects.
org.openrewrite.nodejs.search.UtilityInsights
- Javascript utility library insights
- Discover which popular javascript utility libraries (Lodash, Moment.js, Date-fns, etc.) are being used in your projects.
org.openrewrite.recipe.rewrite-nodejs.InlineDeprecatedMethods
- Inline deprecated delegating methods
- Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.

rewrite-prethink

io.moderne.prethink.ComprehendCode
- Comprehend code with AI
- Use an LLM to generate descriptions for classes and methods in the codebase. Descriptions are cached based on source code checksums to avoid regenerating descriptions for unchanged code.
io.moderne.prethink.ComprehendCodeTokenCounter
- Estimate comprehension token usage
- Estimate the input token counts that would be sent to an LLM for method comprehension, without actually calling a model. Uses OpenAI's tokenizer locally. Outputs to the MethodDescriptions table with blank descriptions.
io.moderne.prethink.ExtractCodingConventions
- Extract coding conventions
- Analyze the codebase to extract coding conventions including naming patterns, import organization, and documentation patterns.
io.moderne.prethink.ExtractDependencyUsage
- Extract dependency usage patterns
- Analyze the codebase to extract dependency usage patterns by examining which types from external libraries are actually used in the code.
io.moderne.prethink.ExtractErrorPatterns
- Extract error handling patterns
- Analyze the codebase to extract error handling patterns including exception types, handling strategies, and logging frameworks used.
io.moderne.prethink.FindTestCoverage
- Find test coverage mapping
- Map test methods to their corresponding implementation methods. Uses JavaType.Method matching to determine coverage relationships. Optionally generates AI summaries of what each test is verifying when LLM provider is configured.
io.moderne.prethink.UpdatePrethinkContextNoAiStarter
- Update Prethink context (no AI)
- Generate Moderne Prethink context files with architectural discovery, test coverage mapping, dependency inventory, and FINOS CALM architecture diagrams. This recipe does not require an LLM provider - use UpdatePrethinkContextStarter if you want AI-generated code comprehension and test summaries.
io.moderne.prethink.UpdatePrethinkContextStarter
- Update Prethink context (with AI)
- Generate Moderne Prethink context files with AI-generated code comprehension, test coverage mapping, dependency inventory, and FINOS CALM architecture diagrams. Maps tests to implementation methods and optionally generates AI summaries of what each test verifies when LLM provider is configured.
io.moderne.prethink.calm.FindCalmRelationships
- Find CALM relationships
- Discover method call relationships within the repository for building interaction diagrams. Captures all method-to-method calls between in-repo classes. Entity IDs are resolved by GenerateCalmArchitecture when building CALM relationships.
io.moderne.prethink.calm.FindDataAssets
- Find data assets
- Identify data assets including JPA entities, MongoDB documents, Java records, and DTOs in the application.
io.moderne.prethink.calm.FindDatabaseConnections
- Find database connections
- Identify database connections and data access patterns in the application. Detects JPA entities, Spring Data repositories, JDBC templates, and MyBatis mappers.
io.moderne.prethink.calm.FindDeploymentArtifacts
- Find deployment artifacts
- Identify deployment artifacts including Dockerfiles, docker-compose files, and Kubernetes manifests.
io.moderne.prethink.calm.FindExpressEndpoints
- Find Express endpoints
- Identify REST/HTTP endpoints in Express and Fastify applications. Detects app.get(), router.post(), and similar route definition patterns.
io.moderne.prethink.calm.FindExternalServiceCalls
- Find external service calls
- Identify outbound HTTP calls to external services. Detects RestTemplate, WebClient, Feign clients, Apache HttpClient, OkHttp, and JAX-RS clients.
io.moderne.prethink.calm.FindMessagingConnections
- Find messaging connections
- Identify message queue producers and consumers. Detects Kafka, RabbitMQ, JMS, Spring Cloud Stream, and AWS SQS messaging.
io.moderne.prethink.calm.FindMongooseSchemas
- Find Mongoose schemas
- Identify Mongoose models and schemas in Node.js applications. Detects mongoose.model() calls and populates the DatabaseConnections table.
io.moderne.prethink.calm.FindNestJSEndpoints
- Find NestJS endpoints
- Identify REST/HTTP endpoints in NestJS controllers. Detects @Controller, @Get, @Post, @Put, @Delete, and @Patch decorators and populates the ServiceEndpoints data table.
io.moderne.prethink.calm.FindNodeErrorPatterns
- Find Node.js error patterns
- Identify error handling patterns in Node.js applications. Detects try/catch blocks and identifies logging frameworks used.
io.moderne.prethink.calm.FindNodeHttpClients
- Find Node.js HTTP clients
- Identify HTTP client usage in Node.js applications. Detects axios, fetch, got, and superagent call patterns.
io.moderne.prethink.calm.FindNodeMessaging
- Find Node.js messaging
- Identify messaging patterns in Node.js applications. Detects KafkaJS, amqplib, and Bull/BullMQ usage.
io.moderne.prethink.calm.FindNodeProjectMetadata
- Find Node.js project metadata
- Extract project metadata (name, version, description) from Node.js package.json files.
io.moderne.prethink.calm.FindNodeSecurityConfig
- Find Node.js security configuration
- Identify security middleware in Node.js applications. Detects cors, helmet, passport, and JWT middleware usage.
io.moderne.prethink.calm.FindNodeTestCoverage
- Find Node.js test coverage
- Identify test methods in Jest, Mocha, and Vitest test files. Detects describe(), it(), and test() blocks and populates the TestMapping table.
io.moderne.prethink.calm.FindPrismaUsage
- Find Prisma usage
- Identify Prisma ORM usage in Node.js applications. Detects prisma.model.findMany() and similar Prisma Client query patterns.
io.moderne.prethink.calm.FindProjectMetadata
- Find project metadata
- Extract project metadata (artifact ID, group ID, name, description) from Maven pom.xml files.
io.moderne.prethink.calm.FindSecurityConfiguration
- Find security configuration
- Identify security configurations including Spring Security, OAuth2, and CORS settings.
io.moderne.prethink.calm.FindServerConfiguration
- Find server configuration
- Extract server configuration (port, SSL, context path) from application.properties and application.yml files.
io.moderne.prethink.calm.FindServiceComponents
- Find service components
- Identify service layer components (@Service, @Component, @Named) in the application. Excludes controllers and repositories which are handled by dedicated recipes.
io.moderne.prethink.calm.FindServiceEndpoints
- Find service endpoints
- Identify all REST/HTTP service endpoints exposed by the application. Supports Spring MVC, JAX-RS, Micronaut, and Quarkus REST endpoints.
io.moderne.prethink.calm.FindTypeORMEntities
- Find TypeORM entities
- Identify TypeORM entities in Node.js applications. Detects @Entity() decorator on classes and populates the DatabaseConnections table.
io.moderne.prethink.calm.GenerateCalmMermaidDiagram
- Generate architecture mermaid diagram
- Generate a markdown file with a mermaid architecture diagram from discovered service endpoints, database connections, external service calls, and messaging connections.

rewrite-program-analysis

org.openrewrite.analysis.java.FindNullPointerIssues
- Find null pointer issues
- Detects potential null pointer dereferences using path-sensitive analysis to distinguish between definite NPEs, possible NPEs, and safe dereferences.
org.openrewrite.analysis.java.controlflow.FindUnusedDefinitions
- Find unused variable definitions
- Identifies variable assignments whose values are never used before being overwritten.
org.openrewrite.analysis.java.controlflow.search.FindCyclomaticComplexity
- Find cyclomatic complexity
- Calculates the cyclomatic complexity of methods and produces a data table containing the class name, method name, argument types, complexity value, and complexity threshold.
org.openrewrite.analysis.java.controlflow.search.FindUnreachableCode
- Find unreachable code
- Uses control flow analysis to identify statements that can never be executed.
org.openrewrite.analysis.java.dataflow.FindDeadStores
- Find dead stores
- Identifies variable assignments whose values are never used before being overwritten or going out of scope.
org.openrewrite.analysis.java.datalineage.TrackDataLineage
- Track data lineage
- Tracks the flow of data from database sources (JDBC queries, JPA entities) to API sinks (REST endpoints, GraphQL mutations) to understand data dependencies and support compliance requirements.
org.openrewrite.analysis.java.privacy.FindPiiExposure
- Find PII exposure in logs and external APIs
- Detects when Personally Identifiable Information (PII) is exposed through logging statements or sent to external APIs without proper sanitization. This helps prevent data leaks and ensures compliance with privacy regulations like GDPR and CCPA.
org.openrewrite.analysis.java.security.FindCommandInjection
- Find command injection vulnerabilities
- Detects when user-controlled input flows into system command execution methods like Runtime.exec() or ProcessBuilder, which could allow attackers to execute arbitrary commands.
org.openrewrite.analysis.java.security.FindLdapInjection
- Find LDAP injection vulnerabilities
- Finds LDAP injection vulnerabilities by tracking tainted data flow from user input to LDAP queries.
org.openrewrite.analysis.java.security.FindPathTraversal
- Find path traversal vulnerabilities
- Detects potential path traversal vulnerabilities where user input flows to file system operations without proper validation.
org.openrewrite.analysis.java.security.FindSecurityVulnerabilities
- Find security vulnerabilities using taint analysis
- Identifies potential security vulnerabilities where untrusted data from sources flows to sensitive sinks without proper sanitization.
org.openrewrite.analysis.java.security.FindSqlInjection
- Find SQL injection vulnerabilities
- Detects potential SQL injection vulnerabilities where user input flows to SQL execution methods without proper sanitization.
org.openrewrite.analysis.java.security.FindUnencryptedPiiStorage
- Find unencrypted PII storage
- Identifies when personally identifiable information (PII) is stored in databases, files, or other persistent storage without encryption.
org.openrewrite.analysis.java.security.FindXssVulnerability
- Find XSS vulnerabilities
- Detects potential cross-site scripting vulnerabilities where user input flows to output methods without proper sanitization.
org.openrewrite.analysis.java.security.FindXxeVulnerability
- Find XXE vulnerabilities
- Locates XML parsers that are not configured to prevent XML External Entity (XXE) attacks.

rewrite-python

org.openrewrite.python.AddDependency
- Add Python dependency
- Add a dependency to the [project].dependencies array in pyproject.toml. When uv is available, the uv.lock file is regenerated.
org.openrewrite.python.ChangeDependency
- Change Python dependency
- Change a dependency to a different package in pyproject.toml. Searches all dependency arrays. When uv is available, the uv.lock file is regenerated.
org.openrewrite.python.RemoveDependency
- Remove Python dependency
- Remove a dependency from the [project].dependencies array in pyproject.toml. When uv is available, the uv.lock file is regenerated.
org.openrewrite.python.RemovePass
- Remove redundant pass statements
- Remove redundant pass statements from Python code when there are other executable statements in the block.
org.openrewrite.python.UpgradeDependencyVersion
- Upgrade Python dependency version
- Upgrade the version constraint for a dependency in [project].dependencies in pyproject.toml. When uv is available, the uv.lock file is regenerated.
org.openrewrite.python.UpgradeTransitiveDependencyVersion
- Upgrade transitive Python dependency version
- Pin a transitive dependency version using the appropriate strategy for the detected package manager: uv uses [tool.uv].constraint-dependencies, PDM uses [tool.pdm.overrides], and other managers add a direct dependency.
org.openrewrite.python.format.PythonSpaces
- Formats spaces in Python code
- Standardizes spaces in Python code. Currently limited to formatting method arguments.
org.openrewrite.python.search.DependencyInsight
- Python dependency insight
- Find direct and transitive Python dependencies matching a package name pattern. Results include dependencies that either directly match or transitively include a matching dependency.

rewrite-react

org.openrewrite.react.search.FindPropUsage
- Find React prop usage
- Locates usages of a specific prop of a React component.
org.openrewrite.react.search.FindReactComponent
- Find React component
- Locates usages of React components across the codebase including JSX elements and other references. If componentName is null, finds all React components.

rewrite-reactive-streams

org.openrewrite.reactive.reactor.ReactorBestPractices
- Reactor Best Practices
- This recipe applies best practices for using Reactor.
org.openrewrite.reactive.reactor.ReactorDoAfterSuccessOrErrorToTap
- Replace doAfterSuccessOrError calls with tap operator
- As of reactor-core 3.5 the doAfterSuccessOrError method is removed, this recipe replaces it with the tap operator.
org.openrewrite.reactive.reactor.ReactorProcessorCacheToSinkRecipes
- Replace various Processor.cache calls with their Sinks equivalent
- As of 3.5 Processors are deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCacheToSinkRecipes$ReplayProcessorCacheDefaultToSinkRecipe
- Replace ReplayProcessor.cacheLast() with Sinks.many().replay().latest()
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCacheToSinkRecipes$ReplayProcessorCacheToSinkRecipe
- Replace ReplayProcessor.cacheLast() with Sinks.many().replay().latest()
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes
- Replace various Processor.create calls with their Sinks equivalent
- As of 3.5 Processors are deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$DirectProcessorCreateToSinkRecipe
- Replace DirectProcessor.create() with Sinks.many().multicast().directBestEffort()
- As of 3.5 DirectProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateBooleanToSinkRecipe
- Replace EmitterProcessor.create(Boolean) with Sinks.many().multicast().onBackpressureBuffer(Queues.SMALL_BUFFER_SIZE, Boolean)
- As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateIntBooleanToSinkRecipe
- Replace EmitterProcessor.create(int, Boolean) with Sinks.many().multicast().onBackpressureBuffer(int, Boolean)
- As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateIntToSinkRecipe
- Replace EmitterProcessor.create(int) with Sinks.many().multicast().onBackpressureBuffer(int)
- As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateToSinkRecipe
- Replace EmitterProcessor.create() with Sinks.many().multicast().onBackpressureBuffer()
- As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$MonoProcessorCreateToSinkRecipe
- Replace MonoProcessor.create() with Sinks.one()
- As of 3.5 MonoProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateIntLiteralFalseToSinkRecipe
- Replace ReplayProcessor.create(int, false) with Sinks.many().replay().limit(int)
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateIntLiteralTrueToSinkRecipe
- Replace ReplayProcessor.create(int, true) with Sinks.many().replay().all(int)
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateIntToSinkRecipe
- Replace ReplayProcessor.create(int) with Sinks.many().replay().limit(int)
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateSizeAndTimeoutSchedulerToSinkRecipe
- Replace ReplayProcessor.createSizeAndTimeout(int, Duration, Scheduler) with Sinks.many().replay().limit(int, Duration, Scheduler)
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateSizeAndTimeoutToSinkRecipe
- Replace ReplayProcessor.createSizeAndTimeout(int, Duration) with Sinks.many().replay().limit(int, duration)
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateTimeoutSchedulerToSinkRecipe
- Replace ReplayProcessor.createTimeout(Duration, Scheduler) with Sinks.many().replay().limit(Duration, Scheduler)
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateTimeoutToSinkRecipe
- Replace ReplayProcessor.createTimeout(Duration) with Sinks.many().replay().limit(duration)
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateToSinkRecipe
- Replace ReplayProcessor.create() with Sinks.many().replay().all()
- As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateQueueConsumerDisposableToSinkRecipe
- Replace UnicastProcessor.create(Queue, Consumer, Disposable) with Sinks.many().unicast().onBackpressureBuffer(Queue, Disposable)
- As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateQueueDisposableToSinkRecipe
- Replace UnicastProcessor.create(Queue, Disposable) with Sinks.many().unicast().onBackpressureBuffer(Queue, Disposable)
- As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateQueueToSinkRecipe
- Replace UnicastProcessor.create(Queue) with Sinks.many().unicast().onBackpressureBuffer(Queue)
- As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateToSinkRecipe
- Replace UnicastProcessor.create() with Sinks.many().unicast().onBackpressureBuffer()
- As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
org.openrewrite.reactive.reactor.UpgradeReactor_3_5
- Migrate to Reactor 3.5
- Adopt to breaking changes in Reactor 3.5.

rewrite-spring

io.moderne.java.jsf.MigrateToJsf_2_3
- Migrate to JSF 2.3
- Complete migration to JSF 2.3, including associated technologies like RichFaces. Updates dependencies, transforms XHTML views, and migrates Java APIs.
io.moderne.java.jsf.richfaces.ConvertExtendedDataTableHeightToStyle
- Convert height/width attributes to extendedDataTable style
- Converts height and width attributes to inline style attribute for RichFaces extendedDataTable components.
io.moderne.java.jsf.richfaces.MigrateRichFaces_4_5
- Migrate RichFaces 3.x to 4.5
- Complete RichFaces 3.x to 4.5 migration including tag renames, attribute migrations, and Java API updates.
io.moderne.java.jsf.richfaces.update45.UpdateXHTMLTags
- Migrate RichFaces tags in xhtml files
- Migrate RichFaces tags in xhtml files to RichFaces 4.
io.moderne.java.spring.boot.AddSpringBootApplication
- Add @SpringBootApplication class
- Adds a @SpringBootApplication class containing a main method to bootify your Spring Framework application.
io.moderne.java.spring.boot.FieldToConstructorInjection
- Convert field injection to constructor injection
- Converts @Autowired field injection to constructor injection pattern. For non-final classes, adds both a no-args constructor and the autowired constructor to maintain compatibility with extending classes. Moves @Qualifier annotations to constructor parameters.
io.moderne.java.spring.boot.IsLikelyNotSpringBoot
- Is likely not a Spring Boot project
- Marks the project if it's likely not a Spring Boot project.
io.moderne.java.spring.boot.IsLikelySpringBoot
- Is likely a Spring Boot project
- Marks the project if it's likely a Spring Boot project.
io.moderne.java.spring.boot.MarkEmbeddedServerProvidedForWar
- Mark embedded server as provided for WAR projects
- For WAR-packaged projects migrating to Spring Boot, add the embedded Tomcat starter with provided scope to prevent conflicts with the external servlet container.
io.moderne.java.spring.boot.MigrateSpringFrameworkDependenciesToSpringBoot
- Migrate Spring Framework dependencies to Spring Boot
- Migrate Spring Framework dependencies to Spring Boot.
io.moderne.java.spring.boot.ReplaceSpringFrameworkDepsWithBootStarters
- Replace Spring Framework dependencies with Spring Boot starters
- Replace common Spring Framework dependencies with their Spring Boot starter equivalents. This recipe handles the direct dependency replacement; any remaining Spring Framework dependencies that become transitively available through starters are cleaned up separately by RemoveRedundantDependencies.
io.moderne.java.spring.boot.SpringToSpringBoot
- Migrate Spring Framework to Spring Boot
- Migrate non Spring Boot applications to the latest compatible Spring Boot release. This recipe will modify an application's build files introducing Maven dependency management for Spring Boot, or adding the Gradle Spring Boot build plugin.
io.moderne.java.spring.boot2.UpgradeSpringBoot_2_0
- Migrate to Spring Boot 2.0
- Migrate applications to the latest Spring Boot 2.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.0.
io.moderne.java.spring.boot3.AddValidToConfigurationPropertiesFields
- Add @Valid annotation to fields
- In Spring Boot 3.4, validation of @ConfigurationProperties classes annotated with @Validated now follows the Bean Validation specification, only cascading to nested properties if the corresponding field is annotated with @Valid. The recipe will add a @Valid annotation to each field which has a type that has a field which is annotated with a jakarta.validation.constraints.* annotation.
io.moderne.java.spring.boot3.CommentDeprecations
- Comment deprecated methods in Spring 3.4
- Spring Boot 3.4 deprecates methods that are not commonly used or need manual interaction.
io.moderne.java.spring.boot3.CommentOnMockAndSpyBeansInConfigSpring34
- Comment on @MockitoSpyBean and @MockitoBean in @Configuration
- As stated in Spring Docs @MockitoSpyBean and @MockitoBean will only work in tests, explicitly not in @Configuration annotated classes.
io.moderne.java.spring.boot3.ConditionalOnAvailableEndpointMigrationSpring34
- Migrate ConditionalOnAvailableEndpoint for Spring Boot 3.4
- Migrate @ConditionalOnAvailableEndpoint(EndpointExposure.CLOUD_FOUNDRY) to @ConditionalOnAvailableEndpoint(EndpointExposure.WEB) for Spring Boot 3.4.
io.moderne.java.spring.boot3.MigrateAbstractDiscoveredEndpointConstructor
- Migrate AbstractDiscoveredEndpoint deprecated constructor
- The boolean-parameter constructor of AbstractDiscoveredEndpoint has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with an Access parameter.
io.moderne.java.spring.boot3.MigrateAbstractExposableEndpointConstructor
- Migrate AbstractExposableEndpoint deprecated constructor
- The boolean-parameter constructor of AbstractExposableEndpoint has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with an Access parameter instead of boolean enableByDefault.
io.moderne.java.spring.boot3.MigrateEndpointAnnotationAccessValueSpring34
- Migrate @Endpoints defaultAccess value
- Since Spring Boot 3.4 the @Endpoint access configuration values are no longer true|false but none|read-only|unrestricted.
io.moderne.java.spring.boot3.MigrateEndpointDiscovererConstructor
- Migrate EndpointDiscoverer deprecated constructor
- The 4-parameter constructor of EndpointDiscoverer has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
io.moderne.java.spring.boot3.MigrateEntityManagerFactoryBuilderConstructor
- Migrate EntityManagerFactoryBuilder deprecated constructor
- The constructors of EntityManagerFactoryBuilder have been deprecated in Spring Boot 3.4. This recipe transforms them to use the new constructor with a Function parameter for property mapping.
io.moderne.java.spring.boot3.MigrateJmxEndpointDiscovererConstructor
- Migrate JmxEndpointDiscoverer deprecated constructor
- The 4-parameter constructor of JmxEndpointDiscoverer has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
io.moderne.java.spring.boot3.MigrateWebEndpointDiscovererConstructor
- Migrate WebEndpointDiscoverer 6-parameter constructor to 8-parameter
- The 6-parameter constructor of WebEndpointDiscoverer has been deprecated in Spring Boot 3.3. This recipe adds two new parameters (AdditionalPathsMapper and OperationFilter<WebOperation>) to the constructor and updates the Bean method signature to inject them as ObjectProvider types.
io.moderne.java.spring.boot3.RemoveDeprecatedConditions
- Remove Spring Boot 3.5 deprecated conditions
- Replace Spring Boot 3.5 deprecated condition classes with their corresponding conditional annotations.
io.moderne.java.spring.boot3.RemoveReplaceNoneFromAutoConfigureTestDatabase
- Remove Replace.NONE from @AutoConfigureTestDatabase
- Replace.NONE is the default value for @AutoConfigureTestDatabase since Spring Boot 3.4.
io.moderne.java.spring.boot3.RemoveTestRestTemplateEnableRedirectsOptionRecipe
- Remove TestRestTemplate.HttpClientOption.ENABLE_REDIRECTS option
- The TestRestTemplate now uses the same follow redirects settings as the regular RestTemplate. The HttpOption.ENABLE_REDIRECTS option has also been deprecated. This recipe removes the option from the TestRestTemplate constructor arguments.
io.moderne.java.spring.boot3.ReplaceConditionalOutcomeInverse
- Replace ConditionOutcome.inverse() with constructor
- Replace deprecated ConditionOutcome.inverse(ConditionOutcome outcome) calls with new ConditionOutcome(!outcome.isMatch(), outcome.getConditionMessage()).
io.moderne.java.spring.boot3.ReplaceDeprecatedKafkaConnectionDetailsBootstrapServerGetters
- Replace deprecated KafkaConnectionDetails bootstrap server methods
- Replace deprecated KafkaConnectionDetails bootstrap server methods with chained calls. For example, getProducerBootstrapServers() becomes getProducer().getBootstrapServers().
io.moderne.java.spring.boot3.ReplaceDeprecatedThreadPoolTaskSchedulerConstructor
- Replace deprecated ThreadPoolTaskSchedulerBuilder 5-argument constructor
- The 5-parameter constructor of ThreadPoolTaskSchedulerBuilder has been deprecated in Spring Boot 3.5. This recipe transforms it to use the builder pattern instead, omitting null values and defaults.
io.moderne.java.spring.boot3.ReplaceKafkaTransactionManagerSetter
- Use kafkaAwareTransactionManager setter
- Replace deprecated ContainerProperties#setTransactionManager(org.springframework.transaction.PlatformTransactionManager) method with ContainerProperties#setKafkaAwareTransactionManager(org.springframework.kafka.transaction.KafkaAwareTransactionManager). The method will be replaced only if its argument has the type KafkaAwareTransactionManager.
io.moderne.java.spring.boot3.ReplaceTaskExecutorNameByApplicationTaskExecutorName
- Use bean name applicationTaskExecutor instead of taskExecutor
- Spring Boot 3.5 removed the bean name taskExecutor. Where this bean name is used, the recipe replaces the bean name to applicationTaskExecutor. This also includes instances where the developer provided their own bean named taskExecutor. This also includes scenarios where JSR-250's @Resource annotation is used.
io.moderne.java.spring.boot3.ResolveDeprecationsSpringBoot_3_3
- Resolve Deprecations in Spring Boot 3.3
- Migrates Deprecations in the Spring Boot 3.3 Release. Contains the removal of DefaultJmsListenerContainerFactoryConfigurer.setObservationRegistry and adds new parameter of WebEndpointDiscoverer constructor.
io.moderne.java.spring.boot3.ResolveTaskExecutorFromContext
- Replace taskExecutor with applicationTaskExecutor
- Use bean name applicationTaskExecutor instead of taskExecutor when resolving TaskExecutor Bean from application context.
io.moderne.java.spring.boot3.SpringBoot34Deprecations
- Migrate Spring Boot 3.4 deprecated classes and methods
- Migrate deprecated classes and methods that have been marked for removal in Spring Boot 4.0. This includes constructor changes for EntityManagerFactoryBuilder, HikariCheckpointRestoreLifecycle, and various actuator endpoint discovery classes.
io.moderne.java.spring.boot3.SpringBoot35Deprecations
- Migrate Spring Boot 3.5 deprecated classes and methods
- Migrate deprecated classes and methods that have been marked for removal in Spring Boot 3.5.
io.moderne.java.spring.boot3.SpringBoot3BestPractices
- Spring Boot 3.5 best practices
- Applies best practices to Spring Boot 3.5+ applications.
io.moderne.java.spring.boot3.SpringBootProperties_3_4
- Migrate @Endpoint Security properties to 3.4
- Migrate the settings for Spring Boot Management Endpoint Security from true|false to read-only|none.
io.moderne.java.spring.boot3.UpdateOpenTelemetryResourceAttributes
- Update OpenTelemetry resource attributes
- The service.group resource attribute has been deprecated for OpenTelemetry in Spring Boot 3.5. Consider using alternative attributes or remove the deprecated attribute.
io.moderne.java.spring.boot3.UpgradeGradle7Spring34
- Upgrade Gradle to 7.6.4+ for Spring Boot 3.4
- Spring Boot 3.4 requires Gradle 7.6.4.
io.moderne.java.spring.boot3.UpgradeGradle8Spring34
- Upgrade Gradle 8 to 8.4+ for Spring Boot 3.4
- Spring Boot 3.4 requires Gradle 8.4+.
io.moderne.java.spring.boot3.UpgradeMyBatisToSpringBoot_3_4
- Upgrade MyBatis to Spring Boot 3.4
- Upgrade MyBatis Spring modules to a version corresponding to Spring Boot 3.4.
io.moderne.java.spring.boot3.UpgradeSpringBoot_3_4
- Migrate to Spring Boot 3.4 (Moderne Edition)
- Migrate applications to the latest Spring Boot 3.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.4.
io.moderne.java.spring.boot3.UpgradeSpringBoot_3_5
- Migrate to Spring Boot 3.5 (Moderne Edition)
- Migrate applications to the latest Spring Boot 3.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.5.
io.moderne.java.spring.boot3.UpgradeSpringCloudAWSToSpringBoot_3_4
- Upgrade Spring Cloud AWS to Spring Boot 3.4 compatible version
- Upgrade the Spring Cloud AWS dependency to a version compatible with Spring Boot 3.4.
io.moderne.java.spring.boot3.UpgradeSpringKafka_3_3
- Migrate to Spring Kafka 3.3
- Migrate applications to the latest Spring Kafka 3.3 release.
io.moderne.java.spring.boot4.AddAutoConfigureMockMvc
- Add @AutoConfigureMockMvc to @SpringBootTest classes using MockMvc
- Adds @AutoConfigureMockMvc annotation to classes annotated with @SpringBootTest that use MockMvc.
io.moderne.java.spring.boot4.AddFlywayStarters
- Add Flyway starters
- Adds spring-boot-starter-flyway and spring-boot-starter-flyway-test dependencies when Flyway usage is detected in the module.
io.moderne.java.spring.boot4.AddJackson2ForJerseyJson
- Add Jackson2 for Jersey using JSON
- Check whether a module uses Jersey on combination with JSON and adds the needed spring-boot-jackson dependency and conditionally spring-boot-jackson2 dependency.
io.moderne.java.spring.boot4.AddLiquibaseStarters
- Add Liquibase starters
- Adds spring-boot-starter-liquibase and spring-boot-starter-liquibase-test dependencies when Liquibase usage is detected in the module.
io.moderne.java.spring.boot4.AddModularStarters
- Add Spring Boot 4.0 modular starters
- Add Spring Boot 4.0 starter dependencies based on package usage. Note: Higher-level starters (like data-jpa) include lower-level ones (like jdbc) transitively, so only the highest-level detected starter is added for each technology.
io.moderne.java.spring.boot4.AddMongoDbRepresentationProperties
- Add MongoDB representation properties for UUID and BigDecimal
- Adds the 'spring.mongodb.representation.uuid' property with value 'standard' and the 'spring.data.mongodb.representation.big-decimal' property with the value 'decimal128' to Spring configuration files when a MongoDB dependency is detected.
io.moderne.java.spring.boot4.AddMssqlKerberosJaasConfig
- Add useDefaultJaasConfig=true to MSSQL Kerberos JDBC URLs
- For MSSQL JDBC connections using Kerberos authentication (authenticationScheme=JavaKerberos or integratedSecurity=true), adds useDefaultJaasConfig=true to the connection string. This is required for compatibility with Keycloak 26.4+ which changes JAAS configuration handling.
io.moderne.java.spring.boot4.AddValidationStarterDependency
- Add spring-boot-starter-validation dependency
- In Spring Boot 4, validation is no longer auto-included from the web starter. This recipe adds the spring-boot-starter-validation dependency when Jakarta Validation annotations are used in the project.
io.moderne.java.spring.boot4.AdoptJackson3
- Adopt Jackson 3
- Adopt Jackson 3 which is supported by Spring Boot 4 and Jackson 2 support is deprecated.
io.moderne.java.spring.boot4.FlagDeprecatedReactorNettyHttpClientMapper
- Flag deprecated ReactorNettyHttpClientMapper for migration
- Adds a TODO comment to classes implementing the deprecated ReactorNettyHttpClientMapper interface. Migration to ClientHttpConnectorBuilderCustomizer<ReactorClientHttpConnectorBuilder> requires wrapping the HttpClient configuration in builder.withHttpClientCustomizer(...).
io.moderne.java.spring.boot4.InsertPropertyMapperAlwaysMethodInvocation
- Preserve PropertyMapper null-passing behavior
- Spring Boot 4.0 changes the PropertyMapper behavior so that from() no longer calls to() when the source value is null. This recipe inserts .always() before terminal mapping methods to preserve the previous behavior.
io.moderne.java.spring.boot4.MigrateHazelcastSpringSession
- Migrate Spring Session Hazelcast to Hazelcast Spring Session
- Spring Boot 4.0 removed direct support for Spring Session Hazelcast. The Hazelcast team now maintains their own Spring Session integration. This recipe changes the dependency from org.springframework.session:spring-session-hazelcast to com.hazelcast.spring:hazelcast-spring-session and updates the package from org.springframework.session.hazelcast to com.hazelcast.spring.session.
io.moderne.java.spring.boot4.MigrateSpringRetry
- Migrate Spring Retry to Spring Resilience
- Handle spring-retry not longer managed by Spring Boot and the possible migration to Spring Core Resilience.
io.moderne.java.spring.boot4.MigrateSpringRetryToSpringFramework7
- Migrate spring-retry to Spring Framework resilience
- Migrate spring-retrys @Retryable and @Backoff annotation to Spring Framework 7 Resilience annotations.
io.moderne.java.spring.boot4.MigrateToModularStarters
- Migrate to Spring Boot 4.0 modular starters
- Remove monolithic starters and adds the necessary Spring Boot 4.0 starter dependencies based on package usage, where any spring-boot-starter was used previously.
io.moderne.java.spring.boot4.ModuleHasMonolithicStarter
- Module has monolithic Spring Boot starter
- Precondition that matches modules with the monolithic Spring Boot starters that need to be migrated to modular starters. Matches the production monolithic spring-boot-starter and spring-boot-starter-classic, but not specific modular starters like spring-boot-starter-test or spring-boot-starter-ldap.
io.moderne.java.spring.boot4.ModuleStarterRelocations
- Spring Boot 4.0 Module Starter Relocations
- Relocate types and packages for Spring Boot 4.0 modular starters.
io.moderne.java.spring.boot4.ModuleUsesFlyway
- Module uses Flyway
- Precondition that marks all files in a module if Flyway usage is detected. Detection is based on having a Flyway dependency, using Flyway types, or having migration files.
io.moderne.java.spring.boot4.ModuleUsesLiquibase
- Module uses Liquibase
- Precondition that marks all files in a module if Liquibase usage is detected. Detection is based on having a Liquibase dependency, using Liquibase types, or having changelog files.
io.moderne.java.spring.boot4.RemoveContentNegotiationFavorPathExtension
- Remove ContentNegotiationConfigurer.favorPathExtension() calls
- Spring Framework 7 removed favorPathExtension() from ContentNegotiationConfigurer. Path extension content negotiation is no longer supported. This recipe removes calls to favorPathExtension().
io.moderne.java.spring.boot4.RemoveGradleUberJarLoaderImplementationConfig
- Remove loaderImplementation from Gradle
- Removes the Spring Boot Uber-Jar loaderImplementation configuration from Gradle build files.
io.moderne.java.spring.boot4.RemoveHttpMessageConvertersAutoConfigurationReferences
- Remove HttpMessageConvertersAutoConfiguration references
- Removes references to the deprecated HttpMessageConvertersAutoConfiguration class which was removed in Spring Boot 4.0. For @AutoConfigureAfter and @AutoConfigureBefore annotations, the reference is removed. For @Import annotations, a TODO comment is added since manual migration may be required.
io.moderne.java.spring.boot4.RemoveSpringPulsarReactive
- Remove Spring Pulsar Reactive support
- Spring Boot 4.0 removed support for Spring Pulsar Reactive as it is no longer maintained. This recipe removes the Spring Pulsar Reactive dependencies.
io.moderne.java.spring.boot4.ReplaceDeprecatedAutoconfigureMongoApi
- Replace deprecated org.springframework.boot.autoconfigure.mongo API
- Replace deprecated org.springframework.boot.autoconfigure.mongo API.
io.moderne.java.spring.boot4.ReplaceDeprecatedDockerApi
- Replace deprecated DockerApi
- Replaces deprecated DockerApi constructors and configuration methods with their modern equivalents.
io.moderne.java.spring.boot4.ReplaceDeprecatedRequestMatcherProvider
- Replace deprecated RequestMatcherProvider with new API
- Replaces the deprecated org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider with org.springframework.boot.security.autoconfigure.actuate.web.servlet.RequestMatcherProvider. The new interface adds an HttpMethod parameter to the getRequestMatcher method.
io.moderne.java.spring.boot4.ReplaceDeprecatedThreadPoolTaskSchedulerBuilderApi
- Replace deprecated ThreadPoolTaskSchedulerBuilder constructor
- Replaces the deprecated 5-argument constructor of ThreadPoolTaskSchedulerBuilder with the builder pattern.
io.moderne.java.spring.boot4.UpgradeSpringBoot_4_0
- Migrate to Spring Boot 4.0 (Moderne Edition)
- Migrate applications to the latest Spring Boot 4.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 4.0.
io.moderne.java.spring.cloud2020.SpringCloudProperties_2020
- Migrate Spring Cloud properties to 2020
- Migrate properties found in application.properties and application.yml.
io.moderne.java.spring.cloud2021.SpringCloudProperties_2021
- Migrate Spring Cloud properties to 2021
- Migrate properties found in application.properties and application.yml.
io.moderne.java.spring.cloud2022.SpringCloudProperties_2022
- Migrate Spring Cloud properties to 2022
- Migrate properties found in application.properties and application.yml.
io.moderne.java.spring.cloud2023.SpringCloudProperties_2023
- Migrate Spring Cloud properties to 2023
- Migrate properties found in application.properties and application.yml.
io.moderne.java.spring.cloud2024.SpringCloudProperties_2024
- Migrate Spring Cloud properties to 2024
- Migrate properties found in application.properties and application.yml.
io.moderne.java.spring.cloud2025.SpringCloudProperties_2025
- Migrate Spring Cloud properties to 2025
- Migrate properties found in application.properties and application.yml.
io.moderne.java.spring.cloud20251.SpringCloudProperties_2025_1
- Migrate Spring Cloud properties to 2025.1
- Migrate properties found in application.properties and application.yml for Spring Cloud 2025.1 (Oakwood). This includes the stubrunner property prefix migration from stubrunner. to spring.cloud.contract.stubrunner..
io.moderne.java.spring.cloud20251.UpgradeSpringCloud_2025_1
- Upgrade to Spring Cloud 2025.1
- Upgrade to Spring Cloud 2025.1 (Oakwood). This release is based on Spring Framework 7 and Spring Boot 4. Each Spring Cloud project has been updated to version 5.0.0.
io.moderne.java.spring.framework.AddSetUseSuffixPatternMatch
- Add setUseSuffixPatternMatch(true) in Spring MVC configuration
- In Spring Framework 5.2.4 and earlier, suffix pattern matching was enabled by default. This meant a controller method mapped to /users would also match /users.json, /users.xml, etc. Spring Framework 5.3 deprecated this behavior and changed the default to false. This recipe adds setUseSuffixPatternMatch(true) to WebMvcConfigurer implementations to preserve the legacy behavior during migration. Note: This only applies to Spring MVC; Spring WebFlux does not support suffix pattern matching.
io.moderne.java.spring.framework.FindDeprecatedPathMatcherUsage
- Find deprecated PathMatcher usage
- In Spring Framework 7.0, PathMatcher and AntPathMatcher are deprecated in favor of PathPatternParser. This recipe finds usages of the deprecated AntPathMatcher class that may require manual migration to PathPatternParser.
io.moderne.java.spring.framework.FlagSuffixPatternMatchUsage
- Flag deprecated suffix pattern matching usage for manual review
- Handles deprecated setUseSuffixPatternMatch() and setUseRegisteredSuffixPatternMatch() calls. When suffix pattern matching is explicitly enabled, adds TODO comments and search markers since there is no automatic migration path. When explicitly disabled, the call is safely removed since false is already the default since Spring Framework 5.3.
io.moderne.java.spring.framework.IsLikelySpringFramework
- Is likely a Spring Framework project
- Marks the project if it's likely a Spring Framework project.
io.moderne.java.spring.framework.JaxRsToSpringWeb
- Convert JAX-RS annotations to Spring Web
- Converts JAX-RS annotations such as @Path, @GET, @POST, etc., to their Spring Web equivalents like @RestController, @RequestMapping, @GetMapping, etc.
io.moderne.java.spring.framework.MigrateDefaultResponseErrorHandler
- Migrate DefaultResponseErrorHandler.handleError method signature
- Migrates overridden handleError(ClientHttpResponse response) methods to the new signature handleError(URI url, HttpMethod method, ClientHttpResponse response) in classes extending DefaultResponseErrorHandler. The old single-argument method was removed in Spring Framework 7.0.
io.moderne.java.spring.framework.MigrateDeprecatedBeanXmlProperties
- Migrate Bean XML properties deprecated in Spring Framework 3.0
- Migrate Bean XML properties that were deprecated in Spring Framework 3.0.
io.moderne.java.spring.framework.MigrateFilterToOncePerRequestFilter
- Migrate Filter to OncePerRequestFilter
- Migrates classes that implement javax.servlet.Filter (or jakarta.servlet.Filter) to extend org.springframework.web.filter.OncePerRequestFilter. This transformation renames doFilter to doFilterInternal, changes parameter types to HTTP variants, removes manual casting, and removes empty init() and destroy() methods.
io.moderne.java.spring.framework.MigrateHandleErrorMethodInvocations
- Migrate handleError method invocations to new signature
- Updates invocations of handleError(ClientHttpResponse) to the new handleError(URI, HttpMethod, ClientHttpResponse) signature introduced in Spring Framework 7.0. In test sources, example values are used. In main sources, null is passed with a TODO comment.
io.moderne.java.spring.framework.MigrateHttpHeadersMultiValueMapMethods
- Migrate HttpHeaders methods removed when MultiValueMap contract was dropped
- Spring Framework 7.0 changed HttpHeaders to no longer implement MultiValueMap. This recipe replaces removed inherited method calls: containsKey() with containsHeader(), keySet() with headerNames(), and entrySet() with headerSet().
io.moderne.java.spring.framework.MigrateTrailingSlashMatch
- Migrate trailing slash matching to explicit routes
- Migrates deprecated setUseTrailingSlashMatch(true) configuration by adding explicit trailing slash routes to controller methods, then removing the deprecated configuration call. This ensures applications that relied on automatic trailing slash matching continue to work after upgrading to Spring Framework 7.0.
io.moderne.java.spring.framework.ModularSpringFrameworkDependencies
- Add Spring Framework modular dependencies
- Adds Spring Framework modular dependencies based on package usage, replacing legacy monolithic org.springframework:spring.
io.moderne.java.spring.framework.NullableSpringWebParameters
- Add @Nullable to optional Spring web parameters
- In Spring Boot 4, JSpecify's @Nullable annotation should be used to indicate that a parameter can be null. This recipe adds @Nullable to parameters annotated with @PathVariable(required = false) or @RequestParam(required = false) and removes the now-redundant required = false attribute.
io.moderne.java.spring.framework.RemoveDeprecatedPathMappingOptions
- Migrate deprecated path mapping options
- Migrates deprecated path mapping configuration options that have been removed in Spring Framework 7.0. For trailing slash matching, this recipe adds explicit dual routes to controller methods before removing the deprecated configuration. For suffix pattern matching, this recipe flags usages for manual review since there is no automatic migration path. Path extension content negotiation options are removed as they should be replaced with query parameter-based negotiation.
io.moderne.java.spring.framework.RemoveEmptyPathMatchConfiguration
- Remove empty path match configuration methods
- Removes empty configurePathMatch (WebMvc) and configurePathMatching (WebFlux) method overrides. These methods may become empty after deprecated path matching options are removed.
io.moderne.java.spring.framework.RemovePathExtensionContentNegotiation
- Remove path extension content negotiation methods
- Remove calls to favorPathExtension() and ignoreUnknownPathExtensions() on ContentNegotiationConfigurer. These methods and the underlying PathExtensionContentNegotiationStrategy were removed in Spring Framework 7.0. Path extension content negotiation was deprecated due to URI handling issues. Use query parameter-based negotiation with favorParameter(true) as an alternative.
io.moderne.java.spring.framework.RemoveSetPathMatcherCall
- Remove deprecated setPathMatcher() calls
- In Spring Framework 7.0, PathMatcher and AntPathMatcher are deprecated in favor of PathPatternParser, which has been the default in Spring MVC since 6.0. This recipe removes calls to setPathMatcher(new AntPathMatcher()) since they are now redundant. The default PathPatternParser provides better performance through pre-parsed patterns.
io.moderne.java.spring.framework.UpgradeSpringFramework_3_0
- Migrate to Spring Framework 3.x
- Migrate applications to the latest Spring Framework 3 release, pulling in additional proprietary Moderne recipes.
io.moderne.java.spring.framework.UpgradeSpringFramework_5_3
- Migrate to Spring Framework 5.3
- Migrate applications to the latest Spring Framework 5.3 release, pulling in additional proprietary Moderne recipes.
io.moderne.java.spring.framework.beansxml.BeansXmlToConfiguration
- Migrate beans.xml to Spring Framework configuration class
- Converts Java/Jakarta EE beans.xml configuration files to Spring Framework @Configuration classes.
io.moderne.java.spring.framework.jsf23.MigrateFacesConfig
- Migrate JSF variable-resolver to el-resolver
- Migrates JSF faces-config.xml from namespaces, tags and values that was deprecated in JSF 1.2 and removed in later versions, to the JSF 2.3 compatible constructs.
io.moderne.java.spring.framework.webxml.FindWelcomeFileConfiguration
- Add landing page controller for welcome file configuration
- Generates a LandingPageController when welcome-file-list is found in web.xml or context-root in jboss-web.xml. When migrating to Spring Framework 5.3+, applications that rely on these server-side landing page configurations need a @Controller with a @RequestMapping for / to avoid 404 errors, as Spring MVC can take over the root mapping. Skips generation if a controller already maps to /.
io.moderne.java.spring.framework.webxml.WebXmlToWebApplicationInitializer
- Migrate web.xml to WebApplicationInitializer
- Migrate web.xml to WebApplicationInitializer for Spring applications. This allows for programmatic configuration of the web application context, replacing the need for XML-based configuration. This recipe only picks up web.xml files located in the src/main/webapp/WEB-INF directory to avoid inference with tests. It creates a WebXmlWebAppInitializer class in src/main/java with respect to submodules if they contain java files. If it finds an existing WebXmlWebAppInitializer, it skips the creation.
io.moderne.java.spring.framework7.AddDynamicDestinationResolverToJmsTemplate
- Explicitly set DynamicDestinationResolver on JmsTemplate
- Spring Framework 7.0 changed the default DestinationResolver for JmsTemplate from DynamicDestinationResolver to SimpleDestinationResolver, which caches Session-resolved Queue and Topic instances. This recipe adds an explicit call to setDestinationResolver(new DynamicDestinationResolver()) to preserve the previous behavior. The caching behavior of SimpleDestinationResolver should be fine for most JMS brokers, so this explicit configuration can be removed once compatibility with the new default is verified.
io.moderne.java.spring.framework7.AddSpringExtensionConfigForNestedTests
- Add @SpringExtensionConfig for nested tests
- Spring Framework 7.0 changed SpringExtension to use test-method scoped ExtensionContext instead of test-class scoped. This can break @Nested test class hierarchies. Adding @SpringExtensionConfig(useTestClassScopedExtensionContext = true) restores the previous behavior.
io.moderne.java.spring.framework7.FindOkHttp3IntegrationUsage
- Find Spring OkHttp3 integration usage
- Spring Framework 7.0 removes OkHttp3 integration classes. This recipe identifies usages of OkHttp3ClientHttpRequestFactory and OkHttp3ClientHttpConnector that need to be replaced. Consider migrating to Java's built-in HttpClient with JdkClientHttpRequestFactory or JdkClientHttpConnector, or to Apache HttpClient 5 with HttpComponentsClientHttpRequestFactory.
io.moderne.java.spring.framework7.FindRemovedAPIs
- Find removed APIs in Spring Framework 7.0
- Finds usages of APIs that were removed in Spring Framework 7.0 and require manual intervention. This includes Theme support, OkHttp3 integration, and servlet view document/feed classes which have no direct automated replacement.
io.moderne.java.spring.framework7.FindServletViewSupportUsage
- Find removed Spring servlet view classes
- Spring Framework 7.0 removes the org.springframework.web.servlet.view.document and org.springframework.web.servlet.view.feed packages. This recipe adds TODO comments to imports of AbstractPdfView, AbstractXlsView, AbstractXlsxView, AbstractXlsxStreamingView, AbstractPdfStampView, AbstractFeedView, AbstractAtomFeedView, and AbstractRssFeedView that need to be replaced with direct usage of the underlying libraries (Apache POI, OpenPDF/iText, ROME) in web handlers.
io.moderne.java.spring.framework7.FindThemeSupportUsage
- Find Spring Theme support usage
- Spring Framework 7.0 removes Theme support entirely. This recipe identifies usages of Theme-related classes like ThemeResolver, ThemeSource, and ThemeChangeInterceptor that need to be removed or replaced with CSS-based alternatives. The Spring team recommends using CSS directly for theming functionality.
io.moderne.java.spring.framework7.MigrateDeprecatedAPIs
- Migrate deprecated APIs removed in Spring Framework 7.0
- Migrates deprecated APIs that were removed in Spring Framework 7.0. This includes ListenableFuture to CompletableFuture migration.
io.moderne.java.spring.framework7.MigrateHttpStatusToRfc9110
- Migrate HttpStatus enum values to RFC 9110 names
- Spring Framework 7.0 aligns HttpStatus enum values with RFC 9110. This recipe replaces deprecated status code constants with their RFC 9110 equivalents: PAYLOAD_TOO_LARGE becomes CONTENT_TOO_LARGE and UNPROCESSABLE_ENTITY becomes UNPROCESSABLE_CONTENT.
io.moderne.java.spring.framework7.MigrateJmsDestinationResolver
- Preserve DynamicDestinationResolver behavior for JmsTemplate
- Spring Framework 7.0 changed the default DestinationResolver for JmsTemplate from DynamicDestinationResolver to SimpleDestinationResolver, which caches Session-resolved Queue and Topic instances. This recipe explicitly configures DynamicDestinationResolver to preserve the pre-7.0 behavior. The caching behavior of SimpleDestinationResolver should be fine for most JMS brokers, so this explicit configuration can be removed once verified.
io.moderne.java.spring.framework7.MigrateListenableFuture
- Migrate ListenableFuture to CompletableFuture
- Spring Framework 6.0 deprecated ListenableFuture in favor of CompletableFuture. Spring Framework 7.0 removes ListenableFuture entirely. This recipe migrates usages of ListenableFuture and its callbacks to use CompletableFuture and BiConsumer instead.
io.moderne.java.spring.framework7.RemoveSpringJcl
- Remove spring-jcl dependency
- The spring-jcl module has been removed in Spring Framework 7.0 in favor of Apache Commons Logging 1.3.0. This recipe removes any explicit dependency on org.springframework:spring-jcl. The change should be transparent for most applications, as spring-jcl was typically a transitive dependency and the logging API calls (org.apache.commons.logging.*) remain unchanged.
io.moderne.java.spring.framework7.RenameMemberCategoryConstants
- Rename MemberCategory field constants for Spring Framework 7.0
- Renames deprecated MemberCategory constants to their new names in Spring Framework 7.0. MemberCategory.PUBLIC_FIELDS is renamed to MemberCategory.INVOKE_PUBLIC_FIELDS and MemberCategory.DECLARED_FIELDS is renamed to MemberCategory.INVOKE_DECLARED_FIELDS. These renames clarify the original intent of these categories and align with the rest of the API.
io.moderne.java.spring.framework7.RenameRequestContextJstlPresent
- Rename RequestContext.jstPresent to JSTL_PRESENT
- Renames the protected static field RequestContext.jstPresent to JSTL_PRESENT in Spring Framework 7.0. This field was renamed as part of a codebase-wide effort to use uppercase for classpath-related static final field names (see https://github.com/spring-projects/spring-framework/issues/35525).
io.moderne.java.spring.framework7.ReplaceJUnit4SpringTestBaseClasses
- Replace JUnit 4 Spring test base classes with JUnit Jupiter annotations
- Replace AbstractJUnit4SpringContextTests and AbstractTransactionalJUnit4SpringContextTests base classes with @ExtendWith(SpringExtension.class) and @Transactional annotations. These base classes are deprecated in Spring Framework 7.0 in favor of the SpringExtension for JUnit Jupiter.
io.moderne.java.spring.framework7.SimplifyReflectionHintRegistration
- Simplify reflection hint registrations for Spring Framework 7.0
- Removes deprecated MemberCategory arguments from registerType() calls on ReflectionHints. In Spring Framework 7.0, registering a reflection hint for a type now implies methods, constructors, and fields introspection. All MemberCategory values except INVOKE_* have been deprecated. This recipe removes those deprecated arguments, simplifying code like hints.reflection().registerType(MyType.class, MemberCategory.DECLARED_FIELDS) to hints.reflection().registerType(MyType.class).
io.moderne.java.spring.framework7.UpdateGraalVmNativeHints
- Update GraalVM native reflection hints for Spring Framework 7.0
- Migrates GraalVM native reflection hints to Spring Framework 7.0 conventions. Spring Framework 7.0 adopts the unified reachability metadata format for GraalVM. This recipe renames deprecated MemberCategory constants and simplifies reflection hint registrations where explicit member categories are no longer needed.
io.moderne.java.spring.framework7.UpgradeSpringFramework_7_0
- Migrate to Spring Framework 7.0
- Migrates applications to Spring Framework 7.0. This recipe applies all necessary changes including API migrations, removed feature detection, and configuration updates.
io.moderne.java.spring.hibernate.MigrateDaoSupportGetSession
- Migrate HibernateDaoSupport#getSession() usage
- Migrate HibernateDaoSupport#getSession() usage to HibernateDaoSupport#getSessionFactory()#getCurrentSession() and annotate the methods with @Transactional.
io.moderne.java.spring.hibernate.MigrateSaveOrUpdateAll
- Migrate HibernateDaoSupport#getHibernateTemplate#saveOrUpdateAll
- Migrate removed HibernateDaoSupport#getHibernateTemplate#.saveOrUpdateAll to an iterative HibernateDaoSupport#getHibernateTemplate#.saveOrUpdate.
io.moderne.java.spring.kafka.consumer.FindKafkaListenerWithoutErrorHandling
- Find @KafkaListener methods without error handling
- Flags @KafkaListener methods that lack proper error handling. Methods should have @RetryableTopic, specify an errorHandler in the annotation, or implement try-catch blocks for error handling.
io.moderne.java.spring.kafka.consumer.FindMissingDltHandler
- Find @RetryableTopic without @DltHandler
- Flags classes that use @RetryableTopic without a corresponding @DltHandler method. A DLT handler should be defined to process messages that have exhausted all retries.
io.moderne.java.spring.kafka.consumer.IsKafkaConsumer
- Is likely a Kafka consumer module
- Marks the project if it's likely a Kafka consumer module.
io.moderne.java.spring.kafka.producer.FindCustomKeyUsage
- Find KafkaTemplate.send() with custom key
- Flags KafkaTemplate.send() calls that use a custom key (3+ arguments). Custom keys should be reviewed to ensure they provide appropriate partition distribution.
io.moderne.java.spring.kafka.producer.IsKafkaProducer
- Is likely a Kafka producer module
- Marks the project if it's likely a Kafka producer module.
io.moderne.java.spring.orm.SpringORM5
- Migrate to Spring ORM to 5
- Migrate applications using Spring ORM Hibernate Support to Hibernate 5 compatible version. This will enable a further migration by the Spring Framework migration past 5.
io.moderne.java.spring.security.MigrateAcegiToSpringSecurity_5_0
- Migrate from Acegi Security 1.0.x to Spring Security 5.0
- Migrates Acegi Security 1.0.x directly to Spring Security 5.0. This recipe handles dependency changes, type renames, XML configuration updates, web.xml filter migration, and adds TODO comments for password encoders that require manual migration.
io.moderne.java.spring.security6.MigrateAntPathRequestMatcher
- Migrate antPathRequestMatcher to pathPatternRequestMatcher
- In Spring Security 6.5, AntPathRequestMatcher is deprecated in favor of PathPatternRequestMatcher. This recipe migrates static method calls and constructor usage to the new pattern.
io.moderne.java.spring.security6.UpgradeSpringSecurity_6_5
- Migrate to Spring Security 6.5
- Migrate applications to the latest Spring Security 6.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
io.moderne.java.spring.security7.MigrateMvcRequestMatcher
- Migrate MvcRequestMatcher to PathPatternRequestMatcher
- In Spring Security 7.0, MvcRequestMatcher which depends on the deprecated HandlerMappingIntrospector is removed in favor of PathPatternRequestMatcher. This recipe migrates constructor and builder usage to the new pattern.
io.moderne.java.spring.security7.MigrateOAuth2AccessTokenResponseClient
- Migrate OAuth2AccessTokenResponseClient from RestOperations to RestClient based implementations
- A new set of OAuth2AccessTokenResponseClient implementations were introduced based on RestClient. This recipe replaces the RestOperations-based implementations which have been deprecated. The RestClient implementations are drop-in replacements for the deprecated implementations.
io.moderne.java.spring.security7.MigrateOAuth2RestOperationsToRestClient
- Migrate OAuth2 token response client from RestOperations to RestClient
- Migrates setRestOperations(RestOperations) calls to setRestClient(RestClient) on the new RestClient-based OAuth2 AccessTokenResponseClient implementations. The RestClient-based implementations introduced in Spring Security 7 use RestClient instead of RestOperations.
io.moderne.java.spring.security7.ModularizeSpringSecurity7
- Spring Security 7 modularization
- Spring Security Core was modularized in version 7, deprecated classes that are still a crucial part of some applications are moved to spring-security-access.

rewrite-sql

org.openrewrite.sql.ChangeFunctionName
- Change a SQL function name
- When migrating between dialects, often one name can be substituted for another. For example, Oracle's NVL function can be replaced with Postgres COALESCE.
org.openrewrite.sql.ConvertDataType
- Convert SQL data type
- When migrating between SQL dialects, data types often need to be converted. For example, Oracle's VARCHAR2 can be replaced with Postgres VARCHAR, or NUMBER with NUMERIC.
org.openrewrite.sql.ConvertOracleDataTypesToPostgres
- Convert Oracle data types to PostgreSQL
- Replaces Oracle-specific data types with PostgreSQL equivalents.
org.openrewrite.sql.ConvertOracleFunctionsToPostgres
- Convert Oracle functions to PostgreSQL
- Replaces Oracle-specific functions with PostgreSQL equivalents.
org.openrewrite.sql.ConvertSqlServerDataTypesToPostgres
- Convert SQL Server data types to PostgreSQL
- Replaces SQL Server-specific data types with PostgreSQL equivalents.
org.openrewrite.sql.ConvertSqlServerFunctionsToPostgres
- Convert SQL Server functions to PostgreSQL
- Replaces SQL Server-specific functions with PostgreSQL equivalents.
org.openrewrite.sql.FindSql
- Find SQL in code and resource files
- Find SQL in code (e.g. in string literals) and in resources like those ending with .sql.
org.openrewrite.sql.FormatSql
- Format SQL in string text blocks
- Checks whether a text block may contain SQL, and if so, formats the text accordingly.
org.openrewrite.sql.MigrateOracleToPostgres
- Migrate Oracle SQL to PostgreSQL
- Converts Oracle-specific SQL syntax and functions to PostgreSQL equivalents.
org.openrewrite.sql.MigrateSqlServerToPostgres
- Migrate SQL Server to PostgreSQL
- Converts Microsoft SQL Server-specific SQL syntax and functions to PostgreSQL equivalents.
org.openrewrite.sql.search.FindFunction
- Find SQL function
- Find SQL functions by name.

rewrite-struts

org.openrewrite.java.struts.MigrateStrutsDtd
- Migrate DTD to a specific Struts version
- Update Struts DTD to reflect the specified version.
org.openrewrite.java.struts.migrate2.MigrateActionClass
- Migrate Struts 1 Action to Struts 2 ActionSupport
- Migrates Struts 1.x Action classes to Struts 2.x ActionSupport, transforming the execute method signature and return statements.
org.openrewrite.java.struts.migrate2.MigrateJspTaglib
- Migrate JSP taglib directives for Struts 2
- Update Struts 1 taglib directives to Struts 2 taglib.
org.openrewrite.java.struts.migrate2.MigrateJspTags
- Migrate Struts 1 JSP tags to Struts 2
- Transforms Struts 1 JSP tags (html:, bean:, logic:) to Struts 2 tags (s:).
org.openrewrite.java.struts.migrate2.MigrateStruts2
- Migrate to Struts 2.x from Struts 1.x
- Comprehensive migration from Struts 1.x to Struts 2.x framework.
org.openrewrite.java.struts.migrate2.MigrateStrutsConfig
- Migrate struts-config.xml to struts.xml
- Transforms Struts 1.x struts-config.xml to Struts 2.x struts.xml format.
org.openrewrite.java.struts.migrate2.MigrateWebXml
- Migrate web.xml from Struts 1 to Struts 2
- Converts Struts 1 ActionServlet configuration to Struts 2 StrutsPrepareAndExecuteFilter.
org.openrewrite.java.struts.migrate6.MigrateAwareInterfaces
- Migrate Struts 2.0 interceptors to action "aware" interfaces
- These types have moved to a new package in Struts 6.0 and their methods have been renamed from set* to with*.
org.openrewrite.java.struts.migrate6.MigrateDateTagFormat
- Migrate Struts date tag format patterns
- Converts SimpleDateFormat patterns in <s:date> tags to DateTimeFormatter-compatible patterns. Struts 6.0 uses DateTimeFormatter instead of SimpleDateFormat, which has different pattern letter meanings.
org.openrewrite.java.struts.migrate6.MigrateDynamicMethodInvocation
- Migrate Dynamic Method Invocation to explicit action mappings
- Identifies Struts configurations using Dynamic Method Invocation (DMI) and marks them for migration, as DMI is disabled by default in Struts 6 for security reasons.
org.openrewrite.java.struts.migrate6.MigrateOpenSymphonyClasses
- Migrate OpenSymphony classes to Struts 6.0
- Migrate classes from com.opensymphony.xwork2 to their replacements in org.apache.struts2.
org.openrewrite.java.struts.migrate6.MigrateStaticOgnlMethodAccess
- Migrate static OGNL method access to action wrapper methods
- Migrates OGNL expressions using static method access (e.g., @com.app.Util@makeCode()) to use action wrapper methods instead. Static method access is disabled by default in Struts 6 for security reasons.
org.openrewrite.java.struts.migrate6.MigrateStruts6
- Migrate to Struts 6.0
- Migrate Struts 2.x to Struts 6.0.
org.openrewrite.java.struts.migrate6.MigrateStruts6Constants
- Migrate to Struts 6.0 constants
- All Xwork constants had been already deprecated, with this version all of them have been removed and Struts constants have been used instead.
org.openrewrite.java.struts.migrate6.MigrateValidatorDtd
- Migrate xwork-validator DTD to 1.0.4
- Update xwork-validator DTD from 1.0.3 to 1.0.4 for Struts 6 compatibility.
org.openrewrite.java.struts.migrate6.RemoveFreemarkerHtmlBuiltin
- Remove deprecated Freemarker ?html built-in
- Removes the deprecated ?html built-in from Freemarker templates. After migrating to Struts 6 with the latest Freemarker (which enables auto-escaping by default), the ?html built-in is no longer needed and should be removed. See the Struts 2.5 to 6.0 migration guide.
org.openrewrite.java.struts.migrate6.UpgradeStruts6Dependencies
- Upgrade Struts 6.0 dependencies
- Upgrade Struts 2.x dependencies to Struts 6.0.
org.openrewrite.java.struts.migrate7.MigrateStruts7
- Migrate to Struts 7.0
- Migrate Struts 6.x to Struts 7.x.
org.openrewrite.java.struts.migrate7.RenameOpenSymphonyToStruts2
- Rename OpenSymphony / XWork classes to Struts 7 packages
- Updates classes moved from com.opensymphony.xwork2.* to their new org.apache.struts2.* packages in Struts 7.
org.openrewrite.java.struts.migrate7.UpdateStruts7Constants
- Align Struts XML constants for Struts 7
- Updates Struts XML constants that were renamed or tightened in Struts 7.
org.openrewrite.java.struts.search.FindStaticOgnlMethodAccess
- Find static OGNL method access
- Find OGNL expressions that use static method access (e.g., @com.app.Util@makeCode()), which is disabled by default in Struts 6 for security reasons. These expressions need to be migrated to use action instance methods instead.
org.openrewrite.java.struts.search.FindStrutsActions
- Find Struts actions
- Find actions and their associated definitions.

rewrite-tapestry

org.openrewrite.tapestry.ChangeTapestryPackages
- Change Tapestry 4 packages to Tapestry 5
- Updates package imports from org.apache.tapestry to org.apache.tapestry5. Only renames packages that have direct equivalents in Tapestry 5.
org.openrewrite.tapestry.ChangeTapestryTypes
- Change Tapestry 4 types to Tapestry 5 equivalents
- Renames Tapestry 4 types that have direct equivalents in Tapestry 5. This handles types from different packages that were reorganized in T5.
org.openrewrite.tapestry.ConvertAnnotatedMethodToField
- Convert annotated abstract method to field
- Converts abstract getter methods annotated with sourceAnnotation to private fields annotated with targetAnnotation. Also removes corresponding abstract setter methods.
org.openrewrite.tapestry.ConvertBeanAnnotation
- Convert Tapestry 4 @Bean to @Property
- Converts Tapestry 4's @Bean annotation to @Property fields. Bean initialization with 'initializer' attribute requires manual migration.
org.openrewrite.tapestry.ConvertListenerInterfaces
- Convert Tapestry 4 listener interfaces to Tapestry 5 annotations
- Converts Tapestry 4 page lifecycle listener interfaces (PageBeginRenderListener, PageEndRenderListener, etc.) to Tapestry 5 lifecycle annotations (@SetupRender, @CleanupRender, etc.) and removes the interface implementations.
org.openrewrite.tapestry.MigrateTapestry4To5
- Migrate Tapestry 4 to Tapestry 5
- Migrates Apache Tapestry 4 applications to Tapestry 5. This includes package renames, removing base class inheritance, converting listener interfaces to annotations, and updating dependencies.
org.openrewrite.tapestry.RemoveIRequestCycleParameter
- Remove IRequestCycle parameters
- Removes IRequestCycle parameters from methods. In Tapestry 5, event handler methods don't receive the request cycle as a parameter.
org.openrewrite.tapestry.RemoveObsoleteFormTypes
- Remove obsolete Tapestry form types
- Removes field declarations and imports for Tapestry 4 form component types (IPropertySelectionModel, StringPropertySelectionModel, etc.) that don't exist in Tapestry 5. Code using these types will need manual refactoring to use Tapestry 5's SelectModel pattern.
org.openrewrite.tapestry.RemoveTapestryBaseClasses
- Remove Tapestry 4 base classes
- Removes Tapestry 4 base class inheritance (BasePage, BaseComponent, AbstractComponent) and converts the class to a POJO suitable for Tapestry 5. Abstract getter/setter methods are converted to fields with @Property annotation.
org.openrewrite.tapestry.ReplaceReverseComparator
- Replace ReverseComparator with Collections.reverseOrder()
- Replaces tapestry-contrib's ReverseComparator with the standard Java Collections.reverseOrder() method.
org.openrewrite.tapestry.UpdateTapestryDependencies
- Update Tapestry dependencies
- Updates dependencies from Tapestry 4 to Tapestry 5.

rewrite-terraform

org.openrewrite.terraform.AddConfiguration
- Add Terraform configuration
- If the configuration has a different value, leave it alone. If it is missing, add it.
org.openrewrite.terraform.ChangeResourceAttribute
- Change Terraform resource attribute
- Change the value of a Terraform resource attribute if it matches a given pattern.
org.openrewrite.terraform.MoveProviderVersionToRequiredProviders
- Move provider version to required_providers
- In Terraform 0.13+, version constraints should be specified in the terraform \{ required_providers \{ ... \} \} block instead of the provider block. This recipe removes the version attribute from provider blocks and adds it to required_providers.
org.openrewrite.terraform.SecureRandom
- Use a long enough byte length for random resources
- Use a long enough byte length for random resources.
org.openrewrite.terraform.UpgradeTerraformTo0_14
- Upgrade Terraform to 0.14
- Migrate Terraform configuration from 0.13 to 0.14. Moves version constraints from provider blocks to terraform \{ required_providers \{ ... \} \}.
org.openrewrite.terraform.aws.AWSBestPractices
- Best practices for AWS
- Securely operate on Amazon Web Services.
org.openrewrite.terraform.aws.DisableInstanceMetadataServiceV1
- Disable Instance Metadata Service version 1
- As a request/response method IMDSv1 is prone to local misconfigurations.
org.openrewrite.terraform.aws.EnableApiGatewayCaching
- Enable API gateway caching
- Enable caching for all methods of API Gateway.
org.openrewrite.terraform.aws.EnableDynamoDbPITR
- Enable point-in-time recovery for DynamoDB
- DynamoDB Point-In-Time Recovery (PITR) is an automatic backup service for DynamoDB table data that helps protect your DynamoDB tables from accidental write or delete operations.
org.openrewrite.terraform.aws.EnableECRScanOnPush
- Scan images pushed to ECR
- ECR Image Scanning assesses and identifies operating system vulnerabilities. Using automated image scans you can ensure container image vulnerabilities are found before getting pushed to production.
org.openrewrite.terraform.aws.EncryptAuroraClusters
- Encrypt Aurora clusters
- Native Aurora encryption helps protect your cloud applications and fulfils compliance requirements for data-at-rest encryption.
org.openrewrite.terraform.aws.EncryptCodeBuild
- Encrypt CodeBuild projects
- Build artifacts, such as a cache, logs, exported raw test report data files, and build results, are encrypted by default using CMKs for Amazon S3 that are managed by the AWS Key Management Service.
org.openrewrite.terraform.aws.EncryptDAXStorage
- Encrypt DAX storage at rest
- DAX encryption at rest automatically integrates with AWS KMS for managing the single service default key used to encrypt clusters.
org.openrewrite.terraform.aws.EncryptDocumentDB
- Encrypt DocumentDB storage
- The encryption feature available for Amazon DocumentDB clusters provides an additional layer of data protection by helping secure your data against unauthorized access to the underlying storage.
org.openrewrite.terraform.aws.EncryptEBSSnapshots
- Encrypt EBS snapshots
- EBS snapshots should be encrypted, as they often include sensitive information, customer PII or CPNI.
org.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration
- Encrypt EBS volume launch configurations
- EBS volumes allow you to create encrypted launch configurations when creating EC2 instances and auto scaling. When the entire EBS volume is encrypted, data stored at rest on the volume, disk I/O, snapshots created from the volume, and data in-transit between EBS and EC2 are all encrypted.
org.openrewrite.terraform.aws.EncryptEBSVolumes
- Encrypt EBS volumes
- Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
org.openrewrite.terraform.aws.EncryptEFSVolumesInECSTaskDefinitionsInTransit
- Encrypt EFS Volumes in ECS Task Definitions in transit
- Enable attached EFS definitions in ECS tasks to use encryption in transit.
org.openrewrite.terraform.aws.EncryptElastiCacheRedisAtRest
- Encrypt ElastiCache Redis at rest
- ElastiCache for Redis offers default encryption at rest as a service.
org.openrewrite.terraform.aws.EncryptElastiCacheRedisInTransit
- Encrypt ElastiCache Redis in transit
- ElastiCache for Redis offers optional encryption in transit. In-transit encryption provides an additional layer of data protection when transferring data over standard HTTPS protocol.
org.openrewrite.terraform.aws.EncryptNeptuneStorage
- Encrypt Neptune storage
- Encryption of Neptune storage protects data and metadata against unauthorized access.
org.openrewrite.terraform.aws.EncryptRDSClusters
- Encrypt RDS clusters
- Native RDS encryption helps protect your cloud applications and fulfils compliance requirements for data-at-rest encryption.
org.openrewrite.terraform.aws.EncryptRedshift
- Encrypt Redshift storage at rest
- Redshift clusters should be securely encrypted at rest.
org.openrewrite.terraform.aws.EnsureAWSCMKRotationIsEnabled
- Ensure AWS CMK rotation is enabled
- Ensure AWS CMK rotation is enabled.
org.openrewrite.terraform.aws.EnsureAWSEFSWithEncryptionForDataAtRestIsEnabled
- Ensure AWS EFS with encryption for data at rest is enabled
- Ensure AWS EFS with encryption for data at rest is enabled.
org.openrewrite.terraform.aws.EnsureAWSEKSClusterEndpointAccessIsPubliclyDisabled
- Ensure AWS EKS cluster endpoint access is publicly disabled
- Ensure AWS EKS cluster endpoint access is publicly disabled.
org.openrewrite.terraform.aws.EnsureAWSElasticsearchDomainEncryptionForDataAtRestIsEnabled
- Ensure AWS Elasticsearch domain encryption for data at rest is enabled
- Ensure AWS Elasticsearch domain encryption for data at rest is enabled.
org.openrewrite.terraform.aws.EnsureAWSElasticsearchDomainsHaveEnforceHTTPSEnabled
- Ensure AWS Elasticsearch domains have EnforceHTTPS enabled
- Ensure AWS Elasticsearch domains have EnforceHTTPS enabled.
org.openrewrite.terraform.aws.EnsureAWSElasticsearchHasNodeToNodeEncryptionEnabled
- Ensure AWS Elasticsearch has node-to-node encryption enabled
- Ensure AWS Elasticsearch has node-to-node encryption enabled.
org.openrewrite.terraform.aws.EnsureAWSIAMPasswordPolicyHasAMinimumOf14Characters
- Ensure AWS IAM password policy has a minimum of 14 characters
- Ensure AWS IAM password policy has a minimum of 14 characters.
org.openrewrite.terraform.aws.EnsureAWSLambdaFunctionIsConfiguredForFunctionLevelConcurrentExecutionLimit
- Ensure AWS Lambda function is configured for function-level concurrent execution limit
- Ensure AWS Lambda function is configured for function-level concurrent execution limit.
org.openrewrite.terraform.aws.EnsureAWSLambdaFunctionsHaveTracingEnabled
- Ensure AWS Lambda functions have tracing enabled
- Ensure AWS Lambda functions have tracing enabled.
org.openrewrite.terraform.aws.EnsureAWSRDSDatabaseInstanceIsNotPubliclyAccessible
- Ensure AWS RDS database instance is not publicly accessible
- Ensure AWS RDS database instance is not publicly accessible.
org.openrewrite.terraform.aws.EnsureAWSS3ObjectVersioningIsEnabled
- Ensure AWS S3 object versioning is enabled
- Ensure AWS S3 object versioning is enabled.
org.openrewrite.terraform.aws.EnsureAmazonEKSControlPlaneLoggingEnabledForAllLogTypes
- Ensure Amazon EKS control plane logging enabled for all log types
- Ensure Amazon EKS control plane logging enabled for all log types.
org.openrewrite.terraform.aws.EnsureCloudTrailLogFileValidationIsEnabled
- Ensure CloudTrail log file validation is enabled
- Ensure CloudTrail log file validation is enabled.
org.openrewrite.terraform.aws.EnsureDataStoredInAnS3BucketIsSecurelyEncryptedAtRest
- Ensure data stored in an S3 bucket is securely encrypted at rest
- Ensure data stored in an S3 bucket is securely encrypted at rest.
org.openrewrite.terraform.aws.EnsureDetailedMonitoringForEC2InstancesIsEnabled
- Ensure detailed monitoring for EC2 instances is enabled
- Ensure detailed monitoring for EC2 instances is enabled.
org.openrewrite.terraform.aws.EnsureEC2IsEBSOptimized
- Ensure EC2 is EBS optimized
- Ensure EC2 is EBS optimized.
org.openrewrite.terraform.aws.EnsureECRRepositoriesAreEncrypted
- Ensure ECR repositories are encrypted
- Ensure ECR repositories are encrypted.
org.openrewrite.terraform.aws.EnsureEnhancedMonitoringForAmazonRDSInstancesIsEnabled
- Ensure enhanced monitoring for Amazon RDS instances is enabled
- Ensure enhanced monitoring for Amazon RDS instances is enabled.
org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyExpiresPasswordsWithin90DaysOrLess
- Ensure IAM password policy expires passwords within 90 days or less
- Ensure IAM password policy expires passwords within 90 days or less.
org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyPreventsPasswordReuse
- Ensure IAM password policy prevents password reuse
- Ensure IAM password policy prevents password reuse.
org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneLowercaseLetter
- Ensure IAM password policy requires at least one lowercase letter
- Ensure IAM password policy requires at least one lowercase letter.
org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneNumber
- Ensure IAM password policy requires at least one number
- Ensure IAM password policy requires at least one number.
org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneSymbol
- Ensure IAM password policy requires at least one symbol
- Ensure IAM password policy requires at least one symbol.
org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneUppercaseLetter
- Ensure IAM password policy requires at least one uppercase letter
- Ensure IAM password policy requires at least one uppercase letter.
org.openrewrite.terraform.aws.EnsureKinesisStreamIsSecurelyEncrypted
- Ensure Kinesis Stream is securely encrypted
- Ensure Kinesis Stream is securely encrypted.
org.openrewrite.terraform.aws.EnsureRDSDatabaseHasIAMAuthenticationEnabled
- Ensure RDS database has IAM authentication enabled
- Ensure RDS database has IAM authentication enabled.
org.openrewrite.terraform.aws.EnsureRDSInstancesHaveMultiAZEnabled
- Ensure RDS instances have Multi-AZ enabled
- Ensure RDS instances have Multi-AZ enabled.
org.openrewrite.terraform.aws.EnsureRespectiveLogsOfAmazonRDSAreEnabled
- Ensure respective logs of Amazon RDS are enabled
- Ensure respective logs of Amazon RDS are enabled.
org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled
- Ensure the S3 bucket has access logging enabled
- Ensure the S3 bucket has access logging enabled.
org.openrewrite.terraform.aws.EnsureVPCSubnetsDoNotAssignPublicIPByDefault
- Ensure VPC subnets do not assign public IP by default
- Ensure VPC subnets do not assign public IP by default.
org.openrewrite.terraform.aws.ImmutableECRTags
- Make ECR tags immutable
- Amazon ECR supports immutable tags, preventing image tags from being overwritten. In the past, ECR tags could have been overwritten, this could be overcome by requiring users to uniquely identify an image using a naming convention.
org.openrewrite.terraform.aws.UpgradeAwsAuroraMySqlToV3
- Upgrade AWS Aurora MySQL to version 3 (MySQL 8.0)
- Upgrade engine_version to Aurora MySQL version 3 (MySQL 8.0 compatible) on aws_rds_cluster resources and set allow_major_version_upgrade = true to permit the major version change.
org.openrewrite.terraform.aws.UpgradeAwsAuroraPostgresToV17
- Upgrade AWS Aurora PostgreSQL to 17
- Upgrade engine_version to Aurora PostgreSQL 17 on aws_rds_cluster resources and set allow_major_version_upgrade = true to permit the major version change.
org.openrewrite.terraform.aws.UpgradeAwsRdsMySqlToV8_4
- Upgrade AWS RDS MySQL to 8.4
- Upgrade engine_version to MySQL 8.4 on aws_db_instance resources and set allow_major_version_upgrade = true to permit the major version change.
org.openrewrite.terraform.aws.UpgradeAwsRdsPostgresToV17
- Upgrade AWS RDS PostgreSQL to 17
- Upgrade engine_version to PostgreSQL 17 on aws_db_instance resources and set allow_major_version_upgrade = true to permit the major version change.
org.openrewrite.terraform.aws.UseHttpsForCloudfrontDistribution
- Use HTTPS for Cloudfront distribution
- Secure communication by default.
org.openrewrite.terraform.azure.AzureBestPractices
- Best practices for Azure
- Securely operate on Microsoft Azure.
org.openrewrite.terraform.azure.DisableKubernetesDashboard
- Disable Kubernetes dashboard
- Disabling the dashboard eliminates it as an attack vector. The dashboard add-on is disabled by default for all new clusters created on Kubernetes 1.18 or greater.
org.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess
- Enable Azure Storage Account Trusted Microsoft Services access
- Certain Microsoft services that interact with storage accounts operate from networks that cannot be granted access through network rules. Using this configuration, you can allow the set of trusted Microsoft services to bypass those network rules.
org.openrewrite.terraform.azure.EnableAzureStorageSecureTransferRequired
- Enable Azure Storage secure transfer required
- Microsoft recommends requiring secure transfer for all storage accounts.
org.openrewrite.terraform.azure.EnableGeoRedundantBackupsOnPostgreSQLServer
- Enable geo-redundant backups on PostgreSQL server
- Ensure PostgreSQL server enables geo-redundant backups.
org.openrewrite.terraform.azure.EncryptAzureVMDataDiskWithADECMK
- Encrypt Azure VM data disk with ADE/CMK
- Ensure Azure VM data disk is encrypted with ADE/CMK.
org.openrewrite.terraform.azure.EnsureAKSPoliciesAddOn
- Ensure AKS policies add-on
- Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.
org.openrewrite.terraform.azure.EnsureAKVSecretsHaveAnExpirationDateSet
- Ensure AKV secrets have an expiration date set
- Ensure AKV secrets have an expiration date set.
org.openrewrite.terraform.azure.EnsureASecurityContactPhoneNumberIsPresent
- Ensure a security contact phone number is present
- Ensure a security contact phone number is present.
org.openrewrite.terraform.azure.EnsureActivityLogRetentionIsSetTo365DaysOrGreater
- Ensure activity log retention is set to 365 days or greater
- Ensure activity log retention is set to 365 days or greater.
org.openrewrite.terraform.azure.EnsureAllKeysHaveAnExpirationDate
- Ensure all keys have an expiration date
- Ensure all keys have an expiration date.
org.openrewrite.terraform.azure.EnsureAppServiceEnablesDetailedErrorMessages
- Ensure app service enables detailed error messages
- Ensure app service enables detailed error messages.
org.openrewrite.terraform.azure.EnsureAppServiceEnablesFailedRequestTracing
- Ensure app service enables failed request tracing
- Ensure app service enables failed request tracing.
org.openrewrite.terraform.azure.EnsureAppServiceEnablesHTTPLogging
- Ensure app service enables HTTP logging
- Ensure app service enables HTTP logging.
org.openrewrite.terraform.azure.EnsureAppServicesUseAzureFiles
- Ensure app services use Azure files
- Ensure app services use Azure files.
org.openrewrite.terraform.azure.EnsureAzureAppServiceWebAppRedirectsHTTPToHTTPS
- Ensure Azure App Service Web app redirects HTTP to HTTPS
- Ensure Azure App Service Web app redirects HTTP to HTTPS.
org.openrewrite.terraform.azure.EnsureAzureApplicationGatewayHasWAFEnabled
- Ensure Azure application gateway has WAF enabled
- Ensure Azure application gateway has WAF enabled.
org.openrewrite.terraform.azure.EnsureAzureKeyVaultIsRecoverable
- Ensure Azure key vault is recoverable
- Ensure Azure key vault is recoverable.
org.openrewrite.terraform.azure.EnsureAzureNetworkWatcherNSGFlowLogsRetentionIsGreaterThan90Days
- Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days
- Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days.
org.openrewrite.terraform.azure.EnsureAzurePostgreSQLDatabaseServerWithSSLConnectionIsEnabled
- Ensure Azure PostgreSQL database server with SSL connection is enabled
- Ensure Azure PostgreSQL database server with SSL connection is enabled.
org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
- Ensure Azure SQL server audit log retention is greater than 90 days
- Ensure Azure SQL server audit log retention is greater than 90 days.
org.openrewrite.terraform.azure.EnsureAzureSQLServerSendAlertsToFieldValueIsSet
- Ensure Azure SQL server send alerts to field value is set
- Ensure Azure SQL server send alerts to field value is set.
org.openrewrite.terraform.azure.EnsureAzureSQLServerThreatDetectionAlertsAreEnabledForAllThreatTypes
- Ensure Azure SQL Server threat detection alerts are enabled for all threat types
- Ensure Azure SQL Server threat detection alerts are enabled for all threat types.
org.openrewrite.terraform.azure.EnsureFTPDeploymentsAreDisabled
- Ensure FTP Deployments are disabled
- Ensure FTP Deployments are disabled.
org.openrewrite.terraform.azure.EnsureKeyVaultAllowsFirewallRulesSettings
- Ensure key vault allows firewall rules settings
- Ensure key vault allows firewall rules settings.
org.openrewrite.terraform.azure.EnsureKeyVaultEnablesPurgeProtection
- Ensure key vault enables purge protection
- Ensure key vault enables purge protection.
org.openrewrite.terraform.azure.EnsureKeyVaultKeyIsBackedByHSM
- Ensure key vault key is backed by HSM
- Ensure key vault key is backed by HSM.
org.openrewrite.terraform.azure.EnsureKeyVaultSecretsHaveContentTypeSet
- Ensure key vault secrets have content_type set
- Ensure key vault secrets have content_type set.
org.openrewrite.terraform.azure.EnsureLogProfileIsConfiguredToCaptureAllActivities
- Ensure log profile is configured to capture all activities
- Ensure log profile is configured to capture all activities.
org.openrewrite.terraform.azure.EnsureMSSQLServersHaveEmailServiceAndCoAdministratorsEnabled
- Ensure MSSQL servers have email service and co-administrators enabled
- Ensure MSSQL servers have email service and co-administrators enabled.
org.openrewrite.terraform.azure.EnsureManagedIdentityProviderIsEnabledForAppServices
- Ensure managed identity provider is enabled for app services
- Ensure managed identity provider is enabled for app services.
org.openrewrite.terraform.azure.EnsureMySQLIsUsingTheLatestVersionOfTLSEncryption
- Ensure MySQL is using the latest version of TLS encryption
- Ensure MySQL is using the latest version of TLS encryption.
org.openrewrite.terraform.azure.EnsureMySQLServerDatabasesHaveEnforceSSLConnectionEnabled
- Ensure MySQL server databases have Enforce SSL connection enabled
- Ensure MySQL server databases have Enforce SSL connection enabled.
org.openrewrite.terraform.azure.EnsureMySQLServerDisablesPublicNetworkAccess
- Ensure MySQL server disables public network access
- Ensure MySQL server disables public network access.
org.openrewrite.terraform.azure.EnsureMySQLServerEnablesGeoRedundantBackups
- Ensure MySQL server enables geo-redundant backups
- Ensure MySQL server enables geo-redundant backups.
org.openrewrite.terraform.azure.EnsureMySQLServerEnablesThreatDetectionPolicy
- Ensure MySQL server enables Threat Detection policy
- Ensure MySQL server enables Threat Detection policy.
org.openrewrite.terraform.azure.EnsurePostgreSQLServerDisablesPublicNetworkAccess
- Ensure PostgreSQL server disables public network access
- Ensure PostgreSQL server disables public network access.
org.openrewrite.terraform.azure.EnsurePostgreSQLServerEnablesInfrastructureEncryption
- Ensure PostgreSQL server enables infrastructure encryption
- Ensure PostgreSQL server enables infrastructure encryption.
org.openrewrite.terraform.azure.EnsurePostgreSQLServerEnablesThreatDetectionPolicy
- Ensure PostgreSQL server enables Threat Detection policy
- Ensure PostgreSQL server enables Threat Detection policy.
org.openrewrite.terraform.azure.EnsurePublicNetworkAccessEnabledIsSetToFalseForMySQLServers
- Ensure public network access enabled is set to False for mySQL servers
- Ensure public network access enabled is set to False for mySQL servers.
org.openrewrite.terraform.azure.EnsureSendEmailNotificationForHighSeverityAlertsIsEnabled
- Ensure Send email notification for high severity alerts is enabled
- Ensure Send email notification for high severity alerts is enabled.
org.openrewrite.terraform.azure.EnsureSendEmailNotificationForHighSeverityAlertsToAdminsIsEnabled
- Ensure Send email notification for high severity alerts to admins is enabled
- Ensure Send email notification for high severity alerts to admins is enabled.
org.openrewrite.terraform.azure.EnsureStandardPricingTierIsSelected
- Ensure standard pricing tier is selected
- Ensure standard pricing tier is selected.
org.openrewrite.terraform.azure.EnsureStorageAccountUsesLatestTLSVersion
- Ensure storage account uses latest TLS version
- Communication between an Azure Storage account and a client application is encrypted using Transport Layer Security (TLS). Microsoft recommends using the latest version of TLS for all your Microsoft Azure App Service web applications.
org.openrewrite.terraform.azure.EnsureTheStorageContainerStoringActivityLogsIsNotPubliclyAccessible
- Ensure the storage container storing activity logs is not publicly accessible
- Ensure the storage container storing activity logs is not publicly accessible.
org.openrewrite.terraform.azure.EnsureWebAppHasIncomingClientCertificatesEnabled
- Ensure Web App has incoming client certificates enabled
- Ensure Web App has incoming client certificates enabled.
org.openrewrite.terraform.azure.EnsureWebAppUsesTheLatestVersionOfHTTP
- Ensure Web App uses the latest version of HTTP
- Ensure Web App uses the latest version of HTTP.
org.openrewrite.terraform.azure.EnsureWebAppUsesTheLatestVersionOfTLSEncryption
- Ensure Web App uses the latest version of TLS encryption
- Ensure Web App uses the latest version of TLS encryption.
org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny
- Set Azure Storage Account default network access to deny
- Ensure Azure Storage Account default network access is set to Deny.
org.openrewrite.terraform.gcp.EnablePodSecurityPolicyControllerOnGKEClusters
- Enable PodSecurityPolicy controller on Google Kubernetes Engine (GKE) clusters
- Ensure PodSecurityPolicy controller is enabled on Google Kubernetes Engine (GKE) clusters.
org.openrewrite.terraform.gcp.EnableVPCFlowLogsAndIntranodeVisibility
- Enable VPC flow logs and intranode visibility
- Enable VPC flow logs and intranode visibility.
org.openrewrite.terraform.gcp.EnableVPCFlowLogsForSubnetworks
- Enable VPC Flow Logs for subnetworks
- Ensure GCP VPC flow logs for subnets are enabled. Flow Logs capture information on IP traffic moving through network interfaces. This information can be used to monitor anomalous traffic and provide security insights.
org.openrewrite.terraform.gcp.EnsureBinaryAuthorizationIsUsed
- Ensure binary authorization is used
- Ensure binary authorization is used.
org.openrewrite.terraform.gcp.EnsureComputeInstancesLaunchWithShieldedVMEnabled
- Ensure compute instances launch with shielded VM enabled
- Ensure compute instances launch with shielded VM enabled.
org.openrewrite.terraform.gcp.EnsureGCPCloudStorageBucketWithUniformBucketLevelAccessAreEnabled
- Ensure GCP cloud storage bucket with uniform bucket-level access are enabled
- Ensure GCP cloud storage bucket with uniform bucket-level access are enabled.
org.openrewrite.terraform.gcp.EnsureGCPKubernetesClusterNodeAutoRepairConfigurationIsEnabled
- Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
- Ensure GCP Kubernetes cluster node auto-repair configuration is enabled.
org.openrewrite.terraform.gcp.EnsureGCPKubernetesEngineClustersHaveLegacyComputeEngineMetadataEndpointsDisabled
- Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
- Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled.
org.openrewrite.terraform.gcp.EnsureGCPVMInstancesHaveBlockProjectWideSSHKeysFeatureEnabled
- Ensure GCP VM instances have block project-wide SSH keys feature enabled
- Ensure GCP VM instances have block project-wide SSH keys feature enabled.
org.openrewrite.terraform.gcp.EnsureIPForwardingOnInstancesIsDisabled
- Ensure IP forwarding on instances is disabled
- Ensure IP forwarding on instances is disabled.
org.openrewrite.terraform.gcp.EnsurePrivateClusterIsEnabledWhenCreatingKubernetesClusters
- Ensure private cluster is enabled when creating Kubernetes clusters
- Ensure private cluster is enabled when creating Kubernetes clusters.
org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled
- Ensure secure boot for shielded GKE nodes is enabled
- Ensure secure boot for shielded GKE nodes is enabled.
org.openrewrite.terraform.gcp.EnsureShieldedGKENodesAreEnabled
- Ensure shielded GKE nodes are enabled
- Ensure shielded GKE nodes are enabled.
org.openrewrite.terraform.gcp.EnsureTheGKEMetadataServerIsEnabled
- Ensure the GKE metadata server is enabled
- Ensure the GKE metadata server is enabled.
org.openrewrite.terraform.gcp.GCPBestPractices
- Best practices for GCP
- Securely operate on Google Cloud Platform.
org.openrewrite.terraform.search.FindRequiredProvider
- Find required providers
- Find required_providers blocks in Terraform configuration files. Produces a data table of the provider names and their versions.
org.openrewrite.terraform.search.FindResource
- Find Terraform resource
- Find a Terraform resource by resource type.
org.openrewrite.terraform.terraform012.RemoveInterpolationOnlyExpressions
- Remove interpolation-only expressions
- Remove unnecessary interpolation expressions like "$\{var.foo\}" in favor of first-class expression syntax var.foo, as supported in Terraform 0.12+.
org.openrewrite.terraform.terraform012.ReplaceDeprecatedCollectionFunctions
- Replace deprecated list() and map() functions
- In Terraform 0.12+, the list() function is replaced by [...] tuple syntax and the map() function is replaced by \{...\} object syntax.
org.openrewrite.terraform.terraform012.UnquoteTypeConstraints
- Unquote variable type constraints
- In Terraform 0.12+, variable type constraints should be bare types instead of quoted strings. For example, type = "string" becomes type = string.
org.openrewrite.terraform.terraform012.UpgradeTerraformTo0_12
- Upgrade Terraform to 0.12
- Migrate Terraform configuration from 0.11 (HCL1) to 0.12 (HCL2) syntax. Removes interpolation-only expressions, unquotes type constraints, replaces deprecated collection functions, and fixes legacy index syntax.
org.openrewrite.terraform.terraform013.UpgradeRequiredProvidersSyntax
- Upgrade required_providers to object syntax
- In Terraform 0.13+, required_providers entries should use the object syntax with explicit source and version attributes instead of a plain version string. For example, aws = "~> 3.0" becomes aws = \{ source = "hashicorp/aws", version = "~> 3.0" \}.
org.openrewrite.terraform.terraform013.UpgradeTerraformTo0_13
- Upgrade Terraform to 0.13
- Migrate Terraform configuration from 0.12 to 0.13 syntax. Upgrades required_providers entries from shorthand version strings to the object syntax with explicit source and version attributes.
org.openrewrite.terraform.terraform015.FindRemovedProvisioners
- Find removed provisioners
- Find usage of provisioners that were removed in Terraform 0.15: chef, habitat, puppet, and salt-masterless.
org.openrewrite.terraform.terraform015.UpgradeTerraformTo0_15
- Upgrade Terraform to 0.15
- Migrate Terraform configuration from 0.14 to 0.15. Finds usage of provisioners that were removed in Terraform 0.15: chef, habitat, puppet, and salt-masterless.

rewrite-vulncheck

io.moderne.vulncheck.FixVulnCheckVulnerabilities
- Use VulnCheck Exploit Intelligence to fix vulnerabilities
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.

rewrite-ai​

rewrite-ai-search​

rewrite-android​

rewrite-angular​

rewrite-azul​

rewrite-circleci​

rewrite-codemods-ng​

rewrite-compiled-analysis​

rewrite-concourse​

rewrite-cryptography​

rewrite-dotnet​

rewrite-elastic​

rewrite-hibernate​

rewrite-jasperreports​

rewrite-java-application-server​

rewrite-java-security​

rewrite-kafka​

rewrite-kubernetes​

rewrite-migrate-python​

rewrite-nodejs​

rewrite-prethink​

rewrite-program-analysis​

rewrite-python​

rewrite-react​

rewrite-reactive-streams​

rewrite-spring​

rewrite-sql​

rewrite-struts​

rewrite-tapestry​

rewrite-terraform​

rewrite-vulncheck​