Skip to main content

Standalone Recipes

This doc contains recipes that are not included as part of any larger composite recipe. These recipes can be run independently and are not bundled with other recipes.

Total standalone recipes: 1687

other

rewrite-all

  • org.openrewrite.FindCallGraph
    • Find call graph
    • Produces a data table where each row represents a method call.
  • org.openrewrite.FindDuplicateSourceFiles
    • Find duplicate source files
    • Record the presence of LSTs with duplicate paths, indicating that the same file was parsed more than once.
  • org.openrewrite.LanguageComposition
    • Language composition report
    • Counts the number of lines of the various kinds of source code and data formats parsed by OpenRewrite. Comments are not included in line counts. This recipe emits its results as two data tables, making no changes to any source file. One data table is per-file, the other is per-repository.

rewrite-analysis

rewrite-angular

rewrite-apache

rewrite-azul

rewrite-circleci

rewrite-codemods

rewrite-compiled-analysis

rewrite-concourse

rewrite-core

  • org.openrewrite.AddToGitignore
    • Add entries to .gitignore
    • Adds entries to the project's .gitignore file. If no .gitignore file exists, one will be created. Existing entries that match will not be duplicated.
  • org.openrewrite.DeleteSourceFiles
    • Delete files
    • Delete files by source path.
  • org.openrewrite.ExcludeFileFromGitignore
    • Remove ignoral of files or directories from .gitignore
    • This recipe will remove a file or directory from the .gitignore file. If the file or directory is already in the .gitignore file, it will be removed or negated. If the file or directory is not in the .gitignore file, no action will be taken.
  • org.openrewrite.FindCollidingSourceFiles
    • Find colliding source files
    • Finds source files which share a path with another source file. There should always be exactly one source file per path within a repository. This is a diagnostic for finding problems in OpenRewrite parsers/build plugins.
  • org.openrewrite.FindDeserializationErrors
    • Find deserialization errors
    • Produces a data table collecting all deserialization errors of serialized LSTs.
  • org.openrewrite.FindGitProvenance
    • Show Git source control metadata
    • List out the contents of each unique GitProvenance marker in the set of source files. When everything is working correctly, exactly one such marker should be printed as all source files are expected to come from the same repository / branch / commit hash.
  • org.openrewrite.FindLstProvenance
    • Find LST provenance
    • Produces a data table showing what versions of OpenRewrite/Moderne tooling was used to produce a given LST.
  • org.openrewrite.FindParseFailures
    • Find source files with ParseExceptionResult markers
    • This recipe explores parse failures after an LST is produced for classifying the types of failures that can occur and prioritizing fixes according to the most common problems.
  • org.openrewrite.FindQuarks
    • Find instances of type Quark
    • Quark source files are pointers to the existence of a file without capturing any of the contents of the file.
  • org.openrewrite.IsInRepository
    • Is in repository
    • A search recipe which marks files that are in a repository with one of the supplied names. Intended for use as a precondition for other recipes being run over many different repositories.
  • org.openrewrite.ListRuntimeClasspath
    • List runtime classpath
    • A diagnostic utility which emits the runtime classpath to a data table.
  • org.openrewrite.MoveFile
    • Move a file
    • Move a file to a different directory. The file name will remain the same.
  • org.openrewrite.SetFilePermissions
    • Set file permission attributes
    • Set a file's read, write and executable permission attributes.
  • org.openrewrite.search.FindBuildMetadata
    • Find build metadata
    • Find source files with matching build metadata.
  • org.openrewrite.search.FindCommitters
    • Find committers on repositories
    • List the committers on a repository.
  • org.openrewrite.search.FindParseToPrintInequality
    • Find parse to print inequality
    • OpenRewrite Parser implementations should produce SourceFile objects whose printAll() method should be byte-for-byte equivalent with the original source file. When this isn't true, recipes can still run on the SourceFile and even produce diffs, but the diffs would fail to apply as a patch to the original source file. Most Parser use Parser#requirePrintEqualsInput to produce a ParseError when they fail to produce a SourceFile that is print idempotent.
  • org.openrewrite.search.RepositoryContainsFile
    • Repository contains file
    • Intended to be used primarily as a precondition for other recipes, this recipe checks if a repository contains a specific file or files matching a pattern. If present all files in the repository are marked with a SearchResult marker. If you want to get only the matching file as a search result, use FindSourceFiles instead.
  • org.openrewrite.text.AppendToTextFile
    • Append to text file
    • Appends or replaces content of an existing plain text file, or creates a new one if it doesn't already exist. Please note that this recipes requires existing plain text files' format to be successfully parsable by OpenRewrite. If a file is left unchanged, it might be parsed as a Quark rather than plain text. In such case, use the plainTextMask option. See the Gradle or Maven plugin configuration page.
  • org.openrewrite.text.ChangeText
    • Change text
    • Completely replaces the contents of the text file with other text. Use together with a FindSourceFiles precondition to limit which files are changed.
  • org.openrewrite.text.EndOfLineAtEndOfFile
    • End of Line @ End of File (EOL @ EOF)
    • Ensure that the file ends with the newline character. Note: If this recipe modifies a file, it converts the file into plain text. As such, this recipe should be run after any recipe that modifies the language-specific LST.
  • org.openrewrite.text.FindMultiselect
    • Experimental find text with multiselect
    • Search for text, treating all textual sources as plain text. This version of the recipe exists to experiment with multiselect recipe options.
  • org.openrewrite.text.RemoveByteOrderMark
    • Remove byte order mark (BOM)
    • Removes UTF-8 byte order marks from the beginning of files. The BOM character (U+FEFF) is generally unnecessary in UTF-8 files and can cause issues with some tools.

rewrite-cryptography

rewrite-csharp

rewrite-docker

rewrite-dotnet

rewrite-dropwizard

rewrite-feature-flags

rewrite-github-actions

rewrite-gitlab

rewrite-gradle

rewrite-groovy

rewrite-hcl

rewrite-hibernate

rewrite-java

rewrite-java-dependencies

  • org.openrewrite.java.dependencies.DependencyList
    • Dependency report
    • Emits a data table detailing all Gradle and Maven dependencies. This recipe makes no changes to any source file.
  • org.openrewrite.java.dependencies.DependencyResolutionDiagnostic
    • Dependency resolution diagnostic
    • Recipes which manipulate dependencies must be able to successfully access the artifact repositories and resolve dependencies from them. This recipe produces two data tables used to understand the state of dependency resolution. The Repository accessibility report lists all the artifact repositories known to the project and whether respond to network access. The network access is attempted while the recipe is run and so is representative of current conditions. The Gradle dependency configuration errors lists all the dependency configurations that failed to resolve one or more dependencies when the project was parsed. This is representative of conditions at the time the LST was parsed.
  • org.openrewrite.java.dependencies.FindDependency
    • Find Maven and Gradle dependencies
    • Finds direct dependencies declared in Maven and Gradle build files. This does not search transitive dependencies. To detect both direct and transitive dependencies use org.openrewrite.java.dependencies.DependencyInsight This recipe works for both Maven and Gradle projects.
  • org.openrewrite.java.dependencies.RelocatedDependencyCheck
    • Find relocated dependencies
    • Find Maven and Gradle dependencies and Maven plugins that have relocated to a new groupId or artifactId. Relocation information comes from the oga-maven-plugin maintained by Jonathan Lermitage, Filipe Roque and others. This recipe makes no changes to any source file by default. Add changeDependencies=true to change dependencies, but note that you might need to run additional recipes to update imports and adopt other breaking changes.
  • org.openrewrite.java.dependencies.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Gradle or Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom.xml or Gradle build.gradle. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.java.dependencies.search.DoesNotIncludeDependency
    • Does not include dependency for Gradle and Maven
    • A precondition which returns false if visiting a Gradle file / Maven pom which includes the specified dependency in the classpath of some Gradle configuration / Maven scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • org.openrewrite.java.dependencies.search.FindMinimumDependencyVersion
    • Find the oldest matching dependency version in use
    • The oldest dependency version in use is the lowest dependency version in use in any source set of any subproject of a repository. It is possible that, for example, the main source set of a project uses Jackson 2.11, but a test source set uses Jackson 2.16. In this case, the oldest Jackson version in use is Java 2.11.
  • org.openrewrite.java.dependencies.search.FindMinimumJUnitVersion
    • Find minimum JUnit version
    • A recipe to find the minimum version of JUnit dependencies. This recipe is designed to return the minimum version of JUnit in a project. It will search for JUnit 4 and JUnit 5 dependencies in the project. If both versions are found, it will return the minimum version of JUnit 4. If a minimumVersion is provided, the recipe will search to see if the minimum version of JUnit used by the project is no lower than the minimumVersion. For example: if the minimumVersion is 4, and the project has JUnit 4.12 and JUnit 5.7, the recipe will return JUnit 4.12. If the project has only JUnit 5.7, the recipe will return JUnit 5.7. Another example: if the minimumVersion is 5, and the project has JUnit 4.12 and JUnit 5.7, the recipe will not return any results.
  • org.openrewrite.java.dependencies.search.ModuleHasDependency
    • Module has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.java.dependencies.search.RepositoryHasDependency
    • Repository has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a repository with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use a springframework dependency, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.

rewrite-java-security

  • org.openrewrite.csharp.dependencies.DependencyInsight
    • Dependency insight for C#
    • Finds dependencies in *.csproj and packages.config.
  • org.openrewrite.csharp.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable Nuget dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
  • org.openrewrite.csharp.dependencies.UpgradeDependencyVersion
    • Upgrade C# dependency versions
    • Upgrades dependencies in *.csproj and packages.config.
  • org.openrewrite.java.dependencies.DependencyLicenseCheck
    • Find licenses in use in third-party dependencies
    • Locates and reports on all licenses in use.
  • org.openrewrite.java.dependencies.RemoveUnusedDependencies
    • Remove unused dependencies
    • Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This is best effort and not guaranteed to work well in all cases; false positives are still possible. This recipe takes reflective access into account: - When reflective access to a class is made unambiguously via a string literal, such as: Class.forName("java.util.List") that is counted correctly. - When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: - When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
  • org.openrewrite.java.dependencies.SoftwareBillOfMaterials
    • Software bill of materials
    • Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
  • org.openrewrite.java.security.FixCwe338
    • Fix CWE-338 with SecureRandom
    • Use a cryptographically strong pseudo-random number generator (PRNG).
  • org.openrewrite.java.security.ImproperPrivilegeManagement
    • Improper privilege management
    • Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.
  • org.openrewrite.java.security.SecureRandom
    • Secure random
    • Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of java.util.Random with java.security.SecureRandom.
  • org.openrewrite.java.security.SecureRandomPrefersDefaultSeed
    • SecureRandom seeds are not constant or predictable
    • Remove SecureRandom#setSeed(*) method invocations having constant or predictable arguments.
  • org.openrewrite.java.security.search.FindSensitiveApiEndpoints
    • Find sensitive API endpoints
    • Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
  • org.openrewrite.java.security.spring.InsecureSpringServiceExporter
    • Secure Spring service exporters
    • The default Java deserialization mechanism is available via ObjectInputStream class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’s RemoteInvocationSerializingExporter uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least HttpInvokerServiceExporter and SimpleHttpInvokerServiceExporter that extend RemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.
  • org.openrewrite.java.security.spring.PreventClickjacking
    • Prevent clickjacking
    • The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
  • org.openrewrite.text.FindHardcodedLoopbackAddresses
    • Find hard-coded loopback IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from the loopback IP range. The loopback IP range includes 127.0.0.0 to 127.255.255.255. This detects the entire localhost/loopback subnet range, not just the commonly used 127.0.0.1.
  • org.openrewrite.text.FindHardcodedPrivateIPAddresses
    • Find hard-coded private IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from private IP ranges. Private IP ranges include: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 It is not detecting the localhost subnet 127.0.0.0 to 127.255.255.255.
  • org.openrewrite.text.RemoveHardcodedIPAddressesFromComments
    • Remove hard-coded IP addresses from comments
    • Removes hard-coded IPv4 addresses from comments when they match private IP ranges or loopback addresses. This targets IP addresses that are commented out in various comment formats: Private IP ranges: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 Loopback IP range: * 127.0.0.0 to 127.255.255.255 Supported comment formats: * C-style line comments (//) * C-style block comments (/* */) * Shell/Python style comments (#) * XML comments (<!-- -->) * YAML comments (#) * Properties file comments (# or !) For line comments, the entire line is removed. For block comments, only the IP address is removed.

rewrite-javascript

  • org.openrewrite.javascript.search.DependencyInsight
    • Node.js dependency insight
    • Find direct and transitive npm dependencies matching a package name pattern. Results include dependencies that either directly match or transitively include a matching dependency.

rewrite-jenkins

rewrite-json

rewrite-kotlin

rewrite-kubernetes

rewrite-liberty

rewrite-logging-frameworks

rewrite-maven

  • org.openrewrite.maven.AddCommentToMavenDependency
    • Add a comment to a Maven dependency or plugin
    • Adds a comment as the first element in a Maven dependency or plugin.
  • org.openrewrite.maven.AddDevelocityMavenExtension
    • Add the Develocity Maven extension
    • To integrate the Develocity Maven extension into Maven projects, ensure that the develocity-maven-extension is added to the .mvn/extensions.xml file if not already present. Additionally, configure the extension by adding the .mvn/develocity.xml configuration file.
  • org.openrewrite.maven.AddParentPom
    • Add Maven parent
    • Add a parent pom to a Maven pom.xml. Does nothing if a parent pom is already present.
  • org.openrewrite.maven.AddRepository
    • Add repository
    • Adds a new Maven Repository or updates a matching repository.
  • org.openrewrite.maven.AddRuntimeConfig
    • Add a configuration option for the Maven runtime
    • Add a new configuration option for the Maven runtime if not already present.
  • org.openrewrite.maven.ChangeExclusion
    • Change Maven dependency exclusion
    • Modify Maven dependency exclusions, changing the group ID, artifact Id, or both. Useful when an excluded dependency has been renamed and references to it must be updated.
  • org.openrewrite.maven.ChangePluginConfiguration
    • Change Maven plugin configuration
    • Apply the specified configuration to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • org.openrewrite.maven.ChangePluginDependencies
    • Change Maven plugin dependencies
    • Applies the specified dependencies to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • org.openrewrite.maven.ChangeProjectVersion
    • Change Maven Project Version
    • Change the project version of a Maven pom.xml. Identifies the project to be changed by its groupId and artifactId. If the version is defined as a property, this recipe will only change the property value if the property exists within the same pom.
  • org.openrewrite.maven.EnableDevelocityBuildCache
    • Enable Develocity build cache
    • Add Develocity build cache configuration to any .mvn/ Develocity configuration file that lack existing configuration.
  • org.openrewrite.maven.IncrementProjectVersion
    • Increment Maven project version
    • Increase Maven project version by incrementing either the major, minor, or patch version as defined by semver. Other versioning schemes are not supported.
  • org.openrewrite.maven.ManageDependencies
    • Manage dependencies
    • Make existing dependencies managed by moving their version to be specified in the dependencyManagement section of the POM.
  • org.openrewrite.maven.ManagedToRuntimeDependencies
    • Convert managed dependencies to runtime dependencies
    • This recipe processes Maven POMs, converting all <dependencyManagement> entries into runtime scoped <dependencies> entries. Import scoped BOMs (like jackson-bom) are left unmodified in <dependencyManagement>. Some style guidelines prefer that <dependencyManagement> be used only for BOMs. This maintain that style while avoiding introducing new symbols onto the compile classpath unintentionally.
  • org.openrewrite.maven.ModernizeObsoletePoms
    • Modernize obsolete Maven poms
    • Very old Maven poms are no longer supported by current versions of Maven. This recipe updates poms with <pomVersion>3</pomVersion> to <modelVersion>4.0.0</modelVersion> of the Maven pom schema. This does not attempt to upgrade old dependencies or plugins and is best regarded as the starting point of a migration rather than an end-point.
  • org.openrewrite.maven.RemoveRepository
    • Remove repository
    • Removes a matching Maven repository.
  • org.openrewrite.maven.RemoveUnusedProperties
    • Remove unused properties
    • Detect and remove Maven property declarations which do not have any usage within the project.
  • org.openrewrite.maven.UpdateMavenWrapper
    • Update Maven wrapper
    • Update the version of Maven used in an existing Maven wrapper.
  • org.openrewrite.maven.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom file. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.maven.cleanup.DependencyManagementDependencyRequiresVersion
    • Dependency management dependencies should have a version
    • If they don't have a version, they can't possibly affect dependency resolution anywhere, and can be safely removed.
  • org.openrewrite.maven.search.DoesNotIncludeDependency
    • Does not include Maven dependency
    • A precondition which returns false if visiting a Maven pom which includes the specified dependency in the classpath of some scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • org.openrewrite.maven.search.EffectiveDependencies
    • Effective dependencies
    • Emit the data of binary dependency relationships.
  • org.openrewrite.maven.search.EffectiveManagedDependencies
    • Effective managed dependencies
    • Emit the data of binary dependency relationships.
  • org.openrewrite.maven.search.EffectiveMavenRepositories
    • List effective Maven repositories
    • Lists the Maven repositories that would be used for dependency resolution, in order of precedence. This includes Maven repositories defined in the Maven settings file (and those contributed by active profiles) as determined when the LST was produced.
  • org.openrewrite.maven.search.FindManagedDependency
    • Find Maven dependency management entry
    • Finds first-order dependency management entries, i.e. dependencies that are defined directly in a project.
  • org.openrewrite.maven.search.FindMavenProject
    • Find Maven projects
    • Maven projects are pom.xml files with a MavenResolutionResult marker.
  • org.openrewrite.maven.search.FindMavenSettings
    • Find effective maven settings
    • List the effective maven settings file for the current project.
  • org.openrewrite.maven.search.FindPlugin
    • Find Maven plugin
    • Finds a Maven plugin within a pom.xml.
  • org.openrewrite.maven.search.FindProperties
    • Find Maven project properties
    • Finds the specified Maven project properties within a pom.xml.
  • org.openrewrite.maven.search.FindRepositoryOrder
    • Maven repository order
    • Determine the order in which dependencies will be resolved for each pom.xml based on its defined repositories and effective settings.xml.
  • org.openrewrite.maven.search.FindScm
    • Find SCM tag
    • Finds any <scm> tag directly inside the <project> root of a Maven pom.xml file.
  • org.openrewrite.maven.search.ModuleHasDependency
    • Module has dependency
    • Searches for Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.maven.search.ModuleHasPlugin
    • Module has plugin
    • Searches for Maven modules that have a plugin matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching plugin. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that apply the spring boot plugin, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindPlugins recipe instead.
  • org.openrewrite.maven.search.ParentPomInsight
    • Maven parent insight
    • Find Maven parents matching a groupId and artifactId.
  • org.openrewrite.maven.utilities.PrintMavenAsDot
    • Print Maven dependency hierarchy in DOT format
    • The DOT language format is specified here.

rewrite-micrometer

rewrite-micronaut

rewrite-migrate-java

rewrite-nodejs

rewrite-program-analysis

rewrite-properties

rewrite-quarkus

rewrite-react

rewrite-rewrite

  • org.openrewrite.java.recipes.FindRecipes
    • Find OpenRewrite recipes
    • This recipe finds all OpenRewrite recipes, primarily to produce a data table that is being used to experiment with fine-tuning a large language model to produce more recipes.

rewrite-spring

  • io.moderne.java.spring.boot.IsLikelyNotSpringBoot
    • Is likely not a Spring Boot project
    • Marks the project if it's likely not a Spring Boot project.
  • io.moderne.java.spring.boot.IsLikelySpringBoot
    • Is likely a Spring Boot project
    • Marks the project if it's likely a Spring Boot project.
  • io.moderne.java.spring.boot4.AddAutoConfigureMockMvc
    • Add @AutoConfigureMockMvc to @SpringBootTest classes using MockMvc
    • Adds @AutoConfigureMockMvc annotation to classes annotated with @SpringBootTest that use MockMvc.
  • io.moderne.java.spring.framework.IsLikelySpringFramework
    • Is likely a Spring Framework project
    • Marks the project if it's likely a Spring Framework project.
  • io.moderne.java.spring.framework.JaxRsToSpringWeb
    • Convert JAX-RS annotations to Spring Web
    • Converts JAX-RS annotations such as @Path, @GET, @POST, etc., to their Spring Web equivalents like @RestController, @RequestMapping, @GetMapping, etc.
  • org.openrewrite.gradle.spring.AddSpringDependencyManagementPlugin
    • Add io.spring.dependency-management plugin, if in use
    • Prior to Spring Boot 2.0 the dependency management plugin was applied automatically as part of the overall spring boot plugin. Afterwards the dependency-management plugin must be applied explicitly, or Gradle's platform() feature may be used instead. This recipe makes usage of io-spring.dependency-management explicit in anticipation of upgrade to Spring Boot 2.0 or later.
  • org.openrewrite.java.spring.ExpandProperties
    • Expand Spring YAML properties
    • Expand YAML properties to not use the dot syntax shortcut.
  • org.openrewrite.java.spring.ImplicitWebAnnotationNames
    • Remove implicit web annotation names
    • Removes implicit web annotation names.
  • org.openrewrite.java.spring.RenameBean
    • Rename bean
    • Renames a Spring bean, both declaration and references.
  • org.openrewrite.java.spring.UpdateApiManifest
    • Update the API manifest
    • Keep a consolidated manifest of the API endpoints that this application exposes up-to-date.
  • org.openrewrite.java.spring.amqp.UseTlsAmqpConnectionString
    • Use TLS for AMQP connection strings
    • Use TLS for AMQP connection strings.
  • org.openrewrite.java.spring.boot2.AddConfigurationAnnotationIfBeansPresent
    • Add missing @Configuration annotation
    • Class having @Bean annotation over any methods but missing @Configuration annotation over the declaring class would have @Configuration annotation added.
  • org.openrewrite.java.spring.boot2.ConditionalOnBeanAnyNestedCondition
    • Migrate multi-condition @ConditionalOnBean annotations
    • Migrate multi-condition @ConditionalOnBean annotations to AnyNestedCondition.
  • org.openrewrite.java.spring.boot2.search.IntegrationSchedulerPoolRecipe
    • Integration scheduler pool size
    • Spring Integration now reuses an available TaskScheduler rather than configuring its own. In a typical application setup relying on the auto-configuration, this means that Spring Integration uses the auto-configured task scheduler that has a pool size of 1. To restore Spring Integration’s default of 10 threads, use the spring.task.scheduling.pool.size property.
  • org.openrewrite.java.spring.boot3.AddRouteTrailingSlash
    • Add trailing slash to Spring routes
    • This is part of Spring MVC and WebFlux URL Matching Changes, as of Spring Framework 6.0, the trailing slash matching configuration option has been deprecated and its default value set to false. This means that previously, a controller @GetMapping("/some/greeting") would match both GET /some/greeting and GET /some/greeting/, but it doesn't match GET /some/greeting/ anymore by default and will result in an HTTP 404 error. This recipe is to add declaration of additional route explicitly on the controller handler (like @GetMapping("/some/greeting", "/some/greeting/").
  • org.openrewrite.java.spring.boot3.AddSetUseTrailingSlashMatch
    • Add SetUseTrailingSlashMatch() in configuration
    • This is part of Spring MVC and WebFlux URL Matching Changes, as of Spring Framework 6.0, the trailing slash matching configuration option has been deprecated and its default value set to false. This means that previously, a controller @GetMapping("/some/greeting") would match both GET /some/greeting and GET /some/greeting/, but it doesn't match GET /some/greeting/ anymore by default and will result in an HTTP 404 error. This recipe is change the default with the global Spring MVC or Webflux configuration.
  • org.openrewrite.java.spring.boot3.MaintainTrailingSlashURLMappings
    • Maintain trailing slash URL mappings
    • This is part of Spring MVC and WebFlux URL Matching Changes, as of Spring Framework 6.0, the trailing slash matching configuration option has been deprecated and its default value set to false. This means that previously, a controller @GetMapping("/some/greeting") would match both GET /some/greeting and GET /some/greeting/, but it doesn't match GET /some/greeting/ anymore by default and will result in an HTTP 404 error. This recipe is to maintain trailing slash in all HTTP url mappings.
  • org.openrewrite.java.spring.data.UseTlsJdbcConnectionString
    • Use TLS for JDBC connection strings
    • Increasingly, for compliance reasons (e.g. NACHA), JDBC connection strings should be TLS-enabled. This recipe will update the port and optionally add a connection attribute to indicate that the connection is TLS-enabled.
  • org.openrewrite.java.spring.search.FindApiCalls
    • Find HTTP API calls via RestTemplate
    • Find outbound HTTP API calls made via Spring's RestTemplate class.
  • org.openrewrite.java.spring.search.FindApiEndpoints
    • Find Spring API endpoints
    • Find all HTTP API endpoints exposed by Spring applications. More specifically, this marks method declarations annotated with @RequestMapping, @GetMapping, @PostMapping, @PutMapping, @DeleteMapping, and @PatchMapping as search results.
  • org.openrewrite.java.spring.search.FindConfigurationProperties
    • Find Spring @ConfigurationProperties
    • Find all classes annotated with @ConfigurationProperties and extract their prefix values. This is useful for discovering all externalized configuration properties in Spring Boot applications.
  • org.openrewrite.java.spring.search.FindSpringComponents
    • Find Spring components
    • Find Spring components, including controllers, services, repositories, return types of @Bean annotated methods, etc.
  • org.openrewrite.java.spring.security6.RemoveOauth2LoginConfig
    • Remove unneeded oauth2Login config when upgrading to Spring Security 6
    • oauth2Login() is a Spring Security feature that allows users to authenticate with an OAuth2 or OpenID Connect 1.0 provider. When a user is authenticated using this feature, they are granted a set of authorities that determines what actions they are allowed to perform within the application. In Spring Security 5, the default authority given to a user authenticated with an OAuth2 or OpenID Connect 1.0 provider via oauth2Login() is ROLE_USER. This means that the user is allowed to access the application's resources as a regular user. However, in Spring Security 6, the default authority given to a user authenticated with an OAuth2 provider is OAUTH2_USER, and the default authority given to a user authenticated with an OpenID Connect 1.0 provider is OIDC_USER. These authorities are more specific and allow for better customization of the user's permissions within the application. If you are upgrading to Spring Security 6 and you have previously configured a GrantedAuthoritiesMapper to handle the authorities of users authenticated via oauth2Login(), you can remove it completely as the new default authorities should be sufficient.
  • org.openrewrite.maven.spring.UpgradeExplicitSpringBootDependencies
    • Upgrade Spring dependencies
    • Upgrades dependencies according to the specified version of spring boot. Spring boot has many direct and transitive dependencies. When a module has an explicit dependency on one of these it may also need to be upgraded to match the version used by spring boot.

rewrite-sql

rewrite-static-analysis

rewrite-struts

rewrite-terraform

rewrite-testing-frameworks

rewrite-third-party

rewrite-toml

rewrite-vulncheck

  • io.moderne.vulncheck.FixVulnCheckVulnerabilities
    • Use VulnCheck Exploit Intelligence to fix vulnerabilities
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.

rewrite-xml

rewrite-yaml