Chapter 2. Automated Code Remediation Journey
At this point, we hope you see the immense challenges ahead for development teams when it comes to maintaining and updating their existing codebases. In the software industrial revolution, you will need automation to survive. It’s time to embark on the automated code remediation journey—and wave goodbye to manual remediation.
Why Manual Remediation Is Ripe for Automation
Even with all the scanning and search support available today, manual remediation is largely how organizations are dealing with security vulnerabilities and code upgrades. The work is quite error prone, repetitive, and time consuming, so organizations have become resistant to making changes. In many cases, there are no tests to validate the changes or understand the impact of changes. Remediation activities can paralyze engineering organizations and are a tremendous burden on engineers that leads to burnout.
Figure 2-1 shows an example of one such tedious migration that a developer would have to do many thousands of times on a large codebase to migrate from JUnit 4 to JUnit 5. In JUnit 5 you can no longer define an expected exception on the @Test annotation, but rather must use an assertThrows call in the test’s method body, as shown in the full PR. If this change takes a developer five minutes, and you multiply that by 1,000 locations in the code, you’re looking at almost four days of work.
Figure 2-1. JUnit 4 to 5 migration: assertThrows call added to the test’s ...
Get Automated Code Remediation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
