diff --git a/docs/administrator-documentation/moderne-platform/getting-started/proof-of-value.md b/docs/administrator-documentation/moderne-platform/getting-started/proof-of-value.md index 79d2faf6..134fbeb8 100644 --- a/docs/administrator-documentation/moderne-platform/getting-started/proof-of-value.md +++ b/docs/administrator-documentation/moderne-platform/getting-started/proof-of-value.md @@ -28,130 +28,74 @@ The idea is for all of these types of updates to become a continuous process for ### Recipes to run -_The recipes below are listed in order of increasing complexity. You can click the links to run them directly on the Moderne Platform. Alternatively, you can run the same recipes using the CLI._ +_The recipes below are listed in order of increasing complexity. You can click the links to run them directly on the Moderne Platform. Alternatively, you can run the same recipes [using the CLI](#cli-command-reference)._ * [Common static analysis fixes](https://app.moderne.io/recipes/org.openrewrite.staticanalysis.CommonStaticAnalysis) * Improve code quality and readability * Fix common mistakes * Eliminate legacy patterns and minor performance issues - * - ```bash - mod run . --recipe CommonStaticAnalysis - ``` * SLF4J Logging best practices * [Improve performance](https://app.moderne.io/recipes/org.openrewrite.java.logging.slf4j.ParameterizedLogging) by preferring parameterized logging to string concatenation - * - ```bash - mod run . --recipe ParameterizedLogging - ``` * [Improve error reporting](https://app.moderne.io/recipes/org.openrewrite.java.logging.slf4j.CompleteExceptionLogging) by using exception-specialized logging invocations where applicable - * - ```bash - mod run . --recipe CompleteExceptionLogging - ``` * Maven dependency management * [Upgrade Maven dependencies](https://app.moderne.io/recipes/org.openrewrite.maven.UpgradeDependencyVersion) to keep dependencies patched and up-to-date - * - ```bash - mod run . --recipe UpgradeDependencyVersion -P "groupId=com.fasterxml.jackson*" -P "artifactId=jackson-module*" -P "newVersion=29.X" -P "versionPattern='-jre'" -P "retainVersions=com.jcraft:jsch" - ``` * [Exclude test dependencies](https://app.moderne.io/recipes/org.openrewrite.maven.ExcludeDependency) like JUnit from the compile scope - * - ```bash - mod run . --recipe ExcludeDependency -P "groupId=org.junit.vintage" -P "junit-vintage-engine" -P "scope=compile" - ``` * [Remove redundant explicit dependency versions](https://app.moderne.io/recipes/org.openrewrite.maven.RemoveRedundantDependencyVersions) to clean up Maven POMs - * - ```bash - mod run . --recipe RemoveRedundantDependencyVersions - ``` * [Dependency insight for Gradle and Maven](https://app.moderne.io/recipes/org.openrewrite.java.dependencies.DependencyInsight) - * - ```bash - mod run . --recipe DependencyInsight -P groupIdPattern='com.fasterxml.jackson*' -P artifactIdPattern='jackson*' - ``` - ![](./assets/dep-insight.png) * Gradle wrapper and plugin upgrades * [Update Gradle Wrapper](https://app.moderne.io/recipes/org.openrewrite.gradle.UpdateGradleWrapper) to keep Gradle itself up to date - * - ```bash - mod run . --recipe UpdateGradleWrapper - ``` * [Update Gradle Plugin](https://app.moderne.io/recipes/org.openrewrite.gradle.plugins.UpgradePluginVersion) to keep build plugins up to date - * - ```bash - mod run . --recipe UpgradePluginVersion -P "pluginIdPattern=com.jfrog.bintray" -P "newVersion=29.X" -P "versionPattern='-jre'" - ``` * Security enhancements and discovery * [Find secrets](https://app.moderne.io/recipes/org.openrewrite.java.security.secrets.FindSecrets) like passwords, encryption keys, access tokens - * - ```bash - mod run . --recipe FindSecrets - ``` * [Use secure random number generation](https://app.moderne.io/recipes/org.openrewrite.java.security.SecureRandom) - * - ```bash - mod run . --recipe SecureRandom - ``` * [Java security best practices](https://app.moderne.io/recipes/org.openrewrite.java.security.JavaSecurityBestPractices) - * - ```bash - mod run . --recipe JavaSecurityBestPractices - ``` * [OWASP Top 10](https://app.moderne.io/recipes/org.openrewrite.java.security.OwaspTopTen) - * - ```bash - mod run . --recipe OwaspTopTen - ``` * [Find and fix vulnerable dependencies](https://app.moderne.io/recipes/org.openrewrite.java.dependencies.DependencyVulnerabilityCheck) - * - ```bash - mod run . --recipe DependencyVulnerabilityCheck -P scope='runtime' -P overrideTransitive=true -P maximumUpgradeDelta='patch' - ``` - ![](./assets/vuln-dep.png) * Modernize test frameworks * [JUnit 5 best practices](https://app.moderne.io/recipes/org.openrewrite.java.testing.junit5.JUnit5BestPractices) - * - ```bash - mod run . --recipe JUnit5BestPractices - ``` * [Mockito 1 to 5 migration](https://app.moderne.io/recipes/org.openrewrite.java.testing.mockito.Mockito1to5Migration) - * - ```bash - mod run . --recipe Mockito1to5Migration - ``` * [Migrate JUnit assertions to AssertJ](https://app.moderne.io/recipes/org.openrewrite.java.testing.assertj.Assertj) improved readability and consistency over stock JUnit assertions - * - ```bash - mod run . --recipe Assertj - ``` * Major migrations * [Java 8 to 11](https://app.moderne.io/recipes/org.openrewrite.java.migrate.Java8toJava11) - * - ```bash - mod run . --recipe Java8toJava11 - ``` * [Java 11 to 21](https://app.moderne.io/recipes/org.openrewrite.java.migrate.UpgradeToJava21) - * - ```bash - mod run . --recipe UpgradeToJava21 - ``` * [Spring Boot 1 to 2](https://app.moderne.io/recipes/org.openrewrite.java.spring.boot2.UpgradeSpringBoot_2_7) - * - ```bash - mod run . --recipe UpgradeSpringBoot_2_7 - ``` * [Spring Boot 3.4 best practices](https://app.moderne.io/recipes/io.moderne.java.spring.boot3.SpringBoot3BestPractices) - * - ```bash - mod run . --recipe SpringBoot3BestPractices - ``` + * Custom migrations. Custom recipes can be developed to help with internal platform API management, EJB to Spring migrations, etc. Major migrations are complex transformations consisting of multiple individual recipes. At some point, these transformations represent one-off use cases and there are diminishing returns from trying to automate them fully. Mostly, they will lift your applications 80-90% of the way to completion with the remainder requiring some manual actions expected to be taken by developers. +#### CLI command reference + +| Recipe Name | CLI Command | +|-------------|-------------| +| CommonStaticAnalysis | ```mod run . --recipe CommonStaticAnalysis``` | +| ParameterizedLogging | `mod run . --recipe ParameterizedLogging` | +| CompleteExceptionLogging | `mod run . --recipe CompleteExceptionLogging` | +| UpgradeDependencyVersion | `mod run . --recipe UpgradeDependencyVersion -P "groupId=com.fasterxml.jackson*" -P "artifactId=jackson-module*" -P "newVersion=29.X" -P "versionPattern='-jre'" -P "retainVersions=com.jcraft:jsch"` | +| ExcludeDependency | `mod run . --recipe ExcludeDependency -P "groupId=org.junit.vintage" -P "junit-vintage-engine" -P "scope=compile"` | +| RemoveRedundantDependencyVersions | `mod run . --recipe RemoveRedundantDependencyVersions` | +| DependencyInsight | `mod run . --recipe DependencyInsight -P groupIdPattern='com.fasterxml.jackson*' -P artifactIdPattern='jackson*'` | +| UpdateGradleWrapper | `mod run . --recipe UpdateGradleWrapper` | +| UpgradePluginVersion | `mod run . --recipe UpgradePluginVersion -P "pluginIdPattern=com.jfrog.bintray" -P "newVersion=29.X" -P "versionPattern='-jre'"` | +| FindSecrets | `mod run . --recipe FindSecrets` | +| SecureRandom | `mod run . --recipe SecureRandom` | +| JavaSecurityBestPractices | `mod run . --recipe JavaSecurityBestPractices` | +| OwaspTopTen | `mod run . --recipe OwaspTopTen` | +| DependencyVulnerabilityCheck | `mod run . --recipe DependencyVulnerabilityCheck -P scope='runtime' -P overrideTransitive=true -P maximumUpgradeDelta='patch'` | +| JUnit5BestPractices | `mod run . --recipe JUnit5BestPractices` | +| Mockito1to5Migration | `mod run . --recipe Mockito1to5Migration` | +| Assertj | `mod run . --recipe Assertj` | +| Java8toJava11 | `mod run . --recipe Java8toJava11` | +| UpgradeToJava21 | `mod run . --recipe UpgradeToJava21` | +| UpgradeSpringBoot_2_7 | `mod run . --recipe UpgradeSpringBoot_2_7` | +| SpringBoot3BestPractices | `mod run . --recipe SpringBoot3BestPractices` | + + + + ### Impact analysis Another substantial use case worth testing is impact analysis. When adding new functionality or fixing a bug, it's often times good to think about what the consequences would be. While you _could_ make a change and see who yells at you, it's generally better if you take the time to do your due diligence and figure out what's going to happen.