Beyond Coding

Transcript

1. Beyond Coding: Tools that Empower Java Developers in (Big) Corporations

   Advancing with Java

2. The Golden Path Test Coverage Technical Debt Vulnerabilities

3. A Developer’s Day

4. Meetings

5. Deadlines

6. Stakeholders

7. Audits

8. How much time do we spend coding? https://www.surveymonkey.com/r/ZM7GZ7J

9. The Developer Reality ONLY ~30% OF DEV TIME SPENT CODING

   MEETINGS ~20–40% OF DEV TIME OTHER TASKS

10. The Problem Vulnerabilities, upgrades, audits Quality metrics: coverage, tech debt,

    security Compete with feature delivery

11. The Good News TOOLS EVOLVING TO HELP DEVELOPERS OPEN-SOURCE +

    COMMERCIAL ECOSYSTEMS GOAL: PRODUCTIVITY + COMPLIANCE + QUALITY

12. About the Author – Rodrigo Graciano • Java Champion (since

    2022) • Oracle ACE Director • Java Community Process EC Member • Technical Editor of Real-World Java • Speaker at JavaOne, Devnexus, JNation, TDC, dev2next • Focus: Developer productivity, AI adoption, modernization

13. Static Analysis & Security

14. SonarQube MATURE, WIDELY ADOPTED BIG ECOSYSTEM, RICH DASHBOARDS REQUIRES SETUP

    & MAINTENANCE

15. Qodana DEEP JETBRAINS INTEGRATION STATIC NATIVE ANALYZER CLOUD/ON-PREM PLUGIN/CI

16. Checkstyle LIGHTWEIGHT, FLEXIBLE RULE CONFIG STYLE-FOCUSED LIMITED SCOPE

17. Dependabot AUTOMATES DEPENDENCY UPDATES VIA PULL REQUESTS. HIGHLIGHTS KNOWN VULNERABILITIES

    IN DEPENDENCIES. NATIVE TO GITHUB, EASY CI/CD INTEGRATION.

18. Snyk SCANS CODE, DEPENDENCIES, CONTAINERS, AND IAC FOR VULNERABILITIES. PROVIDES

    REMEDIATION GUIDANCE AND PATCHES. BROAD ECOSYSTEM SUPPORT, INTEGRATES WITH IDES, REPOS, CI/CD.

19. Static Analysis & Security Tools TOOL STRENGTHS LIMITATIONS BEST FOR

    SonarQube Mature; huge rule set; dashboards Heavy to run; requires server Enterprise-wide adoption Qodana Deep IDE/CI integration; JetBrains-native Best for JetBrains shops; newer Teams already in JetBrains ecosystem Checkstyle Lightweight; configurable rules Narrow scope (style only) Style enforcement Dependabot Wide variety of languages and frameworks Narrow scope. Dependencies only Update vulnerable dependencies Snyk Broad ecosystem; wide variety of vulnerability scams Free-tier is limited Security coverage

20. Unit Testing & Coverage

21. Diffblue Cover AI-GENERATED UNIT TESTS FOR JAVA CI/CD INTEGRATION SPEEDS

    UP COVERAGE, REDUCES REGRESSIONS

22. EvoSuite OPEN-SOURCE, EVOLUTIONARY TEST GENERATION INTEGRATES WITH JUNIT NEEDS CLEANUP,

    SETUP EFFORT

23. PiTest MUTATION TESTING VALIDATES TEST QUALITY ENSURES TESTS CATCH REAL

    BUGS SLOWER RUNS, SUITED FOR CI PIPELINES

24. AI Tools for Testing COPILOT – AI ASSISTANT IN IDE

    SCAFFOLDS TESTS & ASSERTIONS DEPENDS ON PROMPTS & REVIEW

25. Unit Testing & Coverage Tools Tool Strengths Limitations Best For

    Diffblue Cover Generates runnable unit tests quickly; CI integration Commercial license; Java only Enterprises needing fast coverage boost EvoSuite OSS; generates JUnit tests; free Tests may need cleanup; setup tricky Teams wanting open-source alternative PiTest Checks test quality via mutation testing Slower; doesn’t generate tests Teams validating existing tests Copilot Inline test scaffolding & assertions Dependent on prompts; depth varies Individual productivity in IDE

26. Considerations HIGH COVERAGE IS DIFFERENT THAN HIGH QUALITY WE SHOULD

    ALWAYS AIM FOR HIGH QUALITY IF YOUR TESTS NEVER FAIL, DO THEY REALLY TEST?

27. Technical Debt & Modernization

28. OpenRewrite RECIPES FOR AUTOMATED JAVA/SPRING MIGRATIONS OSS FOUNDATION, SCALABLE REQUIRES

    RECIPE UPKEEP

29. Moderne PLATFORM BUILT ON OPENREWRITE FLEET-WIDE UPGRADES, DASHBOARDS COMMERCIAL LICENSE

30. Sourcegraph AUTOMATES LARGE-SCALE CODE MODIFICATIONS INTEGRATES WITH CODE HOSTS (GITHUB,

    GITLAB, BITBUCKET, ETC.) COMMERCIAL LICENSE

31. Manual Refactoring FULL CONTROL VERY TIME- CONSUMING ERROR-PRONE AND INCONSISTENT

32. Tackling Technical Debt & Modernization Tool Strengths Limitations Best For

    OpenRewrite Automates migrations (Java, Spring) Needs maintained recipes Enterprises with legacy portfolios Moderne Fleet-wide migrations; dashboards Commercial license; setup effort Large orgs modernizing many repos Manual Refactoring Full control, no licensing Time-consuming; inconsistent Small/custom projects

33. AI Tools Copilot – assists coding & testing Windsurf –

    Cursor Amazon Q – enterprise knowledge + code search

34. Real-World Impact Code coverage nearly doubled in 1 year Release

    frequency increased by 50% Java upgrades cut from weeks to days

35. How to Choose Tools INTEGRATION WITH IDE/CI/CD COST: OPEN- SOURCE

    VS PAID ECOSYSTEM & COMMUNITY SECURITY & COMPLIANCE NEEDS

36. Key Takeaways TOOLS REDUCE COMPLIANCE VS INNOVATION TRADE-OFF OSS +

    AI + ENTERPRISE SOLUTIONS = STRONG TOOLKIT FOCUS ON INNOVATION, NOT DRUDGERY

37. Resources & References • Unit Testing • Diffblue Cover →

    https://www.diffblue.com • EvoSuite → https://www.evosuite.org • PiTest → https://pitest.org • GitHub Copilot → https://github.com/features/copilot • Technical Debt / Modernization • OpenRewrite → https://docs.openrewrite.org • Moderne → https://moderne.io • Qodana → https://www.jetbrains.com/qodana • Static Analysis & Security • SonarQube → https://www.sonarsource.com/products/sonarqube • Checkstyle → https://checkstyle.sourceforge.io • PMD → https://pmd.github.io • AI Tools • Amazon Q → https://aws.amazon.com/q • Windsurf → https://windsurf.ai

38. Questions? • Thank you for joining *Beyond Coding*! https://speakerdeck.com/graciano

39. None