Skip to main content

Scanning Recipes

This doc contains all scanning recipes.

io.moderne.recipe:rewrite-devcenter

io.moderne.recipe:rewrite-hibernate

io.moderne.recipe:rewrite-java-application-server

io.moderne.recipe:rewrite-prethink

  • io.moderne.prethink.ComprehendCode
    • Comprehend code with AI
    • Use an LLM to generate descriptions for classes and methods in the codebase. Descriptions are cached based on source code checksums to avoid regenerating descriptions for unchanged code.
  • io.moderne.prethink.ComprehendCodeTokenCounter
    • Estimate comprehension token usage
    • Estimate the input token counts that would be sent to an LLM for method comprehension, without actually calling a model. Uses OpenAI's tokenizer locally. Outputs to the MethodDescriptions table with blank descriptions.
  • io.moderne.prethink.FindTestCoverage
    • Find test coverage mapping
    • Map test methods to their corresponding implementation methods. Uses JavaType.Method matching to determine coverage relationships. Optionally generates AI summaries of what each test is verifying when LLM provider is configured.
  • io.moderne.prethink.calm.FindCalmRelationships
    • Find CALM relationships
    • Discover method call relationships within the repository for building interaction diagrams. Captures all method-to-method calls between in-repo classes. Entity IDs are resolved by GenerateCalmArchitecture when building CALM relationships.
  • io.moderne.prethink.calm.GenerateCalmMermaidDiagram
    • Generate architecture mermaid diagram
    • Generate a markdown file with a mermaid architecture diagram from discovered service endpoints, database connections, external service calls, and messaging connections.

io.moderne.recipe:rewrite-program-analysis

io.moderne.recipe:rewrite-spring

io.moderne.recipe:rewrite-vulncheck

  • io.moderne.vulncheck.FixVulnCheckVulnerabilities
    • Use VulnCheck Exploit Intelligence to fix vulnerabilities
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.

org.openrewrite.meta:rewrite-analysis

org.openrewrite.recipe:rewrite-ai-search

org.openrewrite.recipe:rewrite-all

  • org.openrewrite.FindDuplicateSourceFiles
    • Find duplicate source files
    • Record the presence of LSTs with duplicate paths, indicating that the same file was parsed more than once.
  • org.openrewrite.LanguageComposition
    • Language composition report
    • Counts the number of lines of the various kinds of source code and data formats parsed by OpenRewrite. Comments are not included in line counts. This recipe emits its results as two data tables, making no changes to any source file. One data table is per-file, the other is per-repository.

org.openrewrite.recipe:rewrite-codemods

org.openrewrite.recipe:rewrite-codemods-ng

org.openrewrite.recipe:rewrite-concourse

org.openrewrite.recipe:rewrite-dotnet

org.openrewrite.recipe:rewrite-jackson

  • org.openrewrite.java.jackson.LombokJacksonizedConfig
    • Update lombok.config for Jackson 3 compatibility
    • When @Jacksonized is used, Lombok generates Jackson annotations. By default it generates Jackson 2.x annotations. This recipe adds lombok.jacksonized.jacksonVersion = 3 to lombok.config so Lombok generates Jackson 3 compatible annotations.

org.openrewrite.recipe:rewrite-java-dependencies

  • org.openrewrite.java.dependencies.AddDependency
    • Add Gradle or Maven dependency
    • For a Gradle project, add a gradle dependency to a build.gradle file in the correct configuration based on where it is used. Or For a maven project, Add a Maven dependency to a pom.xml file in the correct scope based on where it is used.
  • org.openrewrite.java.dependencies.ChangeDependency
    • Change Gradle or Maven dependency
    • Change the group ID, artifact ID, and/or the version of a specified Gradle or Maven dependency.
  • org.openrewrite.java.dependencies.DependencyResolutionDiagnostic
    • Dependency resolution diagnostic
    • Recipes which manipulate dependencies must be able to successfully access the artifact repositories and resolve dependencies from them. This recipe produces two data tables used to understand the state of dependency resolution. The Repository accessibility report lists all the artifact repositories known to the project and whether respond to network access. The network access is attempted while the recipe is run and so is representative of current conditions. The Gradle dependency configuration errors lists all the dependency configurations that failed to resolve one or more dependencies when the project was parsed. This is representative of conditions at the time the LST was parsed.
  • org.openrewrite.java.dependencies.RelocatedDependencyCheck
    • Find relocated dependencies
    • Find Maven and Gradle dependencies and Maven plugins that have relocated to a new groupId or artifactId. Relocation information comes from the oga-maven-plugin maintained by Jonathan Lermitage, Filipe Roque and others. This recipe makes no changes to any source file by default. Add changeDependencies=true to change dependencies, but note that you might need to run additional recipes to update imports and adopt other breaking changes.
  • org.openrewrite.java.dependencies.RemoveDependency
    • Remove a Gradle or Maven dependency
    • For Gradle project, removes a single dependency from the dependencies section of the build.gradle. For Maven project, removes a single dependency from the <dependencies> section of the pom.xml.
  • org.openrewrite.java.dependencies.RemoveRedundantDependencies
    • Remove redundant explicit dependencies
    • Remove explicit dependencies that are already provided transitively by a specified dependency. This recipe downloads and resolves the parent dependency's POM to determine its true transitive dependencies, allowing it to detect redundancies even when both dependencies are explicitly declared.
  • org.openrewrite.java.dependencies.UpgradeDependencyVersion
    • Upgrade Gradle or Maven dependency versions
    • For Gradle projects, upgrade the version of a dependency in a build.gradle file. Supports updating dependency declarations of various forms: * String notation: "group:artifact:version" * Map notation: group: 'group', name: 'artifact', version: 'version' It is possible to update version numbers which are defined earlier in the same file in variable declarations. For Maven projects, upgrade the version of a dependency by specifying a group ID and (optionally) an artifact ID using Node Semver advanced range selectors, allowing more precise control over version updates to patch or minor releases.
  • org.openrewrite.java.dependencies.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Gradle or Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom.xml or Gradle build.gradle. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.java.dependencies.search.FindDuplicateClasses
    • Find duplicate classes on the classpath
    • Detects classes that appear in multiple dependencies on the classpath. This is similar to what the Maven duplicate-finder-maven-plugin does. Duplicate classes can cause runtime issues when different versions of the same class are loaded.
  • org.openrewrite.java.dependencies.search.FindMinimumDependencyVersion
    • Find the oldest matching dependency version in use
    • The oldest dependency version in use is the lowest dependency version in use in any source set of any subproject of a repository. It is possible that, for example, the main source set of a project uses Jackson 2.11, but a test source set uses Jackson 2.16. In this case, the oldest Jackson version in use is Java 2.11.
  • org.openrewrite.java.dependencies.search.FindMinimumJUnitVersion
    • Find minimum JUnit version
    • A recipe to find the minimum version of JUnit dependencies. This recipe is designed to return the minimum version of JUnit in a project. It will search for JUnit 4 and JUnit 5 dependencies in the project. If both versions are found, it will return the minimum version of JUnit 4. If a minimumVersion is provided, the recipe will search to see if the minimum version of JUnit used by the project is no lower than the minimumVersion. For example: if the minimumVersion is 4, and the project has JUnit 4.12 and JUnit 5.7, the recipe will return JUnit 4.12. If the project has only JUnit 5.7, the recipe will return JUnit 5.7. Another example: if the minimumVersion is 5, and the project has JUnit 4.12 and JUnit 5.7, the recipe will not return any results.
  • org.openrewrite.java.dependencies.search.ModuleHasDependency
    • Module has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.java.dependencies.search.RepositoryHasDependency
    • Repository has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a repository with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use a springframework dependency, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.

org.openrewrite.recipe:rewrite-java-security

  • org.openrewrite.csharp.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable Nuget dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
  • org.openrewrite.java.dependencies.AddExplicitTransitiveDependencies
    • Add explicit transitive dependencies
    • Detects when Java source code or configuration files reference types from transitive Maven dependencies and promotes those transitive dependencies to explicit direct dependencies in the pom.xml. This ensures the build is resilient against changes in transitive dependency trees of upstream libraries.
  • org.openrewrite.java.dependencies.DependencyLicenseCheck
    • Find licenses in use in third-party dependencies
    • Locates and reports on all licenses in use.
  • org.openrewrite.java.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Upgrades dependencies versioned according to Semantic Versioning. ## Customizing Vulnerability Data This recipe can be customized by extending DependencyVulnerabilityCheckBase and overriding the vulnerability data sources: - baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file using ResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. - supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods return List<Vulnerability> objects. Vulnerability data can be loaded from CSV files using ResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer) or constructed programmatically. To customize, extend DependencyVulnerabilityCheckBase and override one or both methods depending on your needs. For example, override supplementalVulnerabilities() to add custom CVEs while keeping the standard vulnerability database, or override baselineVulnerabilities() to use an entirely different vulnerability data source. Last updated: 2026-03-12T0841.
  • org.openrewrite.java.dependencies.RemoveUnusedDependencies
    • Remove unused dependencies
    • Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This is best effort and not guaranteed to work well in all cases; false positives are still possible. This recipe takes reflective access into account: - When reflective access to a class is made unambiguously via a string literal, such as: Class.forName("java.util.List") that is counted correctly. - When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: - When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
  • org.openrewrite.java.dependencies.SoftwareBillOfMaterials
    • Software bill of materials
    • Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
  • org.openrewrite.java.security.XmlParserXXEVulnerability
    • XML parser XXE vulnerability
    • Avoid exposing dangerous features of the XML parser by updating certain factory settings.
  • org.openrewrite.java.security.spring.CsrfProtection
    • Enable CSRF attack prevention
    • Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. See the full OWASP cheatsheet.
  • org.openrewrite.java.security.spring.PreventClickjacking
    • Prevent clickjacking
    • The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
  • org.openrewrite.python.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable PyPI dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.

org.openrewrite.recipe:rewrite-jenkins

org.openrewrite.recipe:rewrite-liberty

org.openrewrite.recipe:rewrite-micronaut

org.openrewrite.recipe:rewrite-migrate-java

  • org.openrewrite.java.migrate.AddStaticVariableOnProducerSessionBean
    • Adds static modifier to @Produces fields that are in session beans
    • Ensures that the fields annotated with @Produces which is inside the session bean (@Stateless, @Stateful, or @Singleton) are declared static.
  • org.openrewrite.java.migrate.jakarta.HasNoJakartaAnnotations
    • Project has no Jakarta annotations
    • Mark all source as found per JavaProject where no Jakarta annotations are found. This is useful mostly as a precondition for recipes that require Jakarta annotations to be present.
  • org.openrewrite.java.migrate.javax.AddJaxbRuntime
    • Use latest JAXB API and runtime for Jakarta EE 8
    • Update build files to use the latest JAXB runtime from Jakarta EE 8 to maintain compatibility with Java version 11 or greater. The recipe will add a JAXB run-time, in Gradle compileOnly+testImplementation and Maven provided scope, to any project that has a transitive dependency on the JAXB API. The resulting dependencies still use the javax namespace, despite the move to the Jakarta artifact.
  • org.openrewrite.java.migrate.javax.AddScopeToInjectedClass
    • Add scope annotation to injected classes
    • Finds member variables annotated with @Inject' and applies @Dependent` scope annotation to the variable's type.
  • org.openrewrite.java.migrate.javax.AddTransientAnnotationToEntity
    • Unannotated entity attributes require a Transient annotation
    • In OpenJPA, attributes that are themselves entity classes are not persisted by default. EclipseLink has a different default behavior and tries to persist these attributes to the database. To keep the OpenJPA behavior of ignoring unannotated entity attributes, add the javax.persistence.Transient annotation to these attributes in EclipseLink.
  • org.openrewrite.java.migrate.javax.RemoveEmbeddableId
    • @Embeddable classes cannot have an @Id annotation when referenced by an @EmbeddedId annotation
    • According to the Java Persistence API (JPA) specification, if an entity defines an attribute with an @EmbeddedId annotation, the embeddable class cannot contain an attribute with an @Id annotation. If both the @EmbeddedId annotation and the @Id annotation are defined, OpenJPA ignores the @Id annotation, whereas EclipseLink throws an exception.
  • org.openrewrite.java.migrate.lombok.AdoptLombokGetterMethodNames
    • Rename getter methods to fit Lombok
    • Rename methods that are effectively getter to the name Lombok would give them. Limitations: - If two methods in a class are effectively the same getter then one's name will be corrected and the others name will be left as it is. - If the correct name for a method is already taken by another method then the name will not be corrected. - Method name swaps or circular renaming within a class cannot be performed because the names block each other. E.g. int getFoo() \{ return ba; \} int getBa() \{ return foo; \} stays as it is.
  • org.openrewrite.java.migrate.lombok.AdoptLombokSetterMethodNames
    • Rename setter methods to fit Lombok
    • Rename methods that are effectively setter to the name Lombok would give them. Limitations: - If two methods in a class are effectively the same setter then one's name will be corrected and the others name will be left as it is. - If the correct name for a method is already taken by another method then the name will not be corrected. - Method name swaps or circular renaming within a class cannot be performed because the names block each other. E.g. int getFoo() \{ return ba; \} int getBa() \{ return foo; \} stays as it is.
  • org.openrewrite.java.migrate.lombok.LombokValueToRecord
    • Convert @lombok.Value class to Record
    • Convert Lombok @Value annotated classes to standard Java Records.
  • org.openrewrite.java.migrate.search.PlanJavaMigration
    • Plan a Java version migration
    • Study the set of Java versions and associated tools in use across many repositories.

org.openrewrite.recipe:rewrite-migrate-python

org.openrewrite.recipe:rewrite-nodejs

org.openrewrite.recipe:rewrite-openapi

org.openrewrite.recipe:rewrite-prethink

  • org.openrewrite.prethink.ExportContext
    • Export context files
    • Export DataTables to CSV files in .moderne/context/ along with a markdown description file. The markdown file describes the context and includes schema information for each data table.
  • org.openrewrite.prethink.UpdateAgentConfig
    • Update agent configuration files
    • Update coding agent configuration files (CLAUDE.md, .cursorrules, etc.) to include references to Moderne Prethink context files in .moderne/context/.
  • org.openrewrite.prethink.calm.GenerateCalmArchitecture
    • Generate CALM architecture
    • Generate a FINOS CALM (Common Architecture Language Model) JSON file from discovered service endpoints, database connections, external service calls, and messaging connections.

org.openrewrite.recipe:rewrite-rewrite

  • org.openrewrite.java.recipes.ExamplesExtractor
    • Extract documentation examples from tests
    • Extract the before/after sources from tests annotated with @DocumentExample, and generate a YAML file with those examples to be shown in the documentation to show usage.
  • org.openrewrite.java.recipes.GenerateDeprecatedMethodRecipes
    • Generate InlineMethodCalls recipes for deprecated delegating methods
    • Finds @Deprecated method declarations whose body is a single delegation call to another method in the same class, and generates a declarative YAML recipe file containing InlineMethodCalls entries for each.

org.openrewrite.recipe:rewrite-spring

org.openrewrite.recipe:rewrite-static-analysis

  • org.openrewrite.staticanalysis.LowercasePackage
    • Rename packages to lowercase
    • By convention all Java package names should contain only lowercase letters, numbers, and dashes. This recipe converts any uppercase letters in package names to be lowercase.
  • org.openrewrite.staticanalysis.MethodNameCasing
    • Standardize method name casing
    • Fixes method names that do not follow standard naming conventions. For example, String getFoo_bar() would be adjusted to String getFooBar() and int DoSomething() would be adjusted to int doSomething().

org.openrewrite.recipe:rewrite-struts

  • org.openrewrite.java.struts.migrate6.MigrateStaticOgnlMethodAccess
    • Migrate static OGNL method access to action wrapper methods
    • Migrates OGNL expressions using static method access (e.g., @com.app.Util@makeCode()) to use action wrapper methods instead. Static method access is disabled by default in Struts 6 for security reasons.

org.openrewrite.recipe:rewrite-terraform

  • org.openrewrite.terraform.MoveProviderVersionToRequiredProviders
    • Move provider version to required_providers
    • In Terraform 0.13+, version constraints should be specified in the terraform \{ required_providers \{ ... \} \} block instead of the provider block. This recipe removes the version attribute from provider blocks and adds it to required_providers.

org.openrewrite.recipe:rewrite-testing-frameworks

  • org.openrewrite.java.testing.cleanup.TestsShouldNotBePublic
    • Remove public visibility of JUnit 5 tests
    • Remove public and optionally protected modifiers from methods with @Test, @ParameterizedTest, @RepeatedTest, @TestFactory, @BeforeEach, @AfterEach, @BeforeAll, or @AfterAll. They no longer have to be public visibility to be usable by JUnit 5.
  • org.openrewrite.java.testing.junit5.AddHamcrestJUnitDependency
    • Add Hamcrest JUnit dependency
    • Add Hamcrest JUnit dependency only if JUnit 4's assertThat or assumeThat is used.
  • org.openrewrite.java.testing.junit5.AddJupiterDependencies
    • Add JUnit Jupiter dependencies
    • Adds JUnit Jupiter dependencies to a Maven or Gradle project. JUnit Jupiter can be added either with the artifact junit-jupiter, or both of junit-jupiter-api and junit-jupiter-engine. This adds junit-jupiter dependency unless junit-jupiter-api or junit-jupiter-engine are already present.
  • org.openrewrite.java.testing.mockito.AnyToNullable
    • Replace Mockito 1.x anyString()/any() with nullable(Class)
    • Since Mockito 2.10 anyString() and any() no longer matches null values. Use nullable(Class) instead.
  • org.openrewrite.java.testing.mockito.ReplacePowerMockDependencies
    • Replace PowerMock dependencies with Mockito equivalents
    • Replaces PowerMock API dependencies with mockito-inline when mockStatic(), whenNew(), or @PrepareForTest usage is detected, or mockito-core otherwise. PowerMock features like static mocking, constructor mocking, and final class mocking require the inline mock maker which is bundled in mockito-inline for Mockito 3.x/4.x.
  • org.openrewrite.java.testing.mockito.VerifyZeroToNoMoreInteractions
    • Replace verifyZeroInteractions() with verifyNoMoreInteractions()
    • Replaces verifyZeroInteractions() with verifyNoMoreInteractions() in Mockito tests when migration when using a Mockito version < 3.x.

org.openrewrite:rewrite-core

  • org.openrewrite.AddToGitignore
    • Add entries to .gitignore
    • Adds entries to the project's .gitignore file. If no .gitignore file exists, one will be created. Existing entries that match will not be duplicated.
  • org.openrewrite.ExcludeFileFromGitignore
    • Remove ignoral of files or directories from .gitignore
    • This recipe will remove a file or directory from the .gitignore file. If the file or directory is already in the .gitignore file, it will be removed or negated. If the file or directory is not in the .gitignore file, no action will be taken.
  • org.openrewrite.FindCollidingSourceFiles
    • Find colliding source files
    • Finds source files which share a path with another source file. There should always be exactly one source file per path within a repository. This is a diagnostic for finding problems in OpenRewrite parsers/build plugins.
  • org.openrewrite.FindGitProvenance
    • Show Git source control metadata
    • List out the contents of each unique GitProvenance marker in the set of source files. When everything is working correctly, exactly one such marker should be printed as all source files are expected to come from the same repository / branch / commit hash.
  • org.openrewrite.FindLstProvenance
    • Find LST provenance
    • Produces a data table showing what versions of OpenRewrite/Moderne tooling was used to produce a given LST.
  • org.openrewrite.ListRuntimeClasspath
    • List runtime classpath
    • A diagnostic utility which emits the runtime classpath to a data table.
  • org.openrewrite.search.FindCommitters
    • Find committers on repositories
    • List the committers on a repository.
  • org.openrewrite.search.RepositoryContainsFile
    • Repository contains file
    • Intended to be used primarily as a precondition for other recipes, this recipe checks if a repository contains a specific file or files matching a pattern. If present all files in the repository are marked with a SearchResult marker. If you want to get only the matching file as a search result, use FindSourceFiles instead.
  • org.openrewrite.text.AppendToTextFile
    • Append to text file
    • Appends or replaces content of an existing plain text file, or creates a new one if it doesn't already exist. Please note that this recipes requires existing plain text files' format to be successfully parsable by OpenRewrite. If a file is left unchanged, it might be parsed as a Quark rather than plain text. In such case, use the plainTextMask option. See the Gradle or Maven plugin configuration page.
  • org.openrewrite.text.CreateTextFile
    • Create text file
    • Creates a new plain text file.

org.openrewrite:rewrite-gradle

  • org.openrewrite.gradle.AddDependency
    • Add Gradle dependency
    • Add a gradle dependency to a build.gradle file in the correct configuration based on where it is used.
  • org.openrewrite.gradle.AddPlatformDependency
    • Add Gradle platform dependency
    • Add a gradle platform dependency to a build.gradle file in the correct configuration based on where it is used.
  • org.openrewrite.gradle.AddProperty
    • Add Gradle property
    • Add a property to the gradle.properties file.
  • org.openrewrite.gradle.ChangeDependency
    • Change Gradle dependency
    • Change a Gradle dependency coordinates. The newGroupId or newArtifactId MUST be different from before.
  • org.openrewrite.gradle.MigrateDependenciesToVersionCatalog
    • Migrate Gradle project dependencies to version catalog
    • Migrates Gradle project dependencies to use the version catalog feature. Supports migrating dependency declarations of various forms: * String notation: &quot;group:artifact:version&quot; * Map notation: group: 'group', name: 'artifact', version: 'version' * Property references: &quot;group:artifact:$version&quot; or &quot;group:artifact:$\{version\}&quot; The recipe will: * Create a gradle/libs.versions.toml file with version declarations * Replace dependency declarations with catalog references (e.g., libs.springCore) * Migrate version properties from gradle.properties to the version catalog * Preserve project dependencies unchanged Note: If a version catalog already exists, the recipe will not modify it.
  • org.openrewrite.gradle.UpdateGradleWrapper
    • Update Gradle wrapper
    • Update the version of Gradle used in an existing Gradle wrapper. Queries downloads.gradle.org to determine the available releases, but prefers the artifact repository URL which already exists within the wrapper properties file. If your artifact repository does not contain the same Gradle distributions as downloads.gradle.org, then the recipe may suggest a version which is not available in your artifact repository.
  • org.openrewrite.gradle.UpgradeDependencyVersion
    • Upgrade Gradle dependency versions
    • Upgrade the version of a dependency in a build.gradle file. Supports updating dependency declarations of various forms: * String notation: &quot;group:artifact:version&quot; * Map notation: group: 'group', name: 'artifact', version: 'version' Can update version numbers which are defined earlier in the same file in variable declarations.
  • org.openrewrite.gradle.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Gradle dependencies
    • Upgrades the version of a transitive dependency in a Gradle build file. There are many ways to do this in Gradle, so the mechanism for upgrading a transitive dependency must be considered carefully depending on your style of dependency management.
  • org.openrewrite.gradle.plugins.UpgradePluginVersion
    • Update a Gradle plugin by id
    • Update a Gradle plugin by id to a later version defined by the plugins DSL. To upgrade a plugin dependency defined by buildscript.dependencies, use the UpgradeDependencyVersion recipe instead.
  • org.openrewrite.gradle.search.ModuleHasDependency
    • Module has dependency
    • Searches for Gradle Projects (modules) that have a dependency matching the specified id or implementing class. Places a SearchResult marker on all sources within a project with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file that use the dependency, use the FindDependency recipe instead.
  • org.openrewrite.gradle.search.ModuleHasPlugin
    • Module has plugin
    • Searches for Gradle Projects (modules) that have a plugin matching the specified id or implementing class. Places a SearchResult marker on all sources within a project with a matching plugin. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that apply the spring dependency management plugin, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindPlugins recipe instead.

org.openrewrite:rewrite-hcl

org.openrewrite:rewrite-java

  • org.openrewrite.java.CreateEmptyJavaClass
    • Create Java class
    • Create a new, empty Java class.
  • org.openrewrite.java.search.ClasspathTypeCounts
    • Study the size of the classpath by source set
    • Emit one data table row per source set in a project, with the number of types in the source set.
  • org.openrewrite.java.search.FindDistinctMethods
    • Find distinct methods in use
    • A sample of every distinct method in use in a repository. The code sample in the method calls data table will be a representative use of the method, though there may be many other such uses of the method.
  • org.openrewrite.java.search.FindTypeMappings
    • Find type mappings
    • Study the frequency of J types and their JavaType type attribution.
  • org.openrewrite.java.search.HasMinimumJavaVersion
    • Find the oldest Java version in use
    • The oldest Java version in use is the lowest Java version in use in any source set of any subproject of a repository. It is possible that, for example, the main source set of a project uses Java 8, but a test source set uses Java 17. In this case, the oldest Java version in use is Java 8.
  • org.openrewrite.java.search.ModuleContainsFile
    • Module contains file
    • Intended to be used primarily as a precondition for other recipes, this recipe checks if a module contains a specific file or files matching a pattern. Only files belonging to modules containing the specified file are marked with a SearchResult marker. This is more specific than RepositoryContainsFile which marks all files in the repository if any file matches.
  • org.openrewrite.java.search.ModuleUsesType
    • Module uses type
    • Intended to be used primarily as a precondition for other recipes, this recipe checks if a module uses a specified type. Only files belonging to modules that use the specified type are marked with a SearchResult marker. This is more specific than UsesType which only marks the files that directly use the type.

org.openrewrite:rewrite-json

org.openrewrite:rewrite-maven

  • org.openrewrite.maven.AddAnnotationProcessor
    • Add an annotation processor to maven-compiler-plugin
    • Add an annotation processor path to the maven-compiler-plugin configuration. For modules with an in-reactor parent, adds to the parent's build/pluginManagement/plugins section. For modules without a parent or with a parent outside the reactor, adds directly to build/plugins. Updates the annotation processor version if a newer version is specified.
  • org.openrewrite.maven.AddDependency
    • Add Maven dependency
    • Add a Maven dependency to a pom.xml file in the correct scope based on where it is used.
  • org.openrewrite.maven.AddDevelocityMavenExtension
    • Add the Develocity Maven extension
    • To integrate the Develocity Maven extension into Maven projects, ensure that the develocity-maven-extension is added to the .mvn/extensions.xml file if not already present. Additionally, configure the extension by adding the .mvn/develocity.xml configuration file.
  • org.openrewrite.maven.AddManagedDependency
    • Add managed Maven dependency
    • Add a managed Maven dependency to a pom.xml file.
  • org.openrewrite.maven.AddRuntimeConfig
    • Add a configuration option for the Maven runtime
    • Add a new configuration option for the Maven runtime if not already present.
  • org.openrewrite.maven.ChangeDependencyGroupIdAndArtifactId
    • Change Maven dependency
    • Change a Maven dependency coordinates. The newGroupId or newArtifactId MUST be different from before. Matching &lt;dependencyManagement&gt; coordinates are also updated if a newVersion or versionPattern is provided. Exclusions that reference the old dependency coordinates are preserved, and a sibling exclusion for the new coordinates is added alongside them.
  • org.openrewrite.maven.ChangeParentPom
    • Change Maven parent
    • Change the parent pom of a Maven pom.xml by matching the existing parent via groupId and artifactId, and updating it to a new groupId, artifactId, version, and optional relativePath. Also updates the project to retain dependency management and properties previously inherited from the old parent that are no longer provided by the new parent. Removes redundant dependency versions already managed by the new parent.
  • org.openrewrite.maven.IncrementProjectVersion
    • Increment Maven project version
    • Increase Maven project version by incrementing either the major, minor, or patch version as defined by semver. Other versioning schemes are not supported.
  • org.openrewrite.maven.ManageDependencies
    • Manage dependencies
    • Make existing dependencies managed by moving their version to be specified in the dependencyManagement section of the POM.
  • org.openrewrite.maven.RemoveUnusedProperties
    • Remove unused properties
    • Detect and remove Maven property declarations which do not have any usage within the project.
  • org.openrewrite.maven.UpdateMavenWrapper
    • Update Maven wrapper
    • Update the version of Maven used in an existing Maven wrapper.
  • org.openrewrite.maven.UpgradeDependencyVersion
    • Upgrade Maven dependency version
    • Upgrade the version of a dependency by specifying a group and (optionally) an artifact using Node Semver advanced range selectors, allowing more precise control over version updates to patch or minor releases.
  • org.openrewrite.maven.UpgradeParentVersion
    • Upgrade Maven parent project version
    • Set the parent pom version number according to a version selector or to a specific version number.
  • org.openrewrite.maven.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom file. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.maven.search.ModuleHasDependency
    • Module has dependency
    • Searches for Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.maven.search.ModuleHasPlugin
    • Module has plugin
    • Searches for Maven modules that have a plugin matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching plugin. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that apply the spring boot plugin, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindPlugins recipe instead.

org.openrewrite:rewrite-properties

org.openrewrite:rewrite-python

  • org.openrewrite.python.AddDependency
    • Add Python dependency
    • Add a dependency to the [project].dependencies array in pyproject.toml. When uv is available, the uv.lock file is regenerated.
  • org.openrewrite.python.ChangeDependency
    • Change Python dependency
    • Change a dependency to a different package in pyproject.toml. Searches all dependency arrays. When uv is available, the uv.lock file is regenerated.
  • org.openrewrite.python.RemoveDependency
    • Remove Python dependency
    • Remove a dependency from the [project].dependencies array in pyproject.toml. When uv is available, the uv.lock file is regenerated.
  • org.openrewrite.python.UpgradeDependencyVersion
    • Upgrade Python dependency version
    • Upgrade the version constraint for a dependency in [project].dependencies in pyproject.toml. When uv is available, the uv.lock file is regenerated.
  • org.openrewrite.python.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Python dependency version
    • Pin a transitive dependency version using the appropriate strategy for the detected package manager: uv uses [tool.uv].constraint-dependencies, PDM uses [tool.pdm.overrides], and other managers add a direct dependency.

org.openrewrite:rewrite-toml

org.openrewrite:rewrite-xml

org.openrewrite:rewrite-yaml

  • org.openrewrite.yaml.CopyValue
    • Copy YAML value
    • Copies a YAML value from one key to another. The existing key/value pair remains unaffected by this change. Attempts to merge the copied value into the new key if it already exists. By default, attempts to create the new key if it does not exist.
  • org.openrewrite.yaml.CreateYamlFile
    • Create YAML file
    • Create a new YAML file.