Java Continuous Software Intelligence at Scale

Overview

The complexity of enterprise-level Java applications requires additional tools and platforms to manage code complexity. These tools have come in two flavors: top-down and bottom-up software intelligence. While both methods have demonstrable utility, they both lack a full-spectrum visibility of the codebase and its interconnections at the level of APIs, endpoints, database schemas, JDBC connections and so forth. 
 
The CodeLogic Continuous Software Intelligence (CSI) platform was purpose-built to address these issues. CodeLogic provides inter-application relationship transparency through binary Jar/War file scans, runtime environment scans in test environments, and database schema scans for stored procedures. This produces the most comprehensive, queryable graph database of entire application ecosystems while directly providing code-level impact analysis for developers at the code level. 

Java: the bedrock of modern business

Java deployments at enterprise level often comprise the bedrock of a business. Core business rules and logic are ubiquitously captured in firewalled Java applications due to a host of factors:

  1. Longevity, depth, and stability of the Java language
  2. Broad development library options
  3. Application frameworks with sensible defaults, like Spring, Grails, Vaadin, Struts, Spark, and others
  4. Efficient, fault-tolerant database integrations via JDBC
  5. Robust and performant data streaming/messaging frameworks such as Apache Kafka, Rabbit MQ, Java Messaging Service and Jakarta
  6. High degree of interoperability with external systems
  7. Availability of developers 

Operating with Java at scale has its challenges: sound familiar?

As the business grows, the number of professionals needed to update, maintain and scale business rules also grows. Many businesses layer newer business rules on top of older ones:

  • For older business rules, the original developers, documentation and knowledge may be lost or no longer available.
  • Inter-application or inter-modular relationships are often missed in Java IDES, despite showing relationships between classes and functions.
  • Closed-source commercial frameworks, such as offerings from Solarwinds, can rely on external dependencies that lack code-level transparency. Multi-application environments, often using several Java frameworks in concert, each require specialized expertise.
  • Complex systems application ecosystems make predicting the impact of code changes difficult.

In short, it is extremely complicated to see all interconnections and all endpoints across all Java applications, classes, and methods within a single business. It’s even more difficult to know with certainty what code changes may produce regressions.

How does Software Intelligence fit into Java development?

Software Intelligence tools evolved as solutions for the problems above. These tools tend to access your application environment through either a top-down or bottom-up approach.

Top-down software intelligence tools

Top-down planning and monitoring tools provide data and guidance for your entire application environment. Some of the questions these top-down tools answer are:

  1. How do all the applications fit together?
  2. Which parts of the digital infrastructure are ripe for transformation to microservices?
  3. Which applications are the performance bottlenecks?

Application monitoring tools (APMs) also provide top-down perspectives of how data is moving through all your databases and Java applications.

Because of their high-level view, top-down software intelligence tools are fantastic for architects and SREs alike: they help understand how the whole picture fits together and represent where the potential fault points are in your Java applications and information workflows.

For example, you may have a distributed Grails application running on the Spring Boot framework utilizing FusionAuth authentication, all drawing from multiple SQL databases via JDBC connections. The top-down approach shows what connections are made between each framework, database, or sub-application.

Java Software Intelligence

A simplified diagram of the Java application development process
Figure 1 caption: A simplified view of the Java application development process, including Planning, Coding, Building, Deploying and Monitoring an application. Shown in green are categories of software intelligence tools that assist at several stages. Shown in grey are specific software or frameworks used at specific stages.

Bottom-up software intelligence tools

Many software intelligence tools gather data at the code or repository level, often integrating directly with IDEs or GitHub. Source-code scans are adept at gathering highly localized, code and project-specific details. These rudimentary scans can also be triggered through your build or deployment phases through Maven, Gradle and Ant plugins or activated as part of your CI/CD pipeline through Jenkins, Travis CI, Terraform and others. The assembled relationship data, however, is limited to the domain of the project itself, yet provides additional features like code-linting, code quality analysis and code-styling.

In both cases, the focus is on one level of visibility: ground-level source code or 30,000-foot architectural overview. What’s obscure in both cases are the relationships between the code and a multi-application ecosystem.

Next-generation Java Continuous Software Intelligence

A new breed of software combines sophisticated analysis of each application in the ecosystem, their relationships, endpoints, and methods by de-compiling binary and runtime data. Scanning Java, Kotlin or Scala JAR and WAR files and runtime scans enable detection of endpoints, methods, classes, and relationships even when proprietary third-party libraries are included. Scanning this way also permits assessment of compiler-generated or dependency-injected code not available purely through IDE plugins. This forms a cohesive perspective on the entire environment, from high-level architecture down to the code committed in IDEs like IntelliJ IDEA, Visual Studio and VS Code.

Real-time scanning

  1. Continuous real-time scans of Java applications, databases, and relationships
  2. Continuous drill-down capability and deep detailed insight.
    1. Need the sub-orbital perspective of the application ecosystem? Check.
    2. Need to deep-dive into a particular method’s relationships? Check.

Java Continuous Software Intelligence

Figure 2 caption: Building off of the process presented in Figure 1, the CodeLogic labels show where the CodeLogic Continuous Software Intelligence Platform gathers data and provides insights.

The CodeLogic Continuous Software Intelligence Platform enables both top-down and bottom-up approaches to software system analysis and provides a continuous spectrum of relationship data everywhere in between. Finally, a solution exists showing inter-application relationships, across projects, databases and microservices.

Explore the CodeLogic Sandbox
Scroll to Top