Code Migration with AI using Fortify was a project designed to demonstrate the power of automation and artificial intelligence to improve software development processes.
Code migration to new environments poses ongoing challenges for development teams, particularly when using security analysis tools like Fortify. My team and I recently migrated our projects to Fortify, a process that uncovered a number of critical issues and required considerable effort.
However, integrating StackSpot AI—a contextualized artificial intelligence tool—into our workflow enabled us to accelerate the migration and optimize our code to align with Fortify’s security and efficiency standards.
In this article, we share our journey, the challenges we faced, and how StackSpot AI transformed our migration process. It significantly improved our code’s efficiency and quality and ensured a 300% increase in delivery speed during the migration process.
Migration challenge
In our last release, we migrated 18 projects —spanning front-end and back-end development projects—from the client’s structure to Fortify.
The Fortify tool analyzes code for efficiency, quality, and security. It blocks the project’s build if critical notes are detected in the code. it. To ensure a successful migration, we had to adapt our code to comply with Fortify’s rules.
Throughout this process, we encountered several critical issues that required considerable attention and effort. The complexity was such that it took us three full sprints (six weeks) to migrate just six projects, highlighting the number of issues that required resolution.
We needed a faster and more efficient way to correct the code and complete the migration.
The turning point with StackSpot AI
Our workflow was transformed when we integrated StackSpot AI, a contextualized AI tool that leverages context, knowledge bases, and technological decisions to deliver precise, high-quality suggestions.
This tool accelerated the migration process and significantly enhanced our team’s efficiency.
We used StackSpot AI to correct the notes flagged by Fortify, making improvements and code adjustments. For each generated class ticket, we asked StackSpot AI to refine the code based on Fortify’s feedback, allowing us to resolve adjustments quickly.
Find out how StackSpot AI can transform your workflow.
Example code before and after optimization
Prior to optimization with StackSpot AI, our code contained several inefficiencies and violations of Fortify’s guidelines. For example:
1public class Example {
2 private String data;
3
4 public Example(String data) {
5 this.data = data;
6 }
7
8 public void processData() {
9 if (data != null && !data.isEmpty()) {
10 System.out.println("Processing: " + data);
11 } else {
12 System.out.println("No data to process");
13 }
14 }
15}
Following optimization with StackSpot AI, the code was improved to comply with Fortify’s guidelines. Key improvements included ensuring the immutability of the date field, eliminating redundant null checks, and implementing safe initialization of the date field. These enhancements resulted in code that is safer, more efficient, and easier to maintain.
1public class Example {
2 private final String data;
3
4 public Example(String data) {
5 this.data = data != null ? data : "";
6 }
7
8 public void processData() {
9 if (!data.isEmpty()) {
10 System.out.println("Processing: " + data);
11 } else {
12 System.out.println("No data to process");
13 }
14 }
15}
Example of prompts for code rewriting
So, how did we let StackSpot know what to execute? With Prompt Engineering! Here are some examples.
Prompt 1: Null and Efficiency Check
The following is an example of code before optimization by StackSpot AI.
1public class Example {
2 private String data;
3
4 public Example(String data) {
5 this.data = data;
6 }
7
8 public void processData() {
9 if (data != null && !data.isEmpty()) {
10 System.out.println("Processing: " + data);
11 } else {
12 System.out.println("No data to process");
13 }
14 }
15}
Fortify detected several security weaknesses after running this code. We chose not to create a Quick Command to address these issues, as they were straightforward and highly specific. As a first step, we created a Knowledge Source containing essential Fortify documentation. Next, we plan to enhance the structure by adding more code snippets, utilizing the following prompt in StackSpot AI:
"Improve the following code to eliminate redundant null checks and ensure compliance with Fortify guidelines:"
StackSpot AI suggested this optimized code:
1 public class Example {
2 private final String data;
3
4 public Example(String data) {
5 this.data = data != null ? data : "";
6 }
7
8 public void processData() {
9 if (!data.isEmpty()) {
10 System.out.println("Processing: " + data);
11 } else {
12 System.out.println("No data to process");
13 }
14 }
15 }
Prompt 2: Immutability and Security
A second example prompt, addressing Fortify’s notes on code immutability and secure variable initialization, is shown below:
Before Optimization:
1 public class Example {
2 private String data;
3
4 public Example(String data) {
5 this.data = data;
6 }
7
8 public void processData() {
9 if (data != null && !data.isEmpty()) {
10 System.out.println("Processing: " + data);
11 } else {
12 System.out.println("No data to process");
13 }
14 }
15}
Prompt Used:
"Rewrite the code below to ensure that the 'date' field is immutable and that the code complies with Fortify's security guidelines:"
After Optimization:
1 public class Example {
2 private final String data;
3
4 public Example(String data) {
5 this.data = data != null ? data : "";
6 }
7
8 public void processData() {
9 if (!data.isEmpty()) {
10 System.out.println("Processing: " + data);
11 } else {
12 System.out.println("No data to process");
13 }
14 }
15 }
Impressive results
Thanks to StackSpot AI, what once felt like an endless task was completed in under two sprints. We were able to finalize and deploy the projects with remarkable speed, surpassing expectations and establishing a new benchmark for efficiency in our operations.
Before adopting AI, it took us three sprints (six weeks) to resolve all notes for just six projects—remember that? After adopting StackSpot AI, we completed an additional 12 projects in just two sprints (four weeks), achieving a 300% increase in delivery speed.
Furthermore, StackSpot AI helped us optimize the source code, ensuring compliance with Fortify’s guidelines while making it cleaner and more efficient.
Benefits of code optimization
As mentioned earlier, adopting StackSpot AI allowed us to complete the migration and achieve more optimized code. Outlined below are key benefits of the code:
- Compliance with guidelines: The code was adjusted to align with Fortify’s rules, preventing build deadlocks.
- Efficiency: The code has become more efficient, with fewer redundancies and improved resource utilization.
- Maintainability: The optimized code is easier to maintain and evolve, minimizing the time and effort needed for future modifications.
- Meeting deadlines: Speed improvements allowed us to deliver the entire migration on time, without disrupting the team on other deliverables.
Conclusion
This success story demonstrates the power of automation and artificial intelligence in improving software development processes. By using StackSpot AI, we turned an obstacle into an opportunity for growth and learning, establishing new benchmarks for excellence in future migrations.
If you face similar challenges in your projects, consider integrating automation and artificial intelligence tools like StackSpot AI.
We encourage you to share our article on code migration with AI using Fortify. Please share your experiences and thoughts in the comments below or on social media.