The Codex works with static code analyzers (SCA). Currently, the Codex is integrated with the Java Deprecated Scanner (jdeprscan) and also SonarQube from SonarSource. Codex is NOT a scanner, although it uses the output from several. Many SCAs are tools developers and engineers use while programming and, for instance, highlight code that need to be fixed, or maybe filling out what code being typed needs to look like. An example of that may be by showing a developer that is writing out a deprecated API what the new API is. What does the Codex do?
The Codex is a tool for developers and managers. The Codex actually does the work on the old code. It looks at the SCA results and if there are solutions available it applies them. The Codex is a tool that is useful for:
- Migrating to current JDKs, ie from Java 8 to Java 11
- Fixing bugs and code smells identified by SCAs
- Fixing known security issues, like SSRF (Server-Side Request Forgery), aka XXE attacks
Is the Codex an instant fix? No. It is a Continuous Development process. The Honor Systems’ team works diligently to analyze the more popular APIs, and other issues encountered to create the solution templates that the Codex utilizes.