How to do a legacy software migration : a successful checklist

Legacy Software migration

Here is a small checklist about how to migrate a legacy migration and to ensure its success.

This article is part of my work to explain my knowledge about Software migration in the company Byoskill.

First measure your project according the changes involved by the migration :

  • The organizational changes
  • The process changes
  • The technological changes

The organization

You will have to think about each person involved in the Software that is going to be migrated. Which skills are required to develop, test, maintain, support the Software. How will you manage the brutal disrupt in their daily work and motivate them to embrace the change ?

I recommend you to have a clear picture of the team and not underestimate the needs of training, evangelize, and change management.

Changing technologies or framework, even without any feature changes may impact severely your end-users, the support and maintenance teams and the integration engineers.

The processes

An automated migration differs from a classical IT Software project by adding a certain disruption in terms of time and practices. Since the migration has to be hastened (thanks to the usage of specialized tools), the success of the project requires a high level of software development practices. Usually, the legacy software are still hitting the wall in terms of agility, silo breakup, continuous integration, test automation practices.

The legacy project migration requires to have a clear state (and view) of the following processes :

  • SDLC : Software development lifecycle.
    • What is the current process ?
    • Is their any traps or caveheats to be aware of ?
    • How much time does it take to push a new feature from the specification to the production ?
  • Test automation : You will have to answer many questions who are associated to well identified risks.
    • How the application is tested ?
    • At which levels ?
    • Are the tests automated ?
    • What is the coverage (estimated and measure) ?
    • What are the requirements to set up a new test environment ?
    • How much does it cost ?
    • Is test data available ?
    • How accurate is the test data ?
    • Which tools are required to execute the tests ? The licences
    • What would it take to obtain a sufficient coverage for the migration project ?
  • Continuous Integration : 
    • How the software is built ?
    • How much time does it take to produce a new release ?
    • What are the steps ?
    • Which parts are tricky or manual ?
    • What are the components to be built ?
    • How many individual parts composes the software ?
    • Which tools are used ?
    • What would it take to obtain a complete CI/CD  for the migration project ?
  • DevOps : 
    • Logging and Monitoring support :
      • Will the tools still compatible are the migration ?
    • Automatic deployment
      • What are the changes required to maintain (or obtain) an automatic deployment of the solution
    • Error and Exception handling
      • Detect and document any regressions in the current way to catch and handle the errors during the run
    • Performance testing
      • Does the software have any automated performance tests ?
      • Will they still be compatible ?
  • Release Management :
    • How many active versions for this Software ?
    • What is the branch release model ?
    • Versions to maintain and port
    • Frequency of releases and year schedule / roadmap

The technologies

A good legacy migration project is preparing a clear state of the perimeter to be migrated and the targeted solution.

It comes in a phase of three steps.

  • The actual picture
  • The definition of the target
  • The migration in itself

Drawing the current picture

The initial software assessment does really mater. Indeed an solution architect will detect any caveats and flaws in the current architecture that may critically slowdown the migration project.

Such assessment usually requires :

  • a technology survey : which technologies are used in the software, licenses issues, exact version and possibility of upgrade
  • an architecture assessment : will be controlled in priority the physical organization of the project (folders, files), the logical structure (components, package, functional and technical layers) and the dependency matrix (cycles, code weaving, code smells)
  • an automated test assessment : code coverage, tests documentation, test robustness/fragility, main complex components and their level of testing.
  • a code quality assesment : a quick review to identify in priority the main risks (reliability, security, maintainability)

The definition phase

This phase has four objectives :

  • Get a understanding of the cost and time of the migration project
  • Evaluate with the customer, the ROI of the operation
  • Eliminate the main technical  / functional risks of the migration
  • Communicate to the customer, the organization and process changes to be operated.

To achieve that, a main document (or specification) has to be produced, the migration guide.

This migration guide will expose the targeted solution, the way to achieve it, the necessary steps, a risk analysis and RACI, the cost and estimation of each tasks.

This definition phase may be accompanied by a Proof Of Concept(POC), a short term development performed on the current solution to assess the feasibility of the targeted solution and to allow any necessary test to be executed. It will be critical to pay attention to any functional regressions and performance regressions in this POC.

The migration

The migration is not a Big Rewrite. 

It’s an incremental, well-defined process where the automation is removing the main source of failure of migration projects : the time of execution.

Indeed longer the migration process is taking, more dangerous will become the project, debated and finally rejected.

A good migration project usually has the following qualities :

  • Incremental : in some way it’s possible to have the two technological environments living as room mates in the Software
  • Fast : The amount of rewriting, manual fixes and iterations to obtain the targeted solution have to be small.
  • Cost effective : The volume of manual operation cost should be significantly be smaller thanks to the automation
  • Critical : No legacy migration finds its justification without a real concern (Security, Investment, Scale up operation, Business loss or expectations)

How to make a software developer happy ?

Leave your comfort zone

To be or not to be (happy), that’s the question. In this article, I expose some thoughts about what could make a software developer happy in his work. I wrote this article with several targeted audience in mind : Junior developers, Senior Techleads and H&R resources.

Continue Reading


Test and Data Generation for Java Unit tests

Today I was preparing a presentation about Software Code quality for a TechTalk on Thursday. I made a search on Internet about Automatic Unit test generator and Data Generators. I will present some tools I have tried. Today, we will speak of Randoop.

Randoom Test Generator

Randoom Test Generator

The first tool name is Randoop.. This tool is existing since 2007 and its purpose is to generate automatically unit tests 🙂 Directly from your class definition!

To use it you have two choices:

  • You can use your software JAR or classpath directory.
  • You can include it in your test compile path (on gradle or maven) and creates a main or unit test.

To explain short the theory, thanks to the Java reflection it’s quite easy to produce automatic tests validating some contracts of your API.

Some examples: – toString() should never returns null or throws an Exception – equals() and compareTo() methods have a long list of constraints – Reflexivity: o.equals(o) == true – Symmetry: o1.equals(o2) == o2.equals(o1) – Transitivity: o1.equals(o2) && o2.equals(o3) ⇒ o1.equals(o3) – Equals to null: o.equals(null) == false – It does not throw an exception

Therefore this tool is generating unit tests with JUnit(TestSuite) for the list of classes you provide.

I have done some tests and you can reach 50-60% of coverage quite easily.

The main drawbacks of the solution are: – The unit tests are drawing a snapshot (precise picture) of your code and its behaviour however some tests are really non-sense and you don’t want to edit them. – They don’t replace handwritten tests since the tool is not understand the different between a String parameter emailand fullName. He will mostly use dumb strings.

About the technology, it’s not production ready: – I had troubles with the jar and its dependency plume. – The JAR is a fatjar and coming with dependencies that broke my software.

In conclusion, I will fork the software and try to fix the problems to make it more popular 🙂


SonarQube and ReactJS

This article is showing you how to use SonarQube with ReactJS and its JSX files. I will use both SonarQube JavaScript plugin and the additional plugin Sonar EsLint plugin.

<%- toc(str, [options]) %>

For the people who has missed my previous article, I have created a new SonarQube plugin to extends the Javascript analysis.

Installation and Configuration

The first step is to download the plugin directly from Github here.

Download the plugin

Download the plugin

Find the latest release.

Find the latest release

Find the latest release

Copy it in your Sonar extension folder.

Copy the plugin

Copy the plugin

Restart the server

Restart the server by calling the commands (here on linux)

sonarqube-6.0 ./bin/linux-x86-64/sonar.sh stop
  Stopping SonarQube...
  Waiting for SonarQube to exit...
  Stopped SonarQube.
  ➜  sonarqube-6.0 ./bin/linux-x86-64/sonar.sh start

 Enabling custom rules in SonarQube

Don’t forget to modify your SonarQube profile to enable the new ESLint rules :

Add the ESLint rules to your SonarQube profile

Add the ESLint rules to your SonarQube profile

Enable the ESLint rules to your SonarQube profile

Enable the ESLint rules to your SonarQube profile

Preparing your project

 Handling SonarQube Scanner

Most projects requires the SonarQube scanner (Wiki Link to analysis Javascript. Download it somewhere on your disk and unzip it.

Creates a file sonar-project.properties̀ into your project.

Copy-paste this content and modify it :

sonar.projectName=ReactJS demo

Don’t forget the line sonar.javascript.file.suffixes=.js,.jsx, it’s the hack to make SonarQube working on JSX files!

OK! SonarQube Scanner is configured!

Preparing ESLint

We want to perform the SonarQube analysis with the additional results of ESLint. Eslint is a popular linter that provides recent rules for many javascript frameworks – ReactJS included.

ESLint is thereby often upgraded and contains through its extension system, rules and frameworks that you won’t find in the regular SonarQube installation.

If you haven’t created yet an ESLint configuration file, here is the commands :

ESLint Configuration

ESLint Configuration

You can try the configuration by launching ESLint ony your project. It may warn you that some extensions are missing. Install them with NPM or Yarn.

Missing NPM Module

Missing NPM Module

Usually, the ReactJS extension is missing of your project. You can add them like developer extensions (--save-dev) or globally (-g).

Install missing ESLINT ReactJS extension

Install missing ESLINT ReactJS extension

With the right configuration and ESLint installation, the scan of a JSX File should work :

Scanning JSX File

Scanning JSX File

OK! ESLint is configured!

 Launching SonarQube Scanner

Launchs the SonarQube scanner with the command :


And the analysis is running …

react-jsx git:(master) ✗ ~/tools/sscanner/bin/sonar-scanner
INFO: Scanner configuration file: /home/sleroy/tools/sscanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/sleroy/git/react-jsx/sonar-project.properties
INFO: SonarQube Scanner
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Linux 4.10.0-21-generic amd64
INFO: User cache: /home/sleroy/.sonar/cache
INFO: Load global repositories
INFO: Load global repositories (done) | time=211ms
INFO: User cache: /home/sleroy/.sonar/cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=14ms
INFO: SonarQube server 6.0
INFO: Default locale: "fr_FR", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=214ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=94ms
INFO: Load active rules
INFO: Load active rules (done) | time=897ms
INFO: Publish mode
INFO: -------------  Scan ReactJS demo
INFO: Load server rules
INFO: Load server rules (done) | time=482ms
INFO: Base dir: /home/sleroy/git/react-jsx
INFO: Working dir: /home/sleroy/git/react-jsx/.scannerwork
INFO: Source paths: src
INFO: Source encoding: UTF-8, default locale: fr_FR
INFO: Index files
INFO: 9 files indexed
INFO: Quality profile for js: Sonar way
INFO: Sensor Lines Sensor
INFO: Sensor Lines Sensor (done) | time=41ms
INFO: Sensor SCM Sensor
INFO: SCM provider for this project is: git
INFO: 9 files to be analyzed
INFO: 0/9 files analyzed
WARN: Missing blame information for the following files:
WARN:   * /home/sleroy/git/react-jsx/src/example/hello.jsx
WARN:   * /home/sleroy/git/react-jsx/src/example/index.jsx
WARN:   * /home/sleroy/git/react-jsx/src/fixtures/this.jsx
WARN:   * /home/sleroy/git/react-jsx/src/example/index.js
WARN:   * /home/sleroy/git/react-jsx/src/example/imager.jsx
WARN:   * /home/sleroy/git/react-jsx/src/fixtures/component.jsx
WARN:   * /home/sleroy/git/react-jsx/src/fixtures/advanced.jsx
WARN:   * /home/sleroy/git/react-jsx/src/fixtures/react.jsx
WARN:   * /home/sleroy/git/react-jsx/src/fixtures/hello.jsx
WARN: This may lead to missing/broken features in SonarQube
INFO: Sensor SCM Sensor (done) | time=504ms
INFO: Sensor XmlFileSensor
INFO: Sensor XmlFileSensor (done) | time=1ms
INFO: Sensor JavaScript Squid Sensor
INFO: 9 source files to be analyzed
INFO: 9/9 source files have been analyzed
INFO: Unit Test Coverage Sensor is started
INFO: Integration Test Coverage Sensor is started
INFO: Overall Coverage Sensor is started
INFO: Sensor JavaScript Squid Sensor (done) | time=893ms
INFO: Sensor Linting sensor for Javascript files
INFO: Sensor Linting sensor for Javascript files (done) | time=1438ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=38ms
INFO: Sensor Code Colorizer Sensor
INFO: Sensor Code Colorizer Sensor (done) | time=2ms
INFO: Sensor CPD Block Indexer
INFO: DefaultCpdBlockIndexer is used for js
INFO: Sensor CPD Block Indexer (done) | time=1ms
INFO: Calculating CPD for 2 files
INFO: CPD calculation finished
INFO: Analysis report generated in 170ms, dir size=24 KB
INFO: Analysis reports compressed in 254ms, zip size=18 KB
INFO: Analysis report uploaded in 39ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/sleroy:reactjs-demo
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AVwHr7JyDHBkCqlFC7Sx
INFO: Task total time: 8.046 s
INFO: ------------------------------------------------------------------------
INFO: ------------------------------------------------------------------------
INFO: Total time: 10.141s
INFO: Final Memory: 48M/301M
INFO: ------------------------------------------------------------------------

Controlling the results

Go to your Sonar interface, and jump directly to the dashboard.

Our project has been analyzed.

SonarQube analysis

SonarQube analysis

We observe that the violation’s number is increasing with the new rules.

SonarQube analysis details

SonarQube analysis details

Hourra, our JSX files are analyzed !

JSX Analysis

JSX Analysis

In this article, we have installed, configured a new plugin to perform better Javascript analysis into SonarQube, working with ReactJS and JSX files.


Sonar ESLint plugin : release 0.2.0

This short article to announce a new release of the plugin SonarQube ESLint.

This plugin can be used to integrate the results from ESLint inside SonarQube. It’s a wrapper over ESLint to trigger an analysis , fetch the results and store them into SonarQube.

The changes are :

  • Upgrade to the SonarQube API 6.5 (this version is not compatible with the versions below). Several refactorings had to be performed since the API changed a lot (SonarQube Settings/Configuration especially).
  • I also have upgraded the test harness for SSLR to 0.22.0

The documentation to use the plugin is there.

The release files are here.


  • Don’t forget to give a star for the project from which I have forked this version : SonarTSLint.
  • Small community : this project has a smal community, I am looking for feedback.

My weekly DZone”s digest #1

This is my first post that offers a digest from a selection of DZone’s articles. I will pick DZone’s article based on my interests.

This week the subjects are : BDD Testing, Bad code, Database Connection Pooling, Kotlin, Enterprise Architecture

A few benefits you get by doing BDD

A few benefits you get by doing BDD : This article is an introduction to the Behaviour Driven Development practice. It’s interesting because we are regularly meeting teams, developers, architectures (pick your favorite one) that are confusing technical details and functionalities. As a result, the design, the tests and the architecture hides the user behaviour (the use cases ?) under a pile of technical stones. This article is a nice introduction. I recommend to go further these articles : * Your boss won’t appreciate tdd, try BDD * BDD Programming Frameworks * Java Framework JBehave.

Gumption Traps: Bad Code

Bad code, how my code...

Bad code, how my code…

Gumption Traps: Bad Code : an article about the bad code and how to deal with it.

{% blockquote Grzegorz Ziemoński%} The first step to avoid the bad code trap is to stop producing such code yourself. When faced with existing bad code,one must work smart to maintain motivation. {% endblockquote %}

This is a good introduction sentence. This week, I had a meeting with a skilled and amazing team. The meeting’s goal was to find a way to find the technical debt. The very technical debt that is ruining the application and undermining the team’s motivation. What I found interesting and refreshing in this article, is the pragmatic tone and the advice.

{% blockquote Grzegorz Ziemoński%} To avoid bad code, try to minimize the amount of newly produced bad code. {% endblockquote %}

How to avoid the depress linked to the bad code ? First of all, I want to say that developers are not receiving enough training on how to improve the code. Usually university / college courses are dedicated about How to use a framework. Therefore, few of them are able to qualify what is a bad code, what are its characteristics and de facto the ways to improve it. To avoid bad code, I try to demonstrate the personal benefits for the developers to improve their skills. Quality is not only a question of money (how much the customer is paying) but rather how much your company is paying attention to your training and personal development.

A lot of developers are overwhelmed under the technical debts without the appropriate tools (mind, technics, theory) to handle it. I try to give them gumptions about the benefits to be a better developer and how to handle the weakness of a sick application. To save a software rather than practicing euthanasia 🙂

Database Connection Pooling in Java With HikariCP

When we are discussing about Database connection pooling, most of my colleagues are relying on the good old Tomcat dbcp. However there is a niche, really funny and interesting, the guys that a competing for the best DBCP. And HikariCP is clearly a step ahead of everyone.

The article Database Connection Pooling in Java With HikariCP is presenting how to use a custom DBCP in your software.

Hikari Performance

Hikari Performance

I think it would have been great to present the differences with the standard DBCP and further debate on the advantages/disadvantages of the solutions. A good idea for a newt article 🙂

Concurrency: Java Futures and Kotlin Coroutines

Java Futures and Kotlin Coroutines An interesting article about how Java Futures and Kotlin co-routines can coexists. Honestly I am a little bit disappointed and thought that Kotlin would make things easier like in Node.JS

Are Code Rules Meant to Be Broken?

Another article about Code Quality and we could be dubious whether exists an answer to that question : Are Code Rules Meant to Be Broken.

I won’t enter too much in the details, the author’s point of view seems to be Code Rules are good if they are respected. If they are broken, it implies that the Code rules need to evolve 🙂 What do you think about it ?

Java vs. Kotlin: First Impressions Using Kotlin for a Commercial Android Project

This article is interesting since it presents a feedback session on using Kotlin in a Android project.

The following big PLUS to use Kotlin are :

  • Null safety through nullable and non-nullable types, safe calls, and safe casts.
  • Extension functions.
  • Higher-order functions / lambda expressions.
  • Data classes.
  • Immutability.
  • Coroutines (added on Kotlin 1.1).
  • Type aliases (added on Kotlin 1.1).

  Quality Code Is Loosely Coupled

Quality Code Is Loosely Coupled

This article is explaining one of the most dangerous side of coding : Coupling. Must to read article despite the lack of schemas.

Five Habits That Help Code Quality

This article is a great introduction on code assessment. These five habits are indeed things to track in your software code as a sign of decay and code sickness.

The habits are : – Write (Useful) Unit Tests – Keep Coupling to a Minimum – Be Mindful of the Principle of Least Astonishment – Minimize Cyclomatic Complexity – Get Names Right

10 Good Excuses for Not Reusing Enterprise Code

This article is really useful in the context of Digital Transformation to assess which softwares you should keep and throw.

Example of excuses : – I didn’t know that code existed. – I don’t know what that code does. – I don’t know how to use that code. – That code is not packaged in a reusable manner.

Test proven design

An interesting article and example on how to improve your own code using different skills. I really recommend to read this article and the next future ones : Test proven design.


Disruption in Software Quality Assessment ?

As many other markets, the SQA/ALM Market soon will meet #disruption. Domains like machine learning, deep learning and cloud computing will force it to evolve in the next few years. This article is presenting some predictions about the future of the quality tools.

Disruption in Software Quality Assessment

Disclaimer I am not a native english speaker and I am perfecting my english skills by writing these articles. If this topic interests you, please comment below or share the article to your friends. And every syntax, grammar mistakes will be fixed under your wise comments.

A new generation of Software quality tools is going to emerge. Machine Learning, Deep Learning, DevOps, Continuous Delivery, Continuous Integration, Cloud Computing, all these movements are influencing the SQA/ALM Software Editors. It has never before been so easy and cheap to produce a new static analysis tool to measure some aspects of a software. The Opensource movement and the market evolution are the direct contributors to this state. Made famous under the name of “linters”, well-known and unknown developers are creating the tools required to their activities. And the Software editors are faced to the dilemma : “Should I continue to build my own tools ? What should be my behaviour confronted with this plethoria of scanners ?”.

Until recently, Software developers were depending of the highly-specialized skills from the Quality Software Editors to detect, analyze and fix the bugs inside their softwares. And it is a big source of frustration. From both sides. Developers are usually complaining that the rules do not reflect their real needs or the complexity of their softwares. “Quality tools do not detect real problems or too late or under a trillion of false positives”. Software Editors are providing to the hungry population rule sets, standards to satisfy the crowd. A crowd much much bigger than their own forces.

I am predicting that the disruption may be coming from these directions :

  • From the open-source : soon or later, the basic needs of developers will be fulfilled by the open-source offer. Tools like PMD, Findbugs, and so on have inspired a whole generation of developers. The young developers through the Angular 2, ReactJS, Go are already educated to the benefits of Quality tools. And they are heavily relying on linters well-integrated in their CI or in their IDE (Atom, Code). Twitter, Facebook are continuously producing and releasing in opensource new tools to help the developer community. The recent examples of Flow or PrePack are helping a lot developers to increase the quality of their products.
  • From the digital technologies. The increasing level of maturity of the machine learning and deep-learning technologies should bring us shortly new kind of tools to predict bugs, predict code defects and usual developer decisions. I believe that the scientific researches from Microsoft and Google will contribute indirectly to the Software Quality tool market. This topic is unsurprisingly very discussed (here).
  • From the software development process transformation : Movements like Agile, DevOps, Continuous Integration and Deployment, ChatBots are deeply changing the way developers are collaborating. Several aspects are changing : communication (Slack, Hipchat), software building (Jenkins, Travis CI, Microsoft TSF & Azure), software deployment (containers, PAAS, Amazon AWS)… The way a product is conceived, built and deployed requires to track and measure several quality aspects. The integration effort to produce these metrics and KPI’s is tremendous and have to be adapted to each organization. Would the developers be enough satisfied with code quality or will they require higher levels metrics extracted from their development process.


Who will be the future leaders in the ALM market ? Who will be the fastest to adapt to the current technology and data disruption ? Do you have some tools that could match these descriptions ?

If that article has been useful or interesting, stay connected, I will produce new articles on that subject.

One of my future article will present Codacy, an emerging code quality platform. This platform offer to ease the quality control as soon as possible in your development process to detect the bugs early and surely. I will compare this solution with the famous market leader SonarQube.


Codacy : an easy-to use code quality review solution

Some time ago, I organized a talk on “Code Quality and why developers should care about” for my company. In that presentation, I demonstrate some tools, unfamiliar for the audience : young developers and battle-hardened IT developers. One among these tools has brought to me a lot of questions : Codacy. I will present its features and perform a comparison between Codacy and SonarQube from SonarSource.

Continue Reading


Codacy : a great example of technological blog post


Some months ago, I wrote an article for a new static analysis tool and a great team, Codacy.

The original blog post is there on Dzone and on my Blog.

Continue Reading