Implementing large-scale code changes with Moderne

Lots of change at once is never easy for us humans—or for systems that weren’t built to handle it. And when change spans thousands of repositories and services, it’s no wonder that people get nervous.

We once worked with a large banking customer whose junior developer—let’s call him Lou—was overly excited to use Moderne to fix a widespread issue in their codebase. Lou ran a recipe that made deterministic, rule-based changes across hundreds of repositories and committed the changes! 

When the VP of Engineering saw a wave of commits from someone named “Lou,” they came down to the team asking: “Who is Lou, and why did he change everything?” It turns out that the changes were sound, the builds passed, and nothing broke. But this moment underscores an important truth: large-scale change makes people uneasy, even when the automation is trustworthy.

Today’s codebases are sprawling, interconnected, and constantly evolving. Developers can now generate new code at unprecedented speed, but with that velocity comes a greater burden: keeping that code secure, modernized, and aligned. Visibility into problems isn’t the issue anymore—most teams are flooded with alerts. The real challenge is making coordinated, trustworthy updates across all the places that need it.

Moderne offers a…well…modern way of working with large, complex codebases. Here’s how Moderne makes mass-scale code remediation safe, trusted, and scalable.

Why traditional development workflows don’t scale

Software development lifecycles were designed for single-repo, developer-led change. Code reviews, CI pipelines, and even organizational policies follow a one-repo, one-team cadence. That works for local changes, but not for systemic ones.

In modern enterprise environments with thousands of repositories and interconnected services, this approach breaks down. When a security issue or framework update impacts hundreds of services, distributing the work to individual developers becomes slow, risky, and hard to track. Teams fall behind. Systems drift. Technical debt accumulates. 

As software engineering thought leader Will Larson has explained, migrations are often the only way of meaningfully addressing technical debt, especially when individual teams can’t fix it in isolation. They become more frequent as companies and applications grow, and the ability to execute them well can become a big constraint on engineering velocity.

Larson outlines a simple but powerful playbook for running successful migrations:

• Derisk: Design and validate the migration with the hardest, most atypical and edge-case-heavy teams first.
• Enable: Build tools and documentation to automate the easy 90%, so teams have the ability to self-serve and not get stuck.
• Finish: Stop new code from using the old system, then push through the long tail and get to 100% adoption.

This is where Moderne’s model is fundamentally different. It supercharges all three of these migration phases. Where previously only infrastructure configuration and simple migrations could be automated, Moderne now lets you address code migrations too. Instead of picking at the edges of a codebase with isolated developer fixes, Moderne enables mass-scale, automated change that spans systems. It’s not just remediation—it’s remediation reimagined for how modern software is built.

The visual below compares the impact of the traditional approach to modernization versus Moderne’s approach:

In this comparison, the traditional way is linear and siloed: one app, one repo, one team at a time. After considerable effort, only 3.2% of the organization is modernized—4 out of 125 tasks completed (and only on one app).

The “Moderne way” is horizontal: the same change is applied across many repositories at once, safely and efficiently. In this case, 80% of the organization is modernized—100 out of 125 tasks completed, which represents meaningful progress toward business-wide goals.

At the core is OpenRewrite, a deterministic transformation framework that lets teams define changes as reusable, testable recipes. Moderne layers on the ability to apply those changes across massive code estates with real-time validation, CI integration, and multi-repo visibility. It’s an industrialized model for code change designed not to replace developers, but to give them superpowers.

8 ways Moderne builds trust in large-scale change

This shift to system-wide automation raises a natural question: how can you trust code changes applied across thousands of files and services without slowing everything down? Moderne was designed with that question in mind. Every layer of the system reinforces trust, accuracy, and control. 

Here are eight ways Moderne builds confidence in change at scale:

1. Deterministic, rules-based recipes. Recipes only make changes when there’s a clear, known match for a code pattern. No guesswork. No side effects. 
2. Extensive unit testing. Recipes are heavily tested against a broad set of real-world examples, often exceeding the implementation code itself.
3. Scaled validation via open source software (OSS). Every recipe is validated against tens of thousands of OSS repos in Moderne’s public tenant before release.
4. Compile verification recipe. Post-change, compile verification automatically runs to catch issues early without requiring a full build for every repo. The compile verification recipe simulates a clean build using the information in the Lossless Semantic Tree (LST), providing bytecode-level confidence. 
5. CI integration and feedback. CI pass/fail status is surfaced directly in the Moderne platform, so developers can instantly see whether builds and tests pass without switching tools or chasing logs.
6. Automated regression test generation (with Diffblue). When test coverage is lacking, Moderne can trigger automatic regression test creation to ensure confidence in functionality. 
7. Incremental change support. Not every change needs to be massive. Break big changes into smaller, staged PRs or draft PRs to match developer workflows and release schedules.
8. Proven, real-world use. Recipes have been run millions of times across both OSS and enterprise systems. They’re refined, battle-tested, and trusted at scale.

Building trust in big change is just the first step. To truly scale safe, routine remediation, teams also need to rethink how change flows through the organization. That’s where process matters just as much as precision.

Balancing push- vs. pull-based change

Trust in the automation unlocks a bigger opportunity: shifting from ad hoc fixes to systematic remediation. To make change routine across large, interdependent codebases, organizations need a model that balances central coordination with team-level control.

With Moderne, teams adopt two complementary modes of change:

• Push-based changes, like security vulnerability fixes, which are small, urgent, and surgical. These are ideal for centralized, mass PR issuance, where teams expect and accept rapid remediation with minimal disruption.
• Pull-based changes, like framework migrations or large-scale refactors, which can be complex, context-sensitive, and often staged. These are driven by developers on product teams, but they typically require structured coordination to ensure that everyone understands what’s changing, why it matters, and how to test effectively. In these cases, platform or architecture teams may lead a cross-team working group to analyze the problem, prepare and validate reusable recipes, and support rollout across teams, including code that lacks clear ownership.

These modes aren’t just theoretical—they’re reflected in how teams actually use Moderne every day. Here are a few real-world scenarios:

• Code quality and build tool upgrades: “If our priority is to standardize code quality or upgrade tools like Gradle, we issue PRs through Moderne. These changes are safe, tested, and easily reviewed. We do them at the start of every sprint—just one commit that triggers the pipeline. It’s quick and worth doing every two weeks.”
• Complex migrations using draft PRs: “For migrations like Spring Boot 2 to 3, we use draft PRs. These don’t trigger CI, so there’s no infra load. Developers pull the draft PR locally, compile, test, and make final changes. When ready, they finalize and merge. It saves time and respects developer flow.”
• Find and fix vulnerable dependencies: “Instead of letting surprise CVEs break the build mid-sprint, we run scans weekly. Fixes are issued as a single commit. It’s less stressful and more strategic. If a critical vulnerability is announced, we can run it on demand.”

These practices reinforce a key idea: remediation doesn’t have to be reactive or disruptive. When done regularly, safely, and visibly, it becomes just another part of the developer rhythm.

Let developers stay in control

Moderne puts essential automation in developers’ hands. Developers co-author changes with Moderne and can review every diff before merge. Source code management (SCM) permissions mirror existing access controls. No shadow systems, no surprises. Recipes can be dry-run and tested locally. Compile verification and CI status are visible in-platform.

When preparing a change, developers begin with data (impact analysis) and then apply refactoring recipes, identifying any changes that need manual attention or cross-team coordination. For example, migrating from Java 8 to Java 21 may also require updates to Docker images or build configurations. This upfront analysis also helps teams evaluate test coverage, identifying which areas of the codebase are backed by automated tests and which may require additional regression testing to ensure nothing breaks after the change. 

By placing humans in the loop, teams maintain control over the speed, accuracy, and scope of multi-repo development. It’s not unlike how developers use AI-based tools like GitHub Copilot—every suggestion is reviewed. But here, automation is scaled: rules-based OpenRewrite recipes power changes across thousands of repos. Developers still steer, but with higher leverage.

And no one wants to create noisy, failing pull requests. Because developers are the ones initiating and reviewing changes, they avoid CI storms and maintain confidence in the pipeline. Developers stay productive, and the business benefits from faster evolution, lower costs, and greater access to the latest language and framework innovations.

By keeping developers in control, teams also gain higher adoption and satisfaction in big-scale changes. One principal developer put it best: “I’m tired of going around telling my kids to pick up their socks.” With automation, the pattern becomes the practice.

Platform teams as enablers, not enforcers

Moderne gives platform teams a new, proactive role in shaping code quality and modernization—without having to enforce control from the top down. From day one, central teams can become stewards of scalable transformation across the business:

• Managing the recipe catalog: curating open-source recipes, writing internal ones, and testing for safety and style consistency. 
• Aligning recipes to security, compliance, or modernization objectives and publishing them across the organization. That means developers always have trusted tools at their fingertips with no guesswork.
• Acting as advisors on larger transformations—like Java 21 migrations, logging standardization, or right-sizing cloud configurations—helping product teams scope and prepare for multi-repo change.
• Launching change campaigns so developers can run remediations when the timing fits (no more chasing updates or issuing PRs to every product team!). All changes are traceable, and platform teams can monitor progress through dashboards that report adoption and impact.
• Taking the lead on urgent issues like critical vulnerabilities—driving push-based remediation at scale and ensuring rapid adoption of necessary fixes.

With Moderne, platform teams become true force multipliers. 

Scaling code change requires operational rethinking

When it comes to mass-scale modernization, strategy matters. The way you work determines how far you get—and how fast. Confidence in big-scale change comes from developers staying in the loop, platform teams enabling (not enforcing) change, and from processes that make mass-scale remediation feel routine instead of risky.

With Moderne, organizations move from reactive firefighting to continuous modernization, managing living systems that evolve safely, at scale.

‍Ready to see safe, scalable code change in action? Schedule a demo.