Azul Code Inventory identifies dead and unused source code for removal
Azul announced Code Inventory, a new feature of Azul Vulnerability Detection that provides developers and DevOps teams a precise catalog of the source code actually used in production by Java applications, making it easy to accurately identify dead and unused code for removal.
Code Inventory slashes the time and burden of maintaining and testing code that is not being used, significantly improving developer productivity and ultimately saving money. Available now, Code Inventory collects information in production with no performance penalty, requires no changes to Java applications and is included at no additional charge for Azul Vulnerability Detection customers.
Dead code is the source code that resides in an application’s codebase but is not used by the application. Deprecating or removing dead code significantly reduces the time and burden associated with maintaining the codebase and makes it easier to understand. However, developers must be confident they can remove certain code without breaking the application.
“Without a timely, complete and trustworthy code use and impact report, there’s a danger that the step of deprecating code can cause bigger problems,” said David Norfolk, practice leader, Bloor Research. “Reliably identifying dead code is the hard part, and using automation to find what code is and is not running, or can’t ever be reached, gives developers a huge advantage.”
Traditional code analysis tools like profilers and IDEs do not provide a complete view of the code used due to their static nature, lack context of what code is actually invoked in production over time, or are so overhead-intensive that they cannot practically be used in production settings.
Code Inventory collects and aggregates detailed code information – at the class/package and method level – from inside the Java Virtual Machine (JVM) to create a comprehensive view across an enterprise’s Java workloads of what code actually runs in production over time. This information provides highly accurate and strong signals to confidently prioritize dead code for removal.
“Application developers want to remove dead and unused code to make maintenance easier but are terrified to remove anything for fear of breaking the application,” said Martin Van Ryswyk, chief product officer at Azul. “With Code Inventory, developers now have a sophisticated tool to help pinpoint areas for cleanup. Code Inventory is the only solution that collects highly granular information about the code run by the JVM in production with no performance overhead, creating a new, highly accurate way to find dead code for removal.”
Code Inventory is a feature of Azul Vulnerability Detection, an agentless cloud service that continuously detects known security vulnerabilities in Java applications and infrastructure in production. Code Inventory requires no changes to the application or additional monitoring software.