Dead and unused code drains developer productivity, slows code releases, and adds security risk. One global online services leader used Azul Intelligence Cloud to address this hidden problem across their Java estate – at scale.
In this post you will learn:
- Intelligence Cloud revealed that 50% of the enterprise’s codebase routinely went unused
- The enterprise recovered wasted time equal to 30 full-time engineers
- Urgent remediation efforts were reduced by 57%
In every large software platform, there’s code that runs—and code that just… sits there.
A tech stack can be a graveyard of legacy features no one uses and experimental services that never made it to production. Over time, these inactive code paths build up like digital clutter. Developers are afraid they might remove a critical component, and they don’t have time to research. So dead and unused code just sits there, while developers work around it and maintain it.
Software becomes harder to maintain, more challenging to secure, and more expensive to run.
For SaaS providers and online services platforms, this problem only grows as applications scale. The larger the codebase, the harder it becomes to answer basic questions:
- What code is actually running?
- What code is dead and safe to remove?
- Where is my security risk concentrated?
A leading SaaS company took action
One of the world’s largest online services platforms faced this exact challenge. With thousands of Java workloads across global cloud regions, the company’s engineering teams struggled to manage technical debt at scale. Two critical issues are manually uncovering unused code and finding known vulnerabilities.
Manually uncovering unused code in legacy applications is difficult, tedious, and time-consuming – especially at a large enterprise. The work is often never completed because the tools detect information statically, so any public class that could be called is determined to be in use. Unused code that looks alive becomes technical debt.
Finding known vulnerabilities with traditional Application Security (AppSec) tools is inefficient due to the number of false positives they generate. These tools typically run in non-production (or against a snapshot of production) and rarely have visibility at the Java class level. Developers waste time investigating false positives, leading to reduced production security posture and lost productivity.
| Learn More |
|---|
| Eliminate dead and unused code to improve Java efficiency Azul Intelligence Cloud The ITAM/SAM Survey and Report |
Enter Azul Intelligence Cloud
To solve the dead and unused code problem, the SaaS provider deployed Azul Intelligence Cloud, a production-ready DevOps productivity platform built for Java. The team selected candidate Java applications and gathered data from the JVM on what code actually ran in production. The same data was used to assess the validity of the vulnerability alerts being generated by the customer’s existing AppSec tools.
Because Intelligence Cloud can run in production with no performance penalty, it took only a few days to identify some serious issues in the company’s Java estate:
| Discovery |
|---|
| Nearly 50% of the customer’s application code went unused. Only 45% of the total JARs in their codebase were used. Engineers spent 10% of their time actively maintaining unused and dead code. Only 47% of vulnerabilities identified were used in production |
The enterprise identifies huge savings
Azul Intelligence Cloud dramatically slashes time from unproductive tasks, including maintaining and updating unused and dead code, as well as investigating vulnerability false positives. Working closely with the customer to compare source-commits and vulnerability alerts against code that did not run, Azul identified the potential to recover an incredible amount of lost developer capacity:
| Savings |
|---|
| 24 full-time developer hours from eliminating the maintenance of dead and unused code 6 full-time developer hours from eliminating chasing vulnerability false positives |
How Intelligence Cloud works
Azul Intelligence Cloud provides actionable intelligence from production Java runtime data to efficiently identify unused and dead code for removal and prioritize vulnerable code for remediation. It works with any JVM from any vendor or distribution to slash time from unproductive tasks across an enterprise’s entire Java estate, resulting in a substantial improvement in DevOps productivity. Features of Intelligence Cloud include:
- Code Inventory: precisely catalog what code actually runs in production across all your Java workloads.
- Azul Vulnerability Detection: Detect vulnerable code that is used versus simply present, eliminating false positives for efficient vulnerability triage.
Clean up your code — and your cloud costs
For SaaS leaders, online services platforms, and enterprises with large Java estates, dead code isn’t just clutter — it’s a cost.
With Azul Intelligence Cloud, you can:
- Eliminate unnecessary code safely
- Reduce security risk
- Improve developer productivity
- Shrink your cloud footprint
