AWS adds autonomous tech debt remediation to Transform

AWS announced AWS Transform continuous modernization in preview June 17, adding codebase scanning, policy baselines, prioritized findings and pull-request remediation to its agentic modernization service.

The release targets a problem platform teams know well: code maintenance work piles up across hundreds or thousands of repositories, while each app team sees its own slice. AWS says the new capability scans repositories against configurable baselines, flags end-of-life dependencies, deprecated frameworks, runtime drift and organization-specific patterns, then helps teams remediate through pull requests.

The pitch lands in a market that already has strong tools for dependency updates, vulnerability detection and code quality. AWS wants Transform to sit above those point tools as a portfolio modernization layer. Platform teams define the baseline. AWS Transform checks repositories against it. Developers get PRs they can review, amend and merge.

Change

AWS has used Transform for migration and modernization work across mainframe, VMware, Windows and custom code projects. The broader service uses agentic AI workflows for discovery, planning and code transformation, and AWS says customers have used it across billions of lines of code.

Continuous modernization narrows that model to recurring code debt. Instead of treating Java upgrades, SDK migrations, Lambda runtime changes and deprecated library replacement as campaign work, AWS gives platform teams a standing control plane for code health.

The workflow starts with source control connection. AWS says customers can connect repositories, choose or define policies and run analysis in hours. The service then produces findings by repository, severity, category and remediation path.

That matters because tech debt has a portfolio shape. A chief technology officer may need to know which teams still use a retired framework, which applications carry a high-risk dependency and which repositories missed a runtime deadline. A spreadsheet cannot keep pace once development teams ship with AI coding tools, bot-generated PRs and shared packages.

AWS also added custom remediation patterns. A platform team can encode an internal standard, such as a preferred logging library or retired internal package, then run that policy across connected repositories. That gives enterprise teams a path beyond public vulnerability databases and generic dependency catalogs.

The remediation side matters more than the inventory. AWS says Transform can generate PRs for affected repositories across common scenarios such as Java version upgrades, SDK migrations and library updates. Developers keep review authority, and the platform team gets feedback from source code rather than manual status updates.

AWS also says the capability integrates with AWS Security Agent so source-code security findings enter the same prioritized queue and PR workflow. Security teams often struggle when scanners produce tickets that developers must translate into code changes. AWS aims to close that gap by pairing findings with proposed patches.

Provider comparison

AWS enters crowded ground. GitHub Dependabot already opens dependency update PRs inside GitHub. Renovate gives teams broad dependency automation across ecosystems. Snyk, Mend and SonarQube help teams find vulnerabilities, license issues and code quality defects.

Those tools work well when teams need tight source control integration and focused security or dependency coverage. AWS Transform aims at a wider modernization lane: runtime upgrades, framework changes, organization policy enforcement, migration support and custom code transformations.

Microsoft has a strong developer workflow through GitHub Advanced Security and Dependabot. It also offers Azure Migrate for infrastructure and application migration. That stack suits organizations that use GitHub, Azure DevOps and Azure as their main delivery path.

Google Cloud positions Migration Center as an assessment and migration planning hub, with services for VMware, databases, applications and infrastructure. Google also has strong software supply chain tools through Artifact Analysis and related security products. Google’s strength sits closer to cloud migration planning and container-era security than broad autonomous code remediation.

AWS now claims a more integrated modernization story inside its own cloud. Transform links mainframe, VMware, Windows, custom code work and continuous code debt management under one product name. For organizations that already run AWS migration programs, that consolidation may reduce the number of dashboards and handoffs.

The trade-off comes from platform dependence. If a company wants one modernization control plane across AWS, Azure, Google Cloud and private infrastructure, AWS Transform may fit part of the estate rather than the full picture. Teams with mixed source control, strict data residency rules or mature existing scanners should test repository access, permissions, finding quality and PR volume before they expand use.

Pricing

AWS lists current AWS Transform pricing with free assessment, Windows modernization, mainframe modernization and VMware migration agents. AWS charges for the custom transformation agent at $0.035 per agent minute.

Agent minutes count the active work that Transform performs during server-side planning, reasoning, analysis or code modification. AWS says customers do not pay for user idle time or local client operations such as builds and tests. The pricing examples list a Node.js SDK upgrade at about 20 agent minutes, or $0.70; a Java language version upgrade at about 72 agent minutes, or $2.52; and a Python runtime upgrade at about 37 agent minutes, or $1.30.

Customers still pay standard AWS charges for resources they create or run after modernization work. Finance teams should model both sides: agent-minute spend for transformation work and infrastructure changes that follow migration or runtime updates.

Business impact

Platform teams should view continuous modernization as operating discipline, not a one-time cleanup. The service gives leaders a way to define a code health baseline, measure drift and push fixes into developer workflows without asking each team to maintain separate reports.

That changes the modernization backlog. A team can rank work by severity, blast radius and repository count. Security can push source-level fixes through the same queue as dependency and runtime work. Application teams can review PRs in their normal branch and CI process.

The preview also changes the build-versus-buy question. Many enterprises have internal scripts that scan repositories, open issues and remind teams to upgrade. Those scripts often age into their own maintenance burden. AWS Transform may replace some of that glue for organizations that accept AWS as the modernization coordinator.

Procurement teams should ask three questions during evaluation. First, can AWS Transform express the organization’s real policies, including internal packages and framework standards? Second, do the generated PRs pass tests without heavy developer repair? Third, can the team control cost and PR noise across thousands of repositories?

Engineering leaders should start with a narrow pilot. Pick 10 to 20 repositories across different languages, connect them with least-privilege access, define two or three policies and measure PR quality. Track merge rate, review time, failed CI runs and developer edits. Those numbers will tell you whether AWS Transform saves engineering time or shifts work from platform teams to application teams.

The preview gives AWS a stronger position in enterprise modernization. It connects migration strategy with routine code upkeep, and it gives platform teams a concrete tool for debt reduction at scale. Teams that run large AWS estates should test it now, with guardrails around permissions, CI, billing and developer review.