The software industrial revolution has arrived. Software is now 80% open source and third party and 20% proprietary code that stitches it together into business critical applications. We are challenged with the ongoing maintenance of increasingly large and diversely composed codebases and ecosystems. Dependencies are changing frequently and evolve at their own pace. Not updating leads to critical bugs, performance, and security issues. The "shift left" movement in AppSec over the last decade has been additive and transformative. We need similar innovations to help drive change and improvements in existing code and systems. In this talk we’ll introduce OpenRewrite, an automated refactoring technology that was born at Netflix in 2016. We’ll write the code for a recipe live that fixes a known vulnerability and execute it across 100 million lines of open source code, culminating in pull requests to key open source projects. The recipe will be made available in open source for you to apply to your own codebase at the end of the session.