Stanford Database Library of American Journal of Applied Science and Technology

Vol. 5 No. 11 (2025)
Articles

Architecting Secure and Sustainable Enterprise Java Delivery Pipelines: Managing Mixed Java Versions, Legacy Modularity, and DevSecOps Automation in Non-Containerized CI/CD Environments

pdf
  • Dr. Alexander M. Rothwell
Dr. Alexander M. Rothwell
Department of Computer Science, Westbridge University, United Kingdom

Published 2025-11-05

Keywords

  • Enterprise Java,
  • CI/CD pipelines,
  • Jenkins,
  • DevSecOps

How to Cite

Dr. Alexander M. Rothwell. (2025). Architecting Secure and Sustainable Enterprise Java Delivery Pipelines: Managing Mixed Java Versions, Legacy Modularity, and DevSecOps Automation in Non-Containerized CI/CD Environments. Stanford Database Library of American Journal of Applied Science and Technology, 5(11), 283–287. Retrieved from https://oscarpubhouse.com/index.php/sdlajast/article/view/75

Copyright (c) 2025 Dr. Alexander M. Rothwell

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

Enterprise Java ecosystems continue to operate under complex constraints shaped by long-lived legacy systems, mixed Java version dependencies, stringent regulatory requirements, and cautious adoption of containerization technologies. While cloud-native and container-based paradigms dominate contemporary discourse, a substantial proportion of mission-critical enterprise systems still rely on non-containerized continuous integration and continuous delivery (CI/CD) pipelines. These environments face unique challenges, particularly when managing multiple Java versions, modularization transitions, dependency risk propagation, and integrated security controls without disrupting operational stability. This research presents an in-depth, theory-driven examination of enterprise-grade CI/CD pipeline architectures for mixed Java version environments using Jenkins in non-containerized contexts. Drawing exclusively from established academic, industry, and standards-based references, the study synthesizes insights from Java platform evolution, modularity research, garbage collection optimization, dependency management, and DevSecOps governance frameworks. The methodology employs a qualitative analytical approach, integrating comparative literature analysis, architectural reasoning, and process-oriented interpretation to derive best-practice patterns. The findings reveal that sustainable pipeline design in non-containerized environments depends on deliberate version isolation strategies, disciplined dependency governance, modular refactoring aligned with Java Platform Module System principles, and deeply embedded security automation. The discussion critically evaluates trade-offs between modernization and operational risk, highlighting how policy-as-code, static and dynamic analysis tools, and compliance-driven observability can be harmonized within Jenkins-centric pipelines. The study concludes that non-containerized CI/CD architectures, when systematically engineered, remain viable and strategically relevant, offering a pragmatic modernization pathway for enterprises balancing innovation with legacy continuity.

pdf

References

  1. Aqua Security. (2023). Trivy open source vulnerability scanner.
  2. Chen, L., & Thakkar, M. (2021). Garbage collection optimization in large-scale Java applications. Proceedings of the IEEE International Conference on Software Maintenance and Evolution.
  3. Deligiannis, I., et al. (2021). Challenges in modularizing legacy Java systems: An empirical study. Empirical Software Engineering, 26(2), 25.
  4. Deligiannis, N., Smaragdakis, Y., & Chatrchyan, S. (2019). Migrating to Java 9 modules: Lessons from the trenches. Proceedings of the ACM on Programming Languages, 3(OOPSLA), 1–25.
  5. Deligiannis, N., Spinellis, D., & Gousios, G. (2022). Analyzing modularity in Java projects after JPMS adoption. Empirical Software Engineering Journal, 27(1), 1–29.
  6. Gupta, M., & Saxena, A. (2020). An empirical study of Java LTS versions in enterprise software systems. Journal of Software Engineering and Applications, 13(8), 325–337.
  7. Jenkins. (2023). Pipeline syntax and tools. Jenkins documentation.
  8. Jenkins Project. (2024). Jenkins documentation: Pipeline and plugin ecosystem.
  9. Kathi, S. R. (2025). Enterprise-grade CI/CD pipelines for mixed Java version environments using Jenkins in non-containerized environments. Journal of Engineering Research and Sciences, 4(9), 12–21. https://doi.org/10.55708/js0409002
  10. Malhotra, S. (2021). Dependency management for Java frameworks: The case of Spring and Jersey. International Journal of Software Engineering & Applications, 12(4), 45–57.
  11. Mehta, N. (2022). DevSecOps: A leader’s guide to producing secure software without compromising flow, feedback, and continuous improvement. IT Revolution.
  12. OpenJDK. (2021). JEP index.
  13. Open Policy Agent. (2023). Policy as code for secure CI/CD.
  14. Oracle. (2021). Java SE support roadmap.
  15. Oracle. (2023). Java SE support roadmap.
  16. Oracle Corporation. (2021). CLDR in JDK 9 and later (JEP 252).
  17. Oracle Corporation. (2022). Java microbenchmark harness.
  18. OWASP Foundation. (2023). OWASP dependency-check.
  19. OWASP Foundation. (2023). OWASP ZAP project.
  20. PCI Security Standards Council. (2022). Payment card industry data security standard v4.0.
  21. Shah, A., et al. (2020). Risks in transitive dependency upgrades in Java projects. Proceedings of the IEEE International Conference on Software Maintenance and Evolution, 27–36.
  22. Shah, P., Reddy, A., & Ma, J. (2022). Risk propagation in Java dependency trees: A transitive analysis approach. Software: Practice and Experience, 52(9), 1754–1772.
  23. SonarSource. (2023). Static analysis for Java applications.
  24. SonarSource. (2024). SonarQube documentation.
  25. Snyk Ltd. (2023). State of Java security report.
  26. Tomlinson, B. (2021). CI/CD without containers: Lessons from legacy environments. Proceedings of the DevOps Enterprise Summit.
  27. Venkat, G., & Saito, T. (2022). Modern Java language features: From Java 9 to Java 17. Java Magazine, Oracle.
  28. Splunk Inc. (2023). Security information and event management best practices.