Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Portable and Secure CI/CD for COBOL: Lessons from an Industrial Migration

Andreas Askholm, Kenneth Johnsen, Jacopo Mauro

Abstract

Continuous integration and delivery (CI/CD) pipelines are critical for sustaining the evolution of large software systems. In regulated industries with legacy technologies, however, pipelines themselves can become a source of technical debt. This paper presents an industrial case study of Bankdata, a cooperative IT provider for Danish banks, where a Jenkins-based COBOL CI/CD pipeline had grown fragile, slow, and tightly coupled to platform-specific logic. The original architecture relied on Groovy scripts spread across four repositories with runtime dependency installation, leading to long execution times, high maintenance costs, and vendor lock-in. We report on the migration to a containerized architecture featuring an abstraction layer for platform logic, simplified repository structure, and a pre-built OCI-compliant image containing COBOL tools and dependencies. The new design achieved an 82% runtime reduction. Our experience highlights lessons on abstraction, containerization, and organizational adoption, offering guidance for modernizing pipelines in legacy, high-security environments.

Portable and Secure CI/CD for COBOL: Lessons from an Industrial Migration

Abstract

Continuous integration and delivery (CI/CD) pipelines are critical for sustaining the evolution of large software systems. In regulated industries with legacy technologies, however, pipelines themselves can become a source of technical debt. This paper presents an industrial case study of Bankdata, a cooperative IT provider for Danish banks, where a Jenkins-based COBOL CI/CD pipeline had grown fragile, slow, and tightly coupled to platform-specific logic. The original architecture relied on Groovy scripts spread across four repositories with runtime dependency installation, leading to long execution times, high maintenance costs, and vendor lock-in. We report on the migration to a containerized architecture featuring an abstraction layer for platform logic, simplified repository structure, and a pre-built OCI-compliant image containing COBOL tools and dependencies. The new design achieved an 82% runtime reduction. Our experience highlights lessons on abstraction, containerization, and organizational adoption, offering guidance for modernizing pipelines in legacy, high-security environments.

Paper Structure

This paper contains 25 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Continuous Integration and Delivery
  4. Bankdata and the COBOL Legacy
  5. Languages and Technologies
  6. Pre-existing Setup and Objectives
  7. Objectives
  8. Migration Approach
  9. Decoupling from Jenkins
  10. Managing the Environment
  11. Executing Shell Scripts
  12. Status Reporting
  13. Filesystem and Version Control
  14. Dependencies and Containerization
  15. Running in GitHub Actions
  16. ...and 10 more sections

Figures (2)

  • Figure 1: Visual comparison between the Groovy files constituting the pipeline before (left) and after (right) the migration. Colors indicate directory depth (orange = repository root, blue = sub-dir, red = sub-sub-dir, green = deeper levels; yellow highlights Jenkins specific external libraries. Arrows represent calls or dependencies between files.
  • Figure 2: Use of stage, steps, container, and withEnv in a Jenkins pipeline.