Portable and Secure CI/CD for COBOL: Lessons from an Industrial Migration

TL;DR

This paper details a successful migration of a COBOL CI/CD pipeline to a containerized architecture, significantly improving speed and maintainability in a regulated industry setting.

Contribution

It introduces a novel containerized CI/CD architecture for COBOL in legacy systems, reducing runtime and complexity while providing practical lessons for similar environments.

Findings

Achieved 82% reduction in pipeline runtime.

Simplified repository structure improved maintainability.

Containerization enhanced platform independence and security.

Abstract

Continuous integration and delivery (CI/CD) pipelines are critical for sustaining the evolution of large software systems. In regulated industries with legacy technologies, however, pipelines themselves can become a source of technical debt. This paper presents an industrial case study of Bankdata, a cooperative IT provider for Danish banks, where a Jenkins-based COBOL CI/CD pipeline had grown fragile, slow, and tightly coupled to platform-specific logic. The original architecture relied on Groovy scripts spread across four repositories with runtime dependency installation, leading to long execution times, high maintenance costs, and vendor lock-in. We report on the migration to a containerized architecture featuring an abstraction layer for platform logic, simplified repository structure, and a pre-built OCI-compliant image containing COBOL tools and dependencies. The new design achieved an 82% runtime reduction. Our experience highlights lessons on abstraction, containerization, and organizational adoption, offering guidance for modernizing pipelines in legacy, high-security environments.