Pernod Ricard's logo

Wines and Spirits

Pernod Ricard Secures Hundreds of E-Commerce, Mobile and Enterprise Applications with SonarQube

SonarQube provides a common and accepted framework for developers to properly discuss the quality & security thresholds required for meeting the Group’s code standards.

Energy Illustration

KEY RESULTS

  • bullet point 200 web and e-commerce applications mostly developed in PHP and JS
  • bullet point 150 enterprise applications developed in C#, Node.js and Python
  • bullet point CI/CD integration with Azure DevOps, Gitlab and BitBucket Pipelines
  • bullet point Automated code analysis for 5,000 community-rated rules in only a few minutes
  • bullet point IDE integration with SonarLint protects code commits
  • bullet point Code Quality & Code Security findings owned by developers

“SonarQube is not just a well known and respected tool. It is the standard for Code Quality and Code Security.”

- Laurent Bel, Head of Architecture and Innovation

“What I like about SonarQube is that it gives a framework and set of rules that are accepted and well known to everyone. There is no discussion around whether it is relevant or not. It removes the discussion of who is right and who is wrong. SonarQube is right.”

- Laurent Bel, Head of Architecture and Innovation
team work

The Challenge

Pernod Ricard, a worldwide producer of wines and spirits has 18,500 employees, and distributes 250 brands in 130 markets through more than 200 websites, mobile apps and e-commerce applications. These applications are an essential part of the business and so have to be protected from data breaches and defacements. Additionally, Pernod Ricard develops 150 internal enterprise applications to support its business. These back office applications are exposed to the internet to be easily accessible by all employees and also need to be protected. Next to this huge landscape of security-sensitive applications, Pernod Ricard faces an additional challenge: All software development is outsourced to multiple development agencies. Without the right tool there's no way to gauge the Code Quality and Security of this outsourced code.

solution

The Solution

After initial market research, Pernod Ricard first selected a top-tier vendor from Gartner's SAST market report for a demo. “We were expecting to get something like a Rolls-Royce but were extremely disappointed”, said Hakim Rouatbi, IT Solutions Architect. Then, the team compared the product experience and results to SonarQube and the decision was straightforward: SonarQube provided a much better user interface, seamless integrations, faster analysis and strong quality of findings, all at a significantly lower price with a flexible licensing model. “It’s super easy to get started and the interface is well thought through so that the right info just jumps at you”.

result

The Results

For every development project, SonarQube is fully integrated into the CI/CD pipeline from the beginning, using BitBucket, Gitlab or Azure DevOps. The analysis applies more than 5,000 Code Quality and Security rules and finishes in only a few minutes. Some developers also use SonarLint in the IDE to spot issues even before their code is committed. All developers have access to SonarQube and are responsible for all Code Quality and Security findings throughout the project. The results are measured by the IT team through custom Quality Gates. This provides an easy way to determine how clean new code is and, more importantly, SonarQube is accepted as a standard by developers of different agencies and backgrounds.

Using SonarQube equips Pernod Ricard with a common framework for proper discussions across development teams about what needs to be addressed. That framework allows Pernod Ricard to rise to the challenge of maintaining high quality and security in its applications’ source code.

security issue detected

Ready to detect security issues?

Choose your plan