Security is the most important thing for this multinational automotive manufacturing corporation. Software projects developed for customers and joint venture partners often process highly sensitive data, such as car usage or owner information, that has the highest security priority. As more and more projects and applications are migrated to the public cloud, which comes with additional security challenges and compliance rules, teams need to know if the code is absolutely secure before any project can be delivered or made public.
SonarQube Enterprise Edition was selected by this Fortune 500 Global company to measure the quality and security of all its code, and to detect and remediate vulnerabilities as early as possible. SonarQube is seamlessly integrated into a DevOps tool chain that is used by 500 developers in their daily work. By focusing on new code and following SonarSource’s “Clean as you code” methodology, code issues and Security Hotspots are prioritized from the beginning, even for legacy projects. Developers have also installed SonarLint to constantly learn and to conveniently scan code in-IDE, before submission.
SonarQube enables the teams to measure every day the concrete success criteria needed to pass or fail Code Security and Quality checks. The security team and IT department managers have better visibility and are highly satisfied about the positive trends: The overall code quality increases and fewer vulnerabilities are detected in the final review just prior to delivery. With SonarQube and SonarLint, developers have the confidence that what they deliver is secure and high quality code that meets the team's and customer's standards.