Manufacturing

Global Car Manufacturer Secures Sensitive Information with SonarSource Solutions

One of the world's leading manufacturers of automobiles and commercial vehicles adds a strong security checkpoint to its DevOps tool chain by expanding SonarQube and SonarLint use to 500 developers.

Energy Illustration

KEY RESULTS

  • bullet point Security sensitive projects developed in Java and C
  • bullet point 500 developers using SonarQube for Code Quality & Code Security daily
  • bullet point Fully integrated into the DevOps tool chain with BitBucket and Bamboo
  • bullet point Easily integrated into the developer IDE with SonarLint
  • bullet point Early detection of security vulnerabilities and hotspots
  • bullet point Increased efficiency and visibility for security team and IT department managers

“With SonarQube, everyone wins. Our developers have the confidence that what they submit is high quality and highly secure code; our project managers have more visibility into the quality of the projects delivered by their teams and our security team can see that the developers are following the rules. It has really helped us increase efficiencies while making our code more secure”

- Public Cloud Architect
team work

The Challenge

Security is the most important thing for this multinational automotive manufacturing corporation. Software projects developed for customers and joint venture partners often process highly sensitive data, such as car usage or owner information, that has the highest security priority. As more and more projects and applications are migrated to the public cloud, which comes with additional security challenges and compliance rules, teams need to know if the code is absolutely secure before any project can be delivered or made public.

solution

The Solution

SonarQube Enterprise Edition was selected by this Fortune 500 Global company to measure the quality and security of all its code, and to detect and remediate vulnerabilities as early as possible. SonarQube is seamlessly integrated into a DevOps tool chain that is used by 500 developers in their daily work. By focusing on new code and following SonarSource’s “Clean as you code” methodology, code issues and Security Hotspots are prioritized from the beginning, even for legacy projects. Developers have also installed SonarLint to constantly learn and to conveniently scan code in-IDE, before submission.

result

The Results

SonarQube enables the teams to measure every day the concrete success criteria needed to pass or fail Code Security and Quality checks. The security team and IT department managers have better visibility and are highly satisfied about the positive trends: The overall code quality increases and fewer vulnerabilities are detected in the final review just prior to delivery. With SonarQube and SonarLint, developers have the confidence that what they deliver is secure and high quality code that meets the team's and customer's standards.

security issue detected

Ready to detect security issues?

Choose your plan