The challenge
Security is the most important thing for this multinational automotive manufacturing corporation. Software projects developed for customers and joint venture partners often process highly sensitive data, such as car usage or owner information, that has the highest security priority. As more and more projects and applications are migrated to the public cloud, which comes with additional security challenges and compliance rules, teams need to know if their code is absolutely secure before any project can be delivered or made public.
The solution
SonarQube Server Enterprise Edition was selected by this Fortune Global 500 company to measure the quality and security of all its code and to detect and remediate vulnerabilities as early as possible. SonarQube Server is seamlessly integrated into a DevOps tool chain that is used by 500 developers in their daily work. By focusing on new code and following the Sonar “Clean as You Code” methodology, security issues are prioritized from the beginning, even for legacy projects. Developers have also installed SonarQube for IDE in their IDE to constantly learn and to conveniently scan code before submission.
The results
SonarQube Server enables the development teams to measure their code delivery against a well-established Code Quality standard on a daily basis. The security team and IT department managers have better visibility and are highly satisfied about the positive trends: The overall code quality increases and fewer vulnerabilities are detected in the final review just prior to delivery. With SonarQube Server and SonarQube for IDE, developers have the confidence that what they deliver is secure, high quality code that continually meets the team's and customer's standards.
