Findomestic & Sonar: Driving innovation and excellence in financial software delivery

Findomestic Banca, a wholly owned subsidiary of BNP Paribas Personal Finance, is a recognized leader and innovator in consumer credit and daily banking solutions. With a focus on creating a streamlined and resilient software development lifecycle, Findomestic Banca sought a partner that could build upon their established DevOps practices to produce higher-quality code and therefore higher-quality financial software. Working with Sonar and taking advantage of the company’s industry-leading SonarQube platform has been instrumental in Findomestic's pursuit of excellence.

Findomestic’s dedication to uncompromised quality and efficiency

In alignment with their commitment to efficiency, Findomestic's team identified an opportunity to further optimize their development processes. Working in SonarQube allowed them to implement proactive code quality and security measures to maintain their high standards and adapt swiftly to evolving technological landscapes. 

Findomestic’s key objectives included: 

• Deepening DevOps integration for accelerated delivery
• Establishing a consistent and automated standard for code quality
• Further reducing resolution times for identified issues
• Articulating the profound business value of a technical investment to achieve data-driven insights

These objectives kept Findomestic on track to address potential complexities before they negatively impacted developer workflow, particularly by establishing centralized quality requirements and ensuring compliance with stringent group security standards. 

SonarQube integrates the DevOps toolchain for centralized governance

Findomestic's implementation of SonarQube Server is a testament to their strategic vision and commitment to quality assurance. SonarQube has become an integral part of their sophisticated DevOps toolchain, which includes GitLab, Jenkins, IQ Server Lifecycle, and Fortify. This phased and collaborative approach has delivered instant value:

• Empowering developers: SonarQube's automated code review capabilities provide immediate, contextual feedback within developers' familiar IDEs and integrated toolchains, fostering a proactive mindset and empowering them to build high quality code from the start.
• Layered security synergy: Working in tandem with Fortify and IQ Server, SonarQube bolsters Findomestic's security posture, ensuring adherence to the rigorous BNP Paribas group security standards and providing an early, critical line of defense.
• Comprehensive, evolving issue detection: SonarQube operates as a central hub for identifying both code smells and security vulnerabilities across a diverse range of languages (Java, C++, COBOL), demonstrating its adaptability to Findomestic's complex and evolving technological environment.
• Strategic quality gate enforcement: The quality gate, initially leveraged for enhanced visibility and communication, has evolved into a mandatory phase that ensures all deployed code meets Findomestic's high-quality benchmarks, safeguarding releases and maintaining operational stability.
• Unified code governance: By establishing SonarQube as the single source of truth for code quality and security analysis, Findomestic achieves centralized governance, streamlining oversight and ensuring consistency across all development efforts.

The impact: A proactive culture of continuous improvement and tangible success

The adoption of SonarQube Server has delivered substantial and measurable advantages, solidifying Findomestic's standing as an innovative market leader in financial software. Through this implementation, developers consistently embraced and applied programming best practices, leading to higher standards of code quality and seamless adoption of language advancements.

Reduced technical debt

Findomestic significantly reduced technical debt, evidenced by a 70% increase in microservices test coverage and new code consistently demonstrating near-zero bugs and security vulnerabilities. This proactive debt management, combined with the strict enforcement of SonarQube quality gates, led directly to a substantial decrease in application downtime and ensured highly-reliable software operations.

By enabling swift identification and resolution of technical issues, SonarQube dramatically boosted overall development efficiency, empowering teams to concentrate on value creation. This fostered a profound cultural shift at Findomestic, transitioning from reactive problem solving to a deeply ingrained, proactive focus on code quality and collaborative excellence.

Strengthened security

SonarQube significantly strengthened Findomestic's comprehensive security framework, powerfully complementing other specialized security tools. The rapid and efficient resolution of bugs and security flaws identified by SonarQube substantially shortened feedback loops, minimizing potential impact and reinforcing Findomestic's commitment to secure, high-quality software.

Empowered technical innovation

Furthermore, quantifying technical debt allowed the DevOps team at Findomestic to effectively communicate the  need for strategic technical investments to business stakeholders, garnering support for the continued funding of key technical solutions. SonarQube also proved invaluable in accelerating the onboarding of new developers, even for legacy languages like COBOL, by providing clear quality standards and actionable guidance.

SonarQube has become an indispensable and mandatory component of Findomestic's sophisticated development ecosystem. This partnership has not only driven significant improvements in code quality, development efficiency, and operational stability but has also fundamentally transformed Findomestic's approach to software delivery, solidifying its standing as a leader in innovative financial solutions.