customer service representative is shown using Cisco services


Cisco IT

SonarQube was the unanimous choice

Key Results

  • Flexible, customizable rule sets
  • Portfolio Management to provide management-friendly, personalized quality metrics throughout the company
  • Trend analysis report shows quality improvement and organizational performance over long periods of time

the challenge

Today, Cisco IT is on track to become the #1 IT organization in the world, but there was a time when its inability to manage software quality might have been a stumbling block. According to Cisco IT Engineer Dhairya Sanghvi, the quality of the code that made it into and through QA was an issue. “There used to be numerous code-related issues that escalated over time and cost us a lot.”

Part of the problem was a lack of standards. “We used to have development teams conduct code reviews and non-functional analysis in a disorganized manner,” Sanghvi said. “There was no storage of information or clear understanding of the number of defects,” and no way to see how quality changed over time. Further, “the systems and processes in place for code reviews were not standardized, as there was no common tool or rule set being used to perform (reviews).” Development teams were using various tools for static analysis and unit testing, but he said “Cisco IT needed to shift its focus to a tool with more mature reporting capabilities that can be interpreted by developers and management alike.”

the solution

While looking for tools that would fill Cisco IT’s needs, Sanghvi said the research team was also trying to incorporate agile practices like continuous integration into the Cisco IT development environment. He said the team was sold on SonarQube’s features, but integration was the clincher. “SonarQube was a code analysis tool that integrated well with Jenkins and we went, ‘A-ha, SonarQube it is then!’ … SonarQube was the unanimous choice.”

Cisco IT now uses SonarQube to analyze more than 9 million lines of Java, PL/SQL and C/C++ code in 90 applications with the expectation that this number rises to 150 million lines of code. The software quality process is driven by development teams located in the United States and India.

the results

According to Sanghvi, Cisco IT’s adoption of SonarQube has been a huge win for the company. “SonarQube has triggered a three-fold business impact that we have seen extensively in every project team we have on-boarded – delivery excellence (time to capability reduced), engineering excellence (quality improvement) and business value (cost savings).” By shifting the code analysis to the development stage and running it on a daily basis, Cisco IT has enhanced its code quality substantially. Consequently, emergency bug fixes are reduced, which “translates to considerable cost savings for the organization,” Sanghvi said. “A defect caught at an earlier stage in the PLC is way less expensive than one caught later on.”

The next big win was in the area of code reviews. Every team now conducts code reviews in the same place, using the same tools and metrics, and SonarQube provides clarity and time-based visibility on the key defect metrics. “There is considerable resource-time saved in code reviews and feature integration thanks to daily code analysis performed by SonarQube.” Additionally, “SonarQube, with its relevant quality profiles and their customizability” has brought teams onto the same page with each other. “Teams could now implement common rule sets used by their peer teams and customize a few rules of their own.”

Sanghvi is enthusiastic about SonarQube and says “there is no one single USP (unique selling proposition) of SonarQube that drives us to it…like I said there are a lot of great features mentioned above that define SonarQube’s value proposition. But let me just outline one unconventional little item here – SonarSource support. Period. Extensive use at an early stage of adopting the tool ensured that we had (answers to) a number of queries that needed to be answered promptly. SonarSource did not disappoint. There were times when we needed trial licenses for Views and PL/SQL plugins urgently. It never took more than an hour for the support team to provide it.”

Cisco Logo

“SonarQube was a code analysis tool that integrated well with Jenkins and we went, ‘A-ha, SonarQube it is then!’ … SonarQube was the unanimous choice.”

Dhairya Sanghvi, Cisco IT Engineer @ Cisco IT

Background image of bits of code connecting to each other

ready to detect security issues?

Request a DemoExplore Pricing