picture of a red sports car

Manufacturing

Global Car Manufacturer

global car manufacturer secures sensitive information with Sonar solution

Key Results

  • Security sensitive projects developed in Java and C
  • 500 developers using SonarQube for Clean Code checks daily
  • Fully integrated into the DevOps tool chain with Bitbucket and Bamboo
  • Easily integrated into the developer IDE with SonarLint
  • Early detection of security vulnerabilities and Security Hotspots
  • Increased efficiency and visibility for security team and IT department managers
Download Case Study

the challenge

Security is the most important thing for this multinational automotive manufacturing corporation. Software projects developed for customers and joint venture partners often process highly sensitive data, such as car usage or owner information, that has the highest security priority. As more and more projects and applications are migrated to the public cloud, which comes with additional security challenges and compliance rules, teams need to know if their code is absolutely secure before any project can be delivered or made public.

the solution

SonarQube Enterprise Edition was selected by this Fortune Global 500 company to measure the quality and security of all its code and to detect and remediate vulnerabilities as early as possible. SonarQube is seamlessly integrated into a DevOps tool chain that is used by 500 developers in their daily work. By focusing on new code and following the Sonar “Clean as You Code” methodology, security issues are prioritized from the beginning, even for legacy projects. Developers have also installed SonarLint in their IDE to constantly learn and to conveniently scan code before submission.

the results

SonarQube enables the development teams to measure their code delivery against a well-established clean code standard on a daily basis. The security team and IT department managers have better visibility and are highly satisfied about the positive trends: The overall code quality increases and fewer vulnerabilities are detected in the final review just prior to delivery. With SonarQube and SonarLint, developers have the confidence that what they deliver is secure, high quality code that continually meets the team's and customer's standards.

avatar of a person with quote marks around them

“With SonarQube, everyone wins. Our developers have the confidence that what they submit is high quality and highly secure code; our project managers have more visibility into the quality of the projects delivered by their teams and our security team can see that the developers are following the rules. It has really helped us increase efficiencies while making our code more secure”

Public Cloud Architect

Background image of bits of code connecting to each other

ready to detect security issues?

Explore Pricing -->
  • Sonar Solutions
    • Clean Code
    • Clean as You Code
    • Commitment to open source
    • For developers
    • For teams
    • For enterprise
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2022, SonarSource S.A, Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.