Global Car Manufacturer

the challenge

Security is the most important thing for this multinational automotive manufacturing corporation. Software projects developed for customers and joint venture partners often process highly sensitive data, such as car usage or owner information, that has the highest security priority. As more and more projects and applications are migrated to the public cloud, which comes with additional security challenges and compliance rules, teams need to know if their code is absolutely secure before any project can be delivered or made public.

the solution

SonarQube Enterprise Edition was selected by this Fortune Global 500 company to measure the quality and security of all its code and to detect and remediate vulnerabilities as early as possible. SonarQube is seamlessly integrated into a DevOps tool chain that is used by 500 developers in their daily work. By focusing on new code and following the Sonar “Clean as You Code” methodology, security issues are prioritized from the beginning, even for legacy projects. Developers have also installed SonarLint in their IDE to constantly learn and to conveniently scan code before submission.

the results

SonarQube enables the development teams to measure their code delivery against a well-established clean code standard on a daily basis. The security team and IT department managers have better visibility and are highly satisfied about the positive trends: The overall code quality increases and fewer vulnerabilities are detected in the final review just prior to delivery. With SonarQube and SonarLint, developers have the confidence that what they deliver is secure, high quality code that continually meets the team's and customer's standards.