Key Results
- 200 web and e-commerce applications mostly developed in PHP and JS
- 150 enterprise applications developed in C#, Node.js and Python
- CI/CD integration with Azure DevOps, GitLab and Bitbucket Pipelines
- Automated code analysis for 5,000 community-rated rules in only a few minutes
- SonarQube for IDE integration protects code commits
- Developers take full ownership of their code and deliver to a high-quality standard
- Code Quality & Code Security findings owned by developers
The challenge
Pernod Ricard, a worldwide producer of wines and spirits has 18,500 employees, and distributes 250 brands in 130 markets through more than 200 websites, mobile apps and e-commerce applications. These applications are an essential part of the business and require protection from data breaches and defacements. Additionally, Pernod Ricard develops 150 internal enterprise applications to support its business. These back office applications also must be protected as they are exposed to the internet in order to make them easily accessible by employees.
In addition to this huge landscape of security-sensitive applications, Pernod Ricard faces an additional challenge: all software development is outsourced to multiple development agencies. Without the right tool, there's no way to gauge the quality standard of all this outsourced code.
The solution
After initial market research, Pernod Ricard first selected a top-tier vendor from Gartner's SAST market report for a demo. “We were expecting to get something like a Rolls-Royce but were extremely disappointed”, said Hakim Rouatbi, IT Solutions Architect. The team then compared the product experience and results to SonarQube Server and the decision was straightforward. SonarQube Server provided an intuitive user interface, seamless integrations, faster analysis and precise, actionable analysis results.
SonarQube Server provided all this at a significantly lower price with a flexible licensing model. Hakim adds, “It’s super easy to get started and the interface is well thought through so that the right info just jumps at you”.
The results
For every development project, SonarQube Server is fully integrated into the existing Pernod Ricard CI/CD pipelines hosted in Bitbucket, GitLab and Azure. The analysis applies more than 5000+ rules across 30+ languages and finishes in only a few minutes. Many developers also use SonarQube for IDE in their IDE to spot issues before their code is committed.
All developers have access to SonarQube Server which enables the adoption of Clean Code practices throughout all projects. Analysis results are measured by the IT team through custom Quality Gates. These Quality Gates define the acceptance standard and are shared by developers of different agencies and backgrounds. This provides an easy way to determine if newly written code is clean and mergeable.
Using SonarQube Server equips Pernod Ricard with a common framework for proper discussions across development teams about what needs to be addressed. That framework allows Pernod Ricard to rise to the challenge of maintaining only Clean Code in its source code.