Streaming Code Quality and Security in Healthcare | Sonar Summit 2026

The Challenge of Scale

Rush, a large healthcare organization, operates with an extensive and diverse codebase spanning multiple technology stacks including Java, C#, .NET, C++, Rust, and Python. With developers distributed across different countries working on thousands of projects, the organization faced a critical challenge: maintaining consistent code quality and security standards across its vast software development infrastructure. This complexity became evident when Rush's initial approach to code quality management—empowering individual teams to create their own quality gates and profiles—resulted in organizational fragmentation with over 160 distinct quality gate definitions across the Sonar instance.

Consolidation and Standardization Strategy

Recognizing the need for organizational-level visibility and consistency, Rush's embedded security and compliance team, led by Chary Narasimha and Deepak Pandey, embarked on an ambitious standardization initiative. Rather than imposing changes unilaterally, the team involved critical stakeholders including developers, security experts, and architects in designing a new framework. The result was a dramatic consolidation from 160+ quality gates down to 8-10 standardized quality gates, each designed to accommodate different scenarios and project maturity levels. These gates were structured hierarchically—level one through three—allowing teams to understand their current standing and identify areas for improvement in both code quality and security posture.

Collaborative Implementation and Stakeholder Buy-In

The success of Rush's standardization initiative hinged on inclusive stakeholder engagement. The team recognized that different groups would be impacted differently: new development teams could easily adopt the standardized gates during onboarding, while legacy products in maintenance phases faced greater challenges with compliance. By involving all affected parties in gate design, Rush ensured that every product team could fit into one of the defined categories, creating a more receptive environment for change than a top-down mandate would have achieved.

Measurable Impact on Codebase Health

The benefits of standardization extended beyond organizational metrics. Across 9,000 projects analyzed with approximately 100 million lines of code, the standardized quality gates enabled Rush to identify code duplicates, legacy code segments, and bloated code that was no longer necessary. By focusing teams on maintaining clean new code rather than attempting to remediate large legacy systems, the initiative simultaneously reduced codebase size and eliminated developer hesitation about modifying unfamiliar code. This psychological shift—removing the fear that touching unfamiliar code would cause system failures—contributed to meaningful reductions in technical debt and improved overall code health.

Key Takeaways

• Standardization requires stakeholder collaboration: Effective quality gate consolidation depends on involving developers, security experts, and architects in design rather than implementing unilateral decisions
• Tiered approaches accommodate organizational diversity: Multiple quality gate levels allow organizations to measure progress across different project types and maturity stages
• Scale enables data-driven insights: Analyzing 100 million lines of code across 9,000 projects provides organizational visibility into code quality trends and technical debt
• Cultural change complements technical implementation: Removing developer fear around code modification and fostering ownership of code quality drives adoption and measurable results
• Strategic consolidation yields efficiency gains: Reducing from 160+ to 8-10 quality gates improved manageability while maintaining comprehensive coverage of organizational needs