Transforming Code Quality & Code Security with SonarQube Server - The Wolters Kluwer Story

Company Overview and Context

Wolters Kluwer is a global organization operating in approximately 40 countries across multiple business domains, including tax and accounting, healthcare, corporate performance, legal, and regulatory services. Paul Edwards, a DevSecOps architect with over 20 years of experience spanning development and enterprise architecture roles, leads quality and security initiatives within the company's tax and accounting division. For the past eight years, Edwards has been instrumental in standardizing coding practices and driving quality improvements across nine European countries, helping align diverse teams toward consistent, high-quality software delivery standards.

Initial Challenges and Implementation Strategy

Before implementing SonarQube, Wolters Kluwer faced significant challenges in managing code quality across its portfolio. The organization lacked transparency regarding technical debt, making it difficult for senior management and development teams to assess the overall health of their codebase. While some teams had independently adopted the community edition of SonarQube around 2018, there was no unified, enterprise-wide approach to code quality governance. The company recognized the critical need for portfolio-level visibility to group projects under unified assets and products, where a single product could comprise over 100 sub-projects requiring consolidated oversight.

Enterprise Solution and Quality Gates Implementation

To address these challenges, Wolters Kluwer invested in the enterprise edition of SonarQube Server, moving beyond isolated community implementations. A primary goal was establishing quality gates integrated into their pull request workflows to prevent poor code from reaching master branches. Rather than discovering code quality issues after merging, the organization aimed to implement preventative controls that would enforce quality standards during the development process itself. This shift from reactive to proactive quality management represented a fundamental change in how the company approached code governance across its distributed European operations.

Participation in Advanced Security Program

As part of Sonar's commitment to innovation, Wolters Kluwer is participating in the SonarQube Advanced Security early access program. This involvement demonstrates the company's forward-thinking approach to code security and their willingness to adopt emerging capabilities that extend beyond traditional quality metrics. Edwards was expected to share insights from this early access experience, highlighting how advanced security features complement the organization's broader code quality and DevSecOps strategy.

Key Takeaways

• Portfolio Visibility: Enterprise SonarQube implementations enable organizations to consolidate technical debt transparency across hundreds of sub-projects, providing critical insights for senior management and stakeholders.
• Preventative Quality Controls: Quality gates integrated into pull request workflows stop defective code from reaching production, shifting organizations from reactive bug discovery to proactive quality enforcement.
• Enterprise Standardization: Centralized SonarQube Server deployments help align coding standards and practices across geographically distributed teams and multiple business units.
• Beyond Code Review: SonarQube complements traditional code reviews with automated quality checks and security enforcement, establishing additional safeguards in the development pipeline.