Agence du Numérique en Santé

About Agence du Numérique en Santé

ANS, a key player in France's digital health landscape, is responsible for providing reliable and secure digital health services to French citizens. With the increasing complexity of modern software development, ANS recognized the critical need for a robust solution to manage code quality and security across its various projects. They turned to SonarQube to centralize coding standards, improve developer productivity, and ensure the delivery of high-quality, secure software.

The challenge

ANS faced several challenges in maintaining code quality and security. Their previous approach, based on SVN and manual code reviews, proved time-consuming and inconsistent. They were unable to obtain a clear picture of the overall health of their codebase. Identifying bugs and security flaws late in the software development cycle led to increased technical debt, higher costs to find and fix, and a high risk of deploying vulnerable code. A lack of consistent code coverage also contributed to production issues.

The solution

ANS implemented SonarQube Server to address these challenges. SonarQube's comprehensive feature set, ease of integration with Git and GitLab in their CI/CD pipeline, automated code review capabilities, and focus on both code quality and security made it the ideal choice. 

The results

SonarQube has delivered significant improvements for ANS:

• Improved Code Quality: Developers are now more aware of potential issues and proactively address them.
• Reduced Technical Debt: SonarQube enables more effective identification and management of cod smells leading to technical debt.
• Enhanced Security: Not only were finding and fixing known security vulnerabilities a benefit, but the security hotspots feature has been invaluable in identifying and mitigating potential security vulnerabilities.
• Increased Team Awareness: Real-time feedback on each branch and merge request ensures quality control and prevents the introduction of new issues. Developers see the impact of their code in their feature branch, fostering a sense of ownership.
• Improved Test Coverage: ANS now enforces the creation of unit test scripts as developers write code with a target of maintaining a minimum of 80% code coverage for new code. This has led to a significant project-wide increase in test coverage from a low of 30% up to a respectable 60%, with newer stacks consistently achieving a minimum of 80% and legacy projects showing marked improvement from 0-5% to 15-20%.
• Reduction in Production Bugs: SonarQube has significantly contributed to fewer post-deployment issues and reduced release delays.
• Decreased Code Smells and Vulnerabilities: ANS tracks these metrics monthly, observing a positive trend in code quality improvement.

Conclusion

SonarQube Server has been instrumental in transforming ANS's approach to software development. By adopting a philosophy of resolving all issues in new code and leveraging SonarQube's powerful features, ANS has achieved higher code quality, enhanced security, and improved developer productivity. This has resulted in more reliable and secure digital health services for the citizens of France.