BAE SYSTEMS

About BAE Systems

BAE Systems is an international defense, aerospace, and security company providing advanced, technology-led defense, aerospace, and security solutions. Its major business lines include electronic warfare, sensing and communications equipment, armored vehicles, artillery systems, naval guns and naval ship repair, and cybersecurity and intelligence services. 

The challenge

You can’t risk a single defect in Aerospace and Defense software! Aerospace, defense, and military organizations use embedded software every day in every part of their operation - from equipment to logistics to highly sensitive operating systems. 

It is critical that every type of software they use is safe, secure, and reliable. In order for their software to support these standards, the foundation of the codebase must be written with the highest quality code. 

When high-quality code and high-performing software are required, developers are expected to deliver without a single defect. Large and complex codebases make this a challenge and strict government compliance requirements make it even more difficult.

As the largest defense contractor in Europe and one of the six largest suppliers to the U.S. Department of Defense, BAE Systems must maintain the highest reliability, security, and quality levels in its software. With these imperatives in mind, BAE Systems launched an organizational code quality and security initiative to establish enterprise-wide Clean Code standards that meet compliance regulations across the codebase.

The solution

BAE Systems selected SonarQube as its preferred solution for enterprise-wide code quality and security because it outperformed other vendors in:

• Fast speed of analysis
• Breadth and depth of issue detection (bugs, vulnerabilities, hotspots, etc.)
• Embedded contextual guidance in the development workflow for developers to quickly fix issues
• Broad support for languages, frameworks, and infrastructure technologies
• Easy administration of code quality standards using quality gates

By enforcing their code quality and security standards with SonarQube’s recommended quality gates, BAE Systems was able to achieve their Clean Code goals with efficiency and expediency, enabling developers to find and fix issues in their code without leaving the development workflow while also meeting compliance requirements. 

The development team at BAE Systems has found the following capabilities to be particularly valuable in achieving their organizational Clean Code goals:

• Branch analysis and pull request decoration
• The Clean as You Code methodology which reduces technical debt without losing forward momentum on new development
• In-context guidance and best practices to quickly educate developers
• Portfolios and executive reporting
• Comprehensive security reports

The results

Since implementing SonarQube into its development workflow, BAE Systems saves more than 15 hours per week on addressing bad code, and can also: 

• Focus their efforts on making sure that new code is clean and compliant instead of dedicating crucial time and resources to addressing technical debt
• Standardize code quality and security expectations across the organization
• Reinforce coding best practices to support a more maintainable codebase
• Ensure all code adheres to the strict compliance requirements of the defense industry

Software drives our weapon systems; command, control, and communications systems; intelligence systems; logistics; and infrastructure. Our ability to maintain situational awareness and our ability to fight, defend, and counter threats will be based on the capabilities of our software. In this new domain, software is both an enabler as well as a target of the fight.