recently we finished our proof of concept regarding the Sonar ecosystem and how it could improve code quality in our software projects. The result was that we think it’s really useful and that we would like to implement it in our development process. For maintenance reasons and since we already use Azure DevOps, we would prefer to use SonarCloud.
However, since we’re a big German corporation, it is not that easy to use a cloud service… I have a huge checklist of questions regarding organization and compliance, human resources security, physical environment security,… you get the idea. Who can answer me all of those questions?
Since we’re probably not the only corporation (especially German one) running into this problem, I thought it might be useful if you could share this information here.
Thank you for your interest in SonarCloud, I’m glad your POC went well.
You may be pleased to know that you are not alone and it is not just Germany. We do receive these requests occasionally from all over the world.
While we understand the needs of our customers and the importance of their strong compliance processes, SonarCloud is really designed to be self-service and this is one way we maintain great value for our customers. So we are not resourced yet for this level of due diligence but we may be in the future.