Industry: Automotive Manufacturer
Company Size: 40,000 employees; €25.5 billion revenue
The Challenge: The Struggle for SAP Code Quality and Compliance
Škoda, a leading automotive manufacturer, faced challenges ensuring the quality and security of their code aligned with internal and group-wide guidelines. Standard tools available on the market were not sufficient to fully meet their needs for compliance or effectiveness.
The consequences of these challenges for internal IT included increased costs, significant time consumption, and various inefficiencies. The primary goal for a new solution was to continuously maintain a safe, compliant, and up-to-date SAP landscape with a strong focus on quality assurance. Škoda needed a robust solution to properly support quality assurance in their complex SAP landscape.
The Solution: Škoda Implements Onapsis for Centralized, Proactive Quality Assurance
Škoda chose Onapsis because it best addressed their needs after conducting research for a DevSecOps solution. The decision was also based on positive referrals and the fact that Onapsis solutions are already widely used within their corporate group, helping them remain centralized.
The Škoda team described the implementation as smooth and the onboarding documentation as being among the best on the market. Onapsis Control for Code was implemented across a total of five production systems, including their main ERP solution and Data Warehouse.
Škoda leveraged Onapsis Control for Code to establish proactive quality processes, including:
- Transport scanning functionality checks with every new code transport to maintain consistent quality and compliance across the entire landscape.
- Continuous review and optimization of source code during development and modification of each application.
- Scaling development security efforts dramatically, with the solution now supporting approximately 300 developers.
- Streamlining their ability to run scans annually, and as maintenance or patch implementations occur.
- Achieving a robust, user-friendly, and flexible SAP security solution that integrates seamlessly into their landscape.
The Result: Reduction in Time Consumed and Top-Tier Compliance
Since implementing Onapsis, Škoda has seen continuous improvements in quality assurance. Onapsis Control for Code has helped them maintain more compliant and secure system landscapes, contributing to overall stability and risk reduction.
Key metrics and outcomes include:
- Seamlessly resolved more than 15,000 findings across critical areas like security, compliance, and data loss prevention over seven years.
- Marked improvement in transport scanning functionality, ensuring only clean code is transported.
- With a new secure-by-design approach and embedding security into development, the Škoda team now runs some of the highest-quality, most secure landscapes in the VW Group.
- Improvement in performance and stability of their SAP ERP and SRM systems, while reducing critical incidents.
- Reduction in manual effort during code reviews, helping developers identify and resolve critical issues quickly, accelerating their release process.
- Improvement in the quality of custom code and greater transparency throughout the transport process.
- Improved efficiencies with a low number of false-positive findings.