top of page

THE CHALLENGE

  • ACC NZ sought to transition from SonarQube to a unified GitHub platform, enabling stronger integration between development, security, and compliance teams.

  • The objective was to simplify DevSecOps practices, embed actionable security insights, and improve visibility for their CISO Group.

HOW WE HELPED

Furō engineered a smooth migration by leveraging GitHub’s native capabilities - automating pipelines through GitHub Actions, enabling SARIF-based security reporting, and upskilling ACC NZ’s internal teams to maintain and extend these capabilities independently.

OUR IMPACT

  • 35% uplift in adoption of GitHub Advanced Security across repositories.

  • 50% faster time-to-market through improved automation and custom security pattern detection.

  • Enhanced visibility, consistency, and confidence in code security posture.

INDUSTRY

Government

LOCATION

New Zealand

SERVICES

GitHub Actions Development
GitHub Training & Enablement

TECHNOLOGIES

GitHub Enterprise
GitHub Advanced Security

Furō’s solution for ACC NZ earned us a finalist spot in the GitHub APAC Channel Award, underscoring our dedication to helping clients build stronger, more secure software environments. 

​The Customer

The Accident Compensation Corporation (ACC) is a Crown entity of the New Zealand government providing comprehensive, no-fault personal injury coverage for residents and visitors to New Zealand. As one of the country's largest public organisations, ACC plays a vital role in supporting people’s recovery from injury, funding treatment and rehabilitation, and helping prevent injuries across workplaces, roads, and communities. With a focus on innovation, efficiency, and equity in public service delivery, ACC NZ continues to modernise its technology stack to deliver better outcomes for the people it serves.

The Challenge

ACC NZ relied on SonarQube for static code analysis across its Java projects but aimed to consolidate toolsets and improve developer experience by standardising on GitHub.

 

The migration needed to:

  • Recreate SonarQube's capabilities - analysis and reporting capabilities within GitHub.

  • Expand GitHub Advanced Security - for richer security insights and code analysis capabilities

  • Embed security insights directly into developer workflows. 

The goal was a more integrated, automated, and observable DevSecOps environment - reducing tool fragmentation and improving visibility for the CISO group.

Furō's Approach

Furo partnered with ACC NZ to design and implement a seamless transition from SonarQube to GitHub’s native platform capabilities.

Key components of the solution included:

  • Automated workflows using GitHub Actions to streamline CI/CD processes.

  • GitHub Advanced Security SARIF file imports to enhance vulnerability scanning and reporting.

  • Reusable patterns to detect custom code vulnerabilities specific to ACC's environment.

  • Hands-on training to empower ACC NZ's teams to confidently develop and extend GitHub Actions independently.

By embedding security and automation into the core of their development lifecycle, Furō ensured ACC’s platform was not only modernised but also future-ready.

Furō's Impact

​The engagement delivered measurable and lasting outcomes, reflecting improvements in tool consolidation, repository security, code pattern detection, and overall developer experience.

  • 35% increase GitHub Advanced Security adoption - broadening enhanced overall security coverage and strengthening comprehensive protection across their codebase.

  • 50% reduction in time-to-market, driven by automated checks and accelerated vulnerability detection.

  • Simplified toolchain and governance, reducing operational overhead and strengthening collaboration between development and security teams.

  • Improved developer experience, with actionable insights surfaced early and integrated directly into everyday workflows

With Furō’s guidance, ACC NZ successfully transitioned to a unified DevSecOps platform that delivers clarity, automation, and control at scale. What began as a migration project evolved into a foundation for continuous security innovation - empowering ACC NZ’s teams to build with confidence and deliver with speed.

Advanced detection capability enabled more precise and proactive management of code quality.

-- GitHub APAC Channel award 2024 

bottom of page