Home » Insights » From Guesswork to Insight: A Data-Driven Guidewire Code Audit with GoQu
From Guesswork to Insight: A Data-Driven Guidewire Code Audit with GoQu
Jan 11, 2026 GoQu, Guidewire , Case study , GoQu, Guidewire, Quality Assurance
By Patryk Ladziński

See how a data-driven Guidewire code audit with GoQu turned a 3.9-million-line core platform into a clear roadmap for cost, risk and future change.

Large Guidewire platforms tend to grow organically over many years. Multiple teams, changing requirements, tight deadlines, and successive upgrades all leave their mark on the codebase. Over time, it becomes increasingly difficult to answer simple yet critical questions: Where is our real technical risk? Which systems will be the most expensive to change? And how much effort will it take to stabilise the platform?

A large German insurer approached Sollers with these very concerns. The goal was not another high-level code review, but a fact-based, measurable assessment of code quality, technical debt, and remediation effort across its Guidewire landscape using GoQu.

Scope of the Guidewire Code Audit

Using GoQu, Sollers carried out a Guidewire code audit, analysing BillingCenter, ClaimCenter and PolicyCenter and covering approximately 3.9 million lines of code in total. The audit focused on:

  • maintainability issues,
  • reliability and security vulnerabilities aligned with OWASP and CWE,
  • cyclomatic complexity,
  • estimated remediation effort expressed in person-days and cost.

Importantly, the analysis was performed consistently across all systems, using the same rule set, enabling a fair, system-to-system comparison.

What the Guidewire Code Audit Revealed

The scan identified 6,447 bugs and 20 vulnerability issues across the platform, with the highest concentration of issues in ClaimCenter and PolicyCenter. GoQu classified each finding, linked it to specific quality or security rules, and calculated the ratio of problematic code per system:

  • BillingCenter: ~21%
  • ClaimCenter: ~15%
  • PolicyCenter: ~16%

While these numbers already provided valuable insight, the most important outcome came from translating issues into remediation efforts.

GoQu – Gosu Code Analyser

Enhance productivity and efficiency by reducing the workload of developers and code reviewers

REQUEST A DEMO

Remediation Cost Does Not Scale with Code Size

One of the key findings of the audit was that cost of remediation does not increase in proportion with system size.

Although the systems differ in terms of their total code size, the estimated remediation effort varied disproportionately. In particular, PolicyCenter consistently emerged as the most expensive system to remediate, despite not being the largest in raw size. This confirms a pattern observed across many Guidewire platforms: long-term trends in code quality and architectural discipline matter far more than the number of lines of code.

Systems that evolve without consistent quality standards, architectural governance, and automated checks tend to accumulate structural issues over time. These issues compound, making even small changes increasingly expensive. Conversely, platforms with continuous quality enforcement remain more predictable and cheaper to evolve, even as they grow.

Complexity as a Cost Multiplier

The audit also revealed substantial variations in cyclomatic complexity cross the systems.

PolicyCenter showed an average complexity per class that was very high, indicating code that is harder to understand, test and modify safely.

High cyclomatic complexity translates directly into:

  • longer implementation time for even small changes,
  • more extensive and costly testing cycles,
  • higher risk of regressions and production incidents.

In practical terms, this means slower time to market, higher maintenance costs, and reduced agility, particularly in heavily customised and frequently changed systems, such as PolicyCenter.

From Guidewire Code Audit Findings to Business Decisions

For management, the most valuable outcome of the GoQu audit was clarity.  Instead of abstract discussions about technical debt or generic refactoring phases, the insurer received:

  • a ranked list of issues per system,
  • quantified remediation effort expressed in person-days,
  • clear identification of high-risk and high-impact areas.

This enabled them to prioritise remediation based on real ROI, plan stabilisation work realistically, and justify investment decisions with concrete data rather than assumptions.

Fast & trusted Guidewire® implementation partner

Helping P&C insurers around the world implement Guidewire solutions since 2011

See our Guidewire services

Why Continuous Audits Matter

This Guidewire code audit revealed that the majority of the remediation effort was not prompted by visible bugs or security vulnerabilities, but by structural maintainability issues that had accumulated over the years. Ignoring these issues does not make them disappear – it only increases future costs.

By adopting GoQu early and running Guidewire code audits continuously, organisations can:

  • detect complexity and structural maintainability issues before they escalate,
  • stabilise maintenance costs over time,
  • reduce the risk of critical outages,
  • keep Guidewire platforms scalable and upgrade-ready.

In this sense, GoQu is not just a quality tool, it is also a risk management and cost control mechanism for core insurance systems.

For the German insurer, the GoQu audit transformed a complex, Guidewire legacy environment into a manageable roadmap for stabilisation and future change. By quantifying technical debt and remediation costs, the organisation gained predictability, reduced risk, and established a solid foundation for future digital initiatives.

Conclusion

This audit confirms a critical insight: remediation cost is not driven by system size, but by long-term code quality trends and architectural discipline. Platforms that evolve without consistent standards, governance, and automated quality checks inevitably accumulate structural issues that compound over time, making future change increasingly expensive and risky.

In contrast, organisations that enforce quality rules continuously gain predictability in cost, delivery timelines, and risk exposure. GoQu enables this shift by making technical debt measurable and translating it into real business impact, expressed in person-days and cost. This moves refactoring and stabilisation from subjective, purely technical discussions to informed investment decisions.

Adopting GoQu early and using it continuously helps prevent technical debt from accumulating, stabilises maintenance effort, and makes Guidewire platforms easier to evolve. In this sense, GoQu is not just a code quality tool, but a practical way to protect IT budgets, business continuity, and long-term platform scalability.

Authors of the article

      Patryk Ladziński - Senior Developer at Sollers Consulting

Technology & Market Insights

Automation From slow automation to fast, repeatable releases
Read more
CEO Voices CEO Voices – Interview with Agnès Paquin, CEO of CNP Assurances IARD
Read more
Guidewire QA for Guidewire Cloud migration: a key to stay ahead in a demanding market
Read more
Guidewire Guidewire Cloud migration: faster innovation, lower costs, bigger impact
Read more
guidewire cloud
Cloud, Guidewire How to approach updates on Guidewire Cloud – from release cadence to adoption
Read more
SEE ALL INSIGHTS
FAQ - Guidewire Code Audit with GoQu
What is a Guidewire code audit with GoQu?
What types of issues can GoQu identify in a Guidewire platform?
How does GoQu translate technical findings into business value?
How often should a Guidewire code audit be performed?
Does GoQu replace manual code reviews?