Apisero is now part of NTT DATA - Learn more.

Close this search box.

Static Code Analysis of Mule 4 App with SonarQube Rules

Author: Kishori Patil

  • SonarQube is an open-source platform that is used to analyze the quality of your source code.
  • It is written in java but it can analyze the code of more than 20 programming languages using plugins.
  • SonarQube will automatically review your code to detect bugs, vulnerabilities, and code smells in your code. We can integrate it with the existing workflow so that it can provide static analysis of your code continuously.
  • By default, SonarQube will not validate/analyze the MuleSoft code. 
  • To analyze the MuleSoft code in SonarQube, we need to add the mule-sonarqube-plugin and basic rules for Mule 4 code to SonarQube which are provided by MuleSoft.
Mule-sonarqube-plugin generation:
  1. Download the source code from the mulesoft-catalyst GitHub repository https://github.com/mulesoft-catalyst/mule-sonarqube-plugin .
  2. To build the mule plugin run the following command in the command prompt,

mvn clean package sonar-packaging:sonar-plugin -Dlanguage=mule.

  1. Mule-validation-sonarqube-plugin-{version}-mule.jar file will be created in  */mule-sonarqube-plugin-master/target folder.

  1. Copy this created jar file of the plugin and rules Mule 3 Rules (rules-3.txt) and  Mule 4 Rules (rules-4.txt) from */src/test/resources to sonar-home/extensions/plugins 

  1. The addition of this plugin and rules will create a quality profile in SonarQube called Mule with two set of rules.

Create Access token in SonarQube:
  1. Login to your SonarQube and got to my account -> security.
  2. Write the name of your token and click generate.

  1. Your token will be generated. You have to copy and save this token somewhere. You can use it later.
Configurations to Analyze your project:
  1. for the server configuration, go to settings.xml file and create new profile as follow:

  1. It contains the URL on which the SonarQube server is running, and the access token of SonarQube created in the previous step.
  2. Add new property and build plugins in the pom.xml of the project as follow:

  1. Now login to your SonarQube. Go to  Administation -> configuration -> General Settings –> Languages ,select XML in Language and delete .xml from file suffix

  1. We have to delete .xml from there as SonarQube already has a plugin to detect XML code. Now only the mule plugin will detect and analyze .xml code.
  2. If you go to Quality Profiles and select Mule profile, you can see Mule 4 rules are set as default by mule-sonarqube-plugin. If you want to analyze the Mule 3 code you have to make Mule 3 rules as default.
  3. To analyze your code run the following command :

mvn sonar:sonar

  1. Once the build is successful goto sonarqube account project tab you can see the project analysis result. It is passed or failed depending upon the Quality gates defined.

  1. In Issue, you can see which rules are not followed by your application. You can make changes according to that.

  1. You can create your own rules and quality gates according to your need. 

We use cookies on this site to enhance your user experience. For a complete overview of how we use cookies, please see our privacy policy.