Mule-SonarQube-plugin - security concerns

sai123 · May 20, 2024, 10:37am

Hi Team,
Good day!

We are using SonarQube 9.9 LTA version, we would like to add Mule-SonarQube-plugin (GitHub - mulesoft-catalyst/mule-sonarqube-plugin: The Mule SonarQube Plugin provides the capability to do code inspecting and taking project metrics from a mule project using SonarQube.) to scan MuleSoft code as per mule ruleset.
We would like to know how this plugin works in point of security concerns, and can we use this plugin as this is not available in SonarQube marketplace?
and will this plugin prone to any data leakage

Kindly provide your inputs/feedback about this plugin

Colin · May 21, 2024, 12:27pm

Hey there.

We (Sonar) have no reason to believe it represents a specific security risk. And, we suggest reading this blog post:

Topic		Replies	Views
SonarQube for Mulesoft SonarQube Server / Community Build sonarqube	4	842	November 1, 2022
Mule compatibility with sonar 9.9.1 version SonarQube Server / Community Build	1	228	February 5, 2024
Mulesoft SonarCube plugin SonarQube Cloud plugin	2	2167	May 27, 2021
Mule sonarqube Plugin SonarQube Server / Community Build xml , sonarqube	2	2271	April 27, 2021
Scanning pom.xml with SonarQube (MuleSoft Code) SonarQube Server / Community Build sonarqube	7	1596	February 6, 2025