Scanning pom.xml with SonarQube (MuleSoft Code)

zoeek · October 14, 2022, 12:56pm

I am using SonarQube v9.3 Community Edition and installed this plugin to scan mulesoft code.
GitHub - mulesoft-catalyst/mule-sonarqube-plugin: The Mule SonarQube Plugin provides the capability to do code inspecting and taking project metrics from a mule project using SonarQube.

I would like to scan the pom.xml in SonarQube.
The analysis scope is set as the project root folder.
The scan is triggered by running the below maven command.

 mvn sonar:sonar \
  -Dsonar.projectKey=<PROJECT_KEY> \
  -Dsonar.host.url=<HOST> \
-Dsonar.login=<LOGIN> -Dsonar.sources=.

However, pom.xml is not included in the scan result. How can I scan the pom.xml file?

Colin · October 17, 2022, 9:33am

Hey there.

Is your goal really to analyze the pom.xml file, or the Mulesoft configuration files that plugin is supposed to analyze?

zoeek · October 18, 2022, 6:22pm

My goal is to analyse the pom.xml file, like checking the mule version mentioned in the pom.xml file is as expected.

Goran_Petrovski · December 1, 2022, 10:57am

Hi all, is there any update on this? I have the same requirements. In my case I need to get artifactId or application name so I can create custom validation rules (using xpath). I have tried with sonar.sources=pom.xml sonar.sources=. and also sonar.inclusions=pom.xml but it is not working for me.
Thanks,

Laksh_Nanda · January 25, 2023, 7:31pm

Hi Goran,
Did you find the solution?
Or a work around.

I’m facing the same problem currently.

lucianoailos · July 4, 2023, 12:39pm

Hi! Any solution?

bermala · July 6, 2023, 4:22am

Hey Goran, Any solution for this?