Scanning RAML with SonarQube (MuleSoft Code)

SonarQube
,
#1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Not yet, however I will want to know which version will support scanning of RAML files.

  • what are you trying to achieve
    I am trying to build a pipeline where I will want to regularly scan the RAML files generated for Mulesoft and identify the issues and security flaws that could impact our delivery

  • what have you tried so far to achieve this
    I have just read this article and feel i can achieve this, however I want to be sure if I am on right track before. Guessing there is atleast one more like me who is/has successfully built this.

Appreciate your help.

Thanks,
Gautam

#2

Hi Guatam,

Welcome to the community!

Unfortunately, we don’t natively support RAML and I’m not aware of any community plugins that add the functionality.

 
:woman_shrugging:
Ann

#3

RAML is a YAML file

an application of the YAML 1.2 specification.

Reference: raml-spec/raml-10.md at master · raml-org/raml-spec (github.com)

Maybe the project below could be used.

sbaudoin/sonar-yaml: SonarQube plugin to analyse YAML files (github.com)

But something to add is that nowadays one better option is MuleSoft API Governance that brings the same functionality or even more.

1 Like