Scanning RAML with SonarQube (MuleSoft Code)

gautam-mlc · July 6, 2021, 2:26am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Not yet, however I will want to know which version will support scanning of RAML files.
what are you trying to achieve
I am trying to build a pipeline where I will want to regularly scan the RAML files generated for Mulesoft and identify the issues and security flaws that could impact our delivery
what have you tried so far to achieve this
I have just read this article and feel i can achieve this, however I want to be sure if I am on right track before. Guessing there is atleast one more like me who is/has successfully built this.

Appreciate your help.

Thanks,
Gautam

ganncamp · July 12, 2021, 1:00pm

Hi Guatam,

Welcome to the community!

Unfortunately, we don’t natively support RAML and I’m not aware of any community plugins that add the functionality.

Ann

AndyDaSilva52 · November 1, 2022, 5:09pm

RAML is a YAML file

an application of the YAML 1.2 specification.

Reference: raml-spec/raml-10.md at master · raml-org/raml-spec (github.com)

Maybe the project below could be used.

sbaudoin/sonar-yaml: SonarQube plugin to analyse YAML files (github.com)

But something to add is that nowadays one better option is MuleSoft API Governance that brings the same functionality or even more.

API Governance Overview | MuleSoft Documentation

Amjad_Mogal · August 8, 2023, 1:15pm

Have you tried using IZ Analyzer (Analyzer | Integral Zone)? It scans all types of MuleSoft files include RAML, YAML, Properties etc., It’s the only tool that has native integration with both Anypoint Studio and Anypoint Platform for static code analysis and runtime code analysis. Please take a look at the product landing page for more details - Analyzer | Integral Zone.

Disclaimer: I am the founder of Integral Zone.