Scanning RAML with SonarQube (MuleSoft Code)

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Not yet, however I will want to know which version will support scanning of RAML files.

  • what are you trying to achieve
    I am trying to build a pipeline where I will want to regularly scan the RAML files generated for Mulesoft and identify the issues and security flaws that could impact our delivery

  • what have you tried so far to achieve this
    I have just read this article and feel i can achieve this, however I want to be sure if I am on right track before. Guessing there is atleast one more like me who is/has successfully built this.

Appreciate your help.


Hi Guatam,

Welcome to the community!

Unfortunately, we don’t natively support RAML and I’m not aware of any community plugins that add the functionality.


RAML is a YAML file

an application of the YAML 1.2 specification.

Reference: raml-spec/ at master · raml-org/raml-spec (

Maybe the project below could be used.

sbaudoin/sonar-yaml: SonarQube plugin to analyse YAML files (

But something to add is that nowadays one better option is MuleSoft API Governance that brings the same functionality or even more.

1 Like