Vulnerability scanning for Mendix .mpa deployment package

Must-share information (formatted with Markdown):

  • which versions are you using: SonarQube - not sure of version
  • how is SonarQube deployed: on-premises
  • what are you trying to achieve: Vulnerability scan for Mendix deployment packages
  • what have you tried so far to achieve this:

In Mendix studio pro you can “Create Deployment Package” from the App menu. This creates an .mpa file, which is basically a special zip package. This can be scanned as it contains java and JavaScript files.

My question is has anyone setup quality gates specific to Mendix?


We don’t natively analyze Mendix files, and unfortunately I’m not aware of a community plugin for that either.

As a side note, you can get your SonarQube version from the page footer.


1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.