Vulnerability scanning for Mendix .mpa deployment package

Peter_Mendez · May 10, 2023, 8:41pm

Must-share information (formatted with Markdown):

which versions are you using: SonarQube - not sure of version
how is SonarQube deployed: on-premises
what are you trying to achieve: Vulnerability scan for Mendix deployment packages
what have you tried so far to achieve this:

In Mendix studio pro you can “Create Deployment Package” from the App menu. This creates an .mpa file, which is basically a special zip package. This can be scanned as it contains java and JavaScript files.

My question is has anyone setup quality gates specific to Mendix?

ganncamp · May 12, 2023, 2:11pm

Hi,

We don’t natively analyze Mendix files, and unfortunately I’m not aware of a community plugin for that either.

As a side note, you can get your SonarQube version from the page footer.

Ann

system · May 19, 2023, 2:12pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.