Mule application code review using SonarQube

  • November 25, 2020

Setting up SonarQube for Mule 4 

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells and security vulnerabilities on more than 20 programming languages.

The Mule SonarQube Plugin is open source and designed to validate Mule applications code using SonarQube. This plugin contains a set of rules and metrics that will be used and calculated every time you inspect a project.

To set up the Mule SonarQube plugin:

  1. Download the source code from the mulesoft-catalyst GitHub repository: https://github.com/mulesoft-catalyst/mule-sonarqube-plugin.
  2. Package the Mule SonarQube plugin by running the following maven command where the pom.xml of the plugin project is located. Use the mvn clean package sonar-packaging:sonar-plugin -Dlanguage=mule command to generate the jar of the project where the Mule 4 rules are located. These rules are used to validate whether the Mule project satisfies the rules needed to pass the code quality requirement of your Mule application.
    3. SonarQube1
  3. Copy the mule-validation-sonarqube-plugin-{version}-mule.jar file and the Mule 4 rules to the sonar-home/extensions/plugins folder.
    4. SonarQube2
  4. In the wrapper.conf file in the configuration folder of the SonarQube home, change the Java wrapper configuration to refer to the Java 11 bin folder so SonarQube meets the JDK requirement to start.
    5. SonarQube3
  5. In the settings.xml file of the .m2 maven directory, set a profile for the SonarQube configuration that contains the URL on which the SonarQube server will be up and running. Also, in the pom.xml of your Mule project to be scanned, add the path to the src/ folders of your Mule project — as shown below.
    SonarQube4
    SonarQube5

Creating code reviews using SonarQube

  1. Start the SonarQube server by running the startSonar.bat file in the bin folder and check that the server is up and running. The server runs on http://localhost:9000. Log in using the default settings with the username and password set as admin.

    After that, you’ll see the projects page displaying the projects being tested with code coverage, vulnerabilities and code smells.

    SonarQube6
  2. In the General Settings –> Languages tab, select the language as XML and remove the .xml extension. Because the plugin inspects XML files and SonarQube already comes with an XML plugin, you must modify this behavior so only one plugin inspects XML files.
    3. SonarQube7
  3. In the Quality Profiles, select Mule so Mule 4 rules are set as default.
    4. SonarQube8
  4. Run the Mule 4 application using the mvn sonar:sonar in the command prompt and the path to the root directory of the Mule 4 project.
    5. SonarQube9
  5. After the build is successful, a report is generated on the Project tab in the SonarQube UI. Any underlying issues and improvements in the code will be suggested under the Issues tab.
    6. SonarQube10
    SonarQube11

— By Prathmesh Shirshivka