Mule application code review using SonarQube

Setting up SonarQube for Mule 4

1. SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
2. Mule SonarQube Plugin is open source and designed to validate the Mule applications code using SonarQube. This plugin contains a set of rules and metrics that are going to be used and calculated every time a project is being inspected.
3. To set up the Mule Sonar plugin download the source code from mulesoft-catalyst GitHub repository https://github.com/mulesoft-catalyst/mule-sonarqube-plugin .
4. Package the Mule sonar plugin by running the following maven command where the pom.xml of the plugin project is located. Use the mvn clean package sonar-packaging:sonar-plugin -Dlanguage=mule command to generate the jar of the project wherein the Mule 4 rules are located. These rules are used to validate whether the Mule project satisfies the rules that are needed to pass the code quality requirement of our Mule application.

5. Copy the mule-validation-sonarqube-plugin-{version}-mule.jar file and the Mule 4 rules to the sonar-home/extensions/plugins folder.

6. In the wrapper.conf file in the conf folder of sonarQube home change the java wrapper conf to refer to the java 11 bin folder so that sonarQube meets the JDK requirement to start,

7. In the settings.xml file of the .m2 maven directory set a profile for sonarqube configuration which contains the url on which the SonarQube server will be up and running. Also in the pom.xml of your Mule project to be scanned add the path to the src/ folders of your Mule project as shown below.

Creating code reviews using sonarQube

1. Startup the sonarQube server by running the startSonar.bat file in the bin folder and check up the server is up and running. The server runs on http://localhost:9000 and login using default settings with username and password as admin.
2. After that, you will see the projects page where the projects which are being tested are displayed with code coverage, vulnerabilities, code smells.

3. In the General Settings –> Languages tab select the language as XML and remove the .xml extension because As the plugin inspects XML files and SonarQube already comes with an XML plugin, you have to modify this behavior so only one plugin inspects XML files.

4. In the Quality Profiles select Mule so that Mule 4 rules are set as default.

5. Run the Mule 4 application using the mvn sonar:sonar in the command prompt and the path to the root directory of the Mule 4 project.

6. After the build is successful , a report is generated on the project tab in sonarQube UI.Also the underlying issues and improvements in the code are suggested under the Issues Tab

Reference: https://www.apisero.com/mule-application-code-review-using-sonarqube/