Congratulations on realizing the importance of code quality automation!
If you are reading this article, you are perhaps thinking about the same question thousands of other MuleSoft customers are confused about – which is the best tool for automating MuleSoft project code review.
Below I attempt to give an unbiased compasion based on my own experience of using these tools.
Mule Lint
Mule lint is a Maven plugin and was initially developed to evaluate the Code Quality of Mulesoft projects on a limited set of connectors (i.e. for Loggers and HTTP requesters). The evaluation results were information giving, not enforcing. The generated report with the findings could be used for historical keeping.
This project is currently not actively maintained and archived by the authors.
Mule SonarQube Plugin
A SonarQube plugin to validate Mule applications code (Configuration Files) using SonarQube. This plugin contains a set of rules and metrics that are going to used and calculated every time a project is being inspected
Pros
- Free plugin is based on SonarQube
- Centralized rules management
- Integrate with CICD pipelines
- Centralized Code Quality reports for scanned projects
Cons
- IDE / Anypoint Studio plugin is not available to evaluate the code at development time
- Rules are based on XPath. Adding complex rules might be harder.
- No OOB industry standard rules
- Can scan only Mule configuration files, but not APIs (RAML/OAS), Properties/YAML, pom.xml or log4j.xml
- Does not offer Auto Fixing of issue
- No professional support
IZ Analyzer
IZ Analyzer is also a SonarQube plugin to scan Mulesoft code implementations and APIs in an automated manner to make sure that only the quality integrations without security issues/vulnerability will make it through the Quality Gate.
IZ Analyzer makes the entire source code analysis enterprise grade with plugins to help catch the issues from design to deployment levels.
Pros
- Anypoint Studio plugin to catch the Quality issues at development time
- Rules Editor to evaluate and publish custom rules to SonarQube
- Support for both Mule (3.x, 4.x) and API (RAML 0.8 & 1.0, OAS 2.x & 3.x) projects
- Supports identifying issues in pom.xml, Properties / YAML and log4j.xml files
- OOB industry standard rules. 180+ rules for Mule and 50+ rules for APIs
- Auto Fix issue with the click of a button
- Add simple or complex custom rules to scan both Mule and API projects
- Professional Support
Cons
- Premium license – comes at a cost
- May be addictive once used to it 🙂
Falcon Suite vs Others
| Feature | Falcon Suite | Anypoint Governance | Sonar | Mule Lint |
|---|---|---|---|---|
| Purpose built for Mule code scanning |  |
 |
|
|
| Prebuilt Industry coding best practices for Mule projects | |
|
|
|
| Prebuilt Industry API design best practices | |
|
|
|
| Multiple rule profiles for Mule projects | |
|
|
|
| Multiple rule profiles for APIs | |
|
|
|
| Regular updates to the Mule rules | |
|
|
|
| Regular updates to the API rules | |
|
|
|
| API Policy checks | |
|
|
|
| Enterprise Support | |
|
|
|
| Scanning API code (RAML, YAML, OAS) | |
|
|
|
| Scanning Mule Project files (Dataweave, Properties, POM, etc.) | |
|
|
|
| Anypoint Studio Integrated | |
|
|
|
