C4E

IZ Analyzer – Scanning API Projects

Written by:
Published on May 7, 2021

IZ Analyzer – Scanning API Projects

In an API and microservices world, the quality of the deliverable becomes paramount – since a weak link can break the whole chain.

In the previous blog posts, we had seen how Mulesoft code implementations could be quality tested in an automated manner with IZ Analyzer.

Now with API Analyzer plugin, APIs can be quality tested in an automated manner. Make sure that only the quality integration without security issues/vulnerability will make it through the quality gate. API Analyzer plugin supports scanning multiple APIs within the same project. Supported versions include –

  • RAML 0.8
  • RAML 1.0
  • OAS / Swagger 2.0
  • OAS 3.0

Scanning using Anypoint Studio plugin

.

Prerequisite

Make sure you have –

On The Fly Results

  • Navigate to WindowPreferencesIZ Preferences, provide the appropriate Service Url
  • Click on Sync Metadata to sync the Organizations and available Quality Profiles
  • Select desired API Analyzer Quality profile
scan api
  • Navigate to Window Show ViewotherIZ Analyzer → select On the Fly Results
  • Open the API (RAML or OAS) file to view the results
scan api
  • More information about scanning projects in Anypoint Studio can be found here.

Scanning using Sonar Scanner

API projects can be scanned using sonar scanner to view the scan results in web dashboard. More details on scanning the project using CLI can be found here.

API Analysis dashboard after a successful scan would look similar to –

scan api

Details of issue displaying the exact file and line numbers –

scan api

Choosing between multiple APIs

If a project contains multiple APIs, all the available APIs will be scanned. There might be certain scenarios where we need to scan specific APIs instead of all.

Specific APIs can be included or excluded by using analyzer-apis.json file. Create a file called analyzer-apis.json in the project root directory and specify the required APIs to be scanned.

In the example below, only api_1.raml and api_2.raml will be considered during analysis.

{
  "apis": [
    "relative/path/to/api_1.raml",
    "relative/path/to/api_2.raml"
  ]
}

End Note

Hope you found this article interesting. Do drop us a comment below with your inputs, views, and opinions regarding scanning API projects using IZ Analyzer.

Try API Analyzer for Free

You can try our online free scanner to get a quick report of all quality issues in your API project.

Try Now – https://analyzer.integralzone.com/try

Book Online Demo – https://integralzone.com/book-online-demo/

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Blog Posts

Other Blog Posts

Mulesoft Development Fundamentals: Dataweave Best Practices

‘MuleSoft development fundamentals’ is a blog series that takes you through various aspects of MuleSoft development from “How to structure your Mule code” to “Things to cater to when you deploy to production”. We would love to share our expertise with the Community, having worked with several MuleSoft Enterprise clients. Please find all the blogs …

Read more

Mind Your Code Quality; It’s an Asset

When comes to code quality, I have seen discussion rather than an argument that the main task of a developer is to deliver working code to the customer. Is it true? I don’t think so. It must be fully covered code; that means not only functionality-focused code, but the quality of code also matters. A …

Read more

Mule 4 Scheduler in Multi-Worker Environment

In MuleSoft projects, when there is a business requirement to self trigger a process, it can be realized in two unique ways:  Without human intervention Or Without external system invocation This is based on two further basic approaches: Schedule based (cron)  Time interval based  MuleSoft Scheduler MuleSoft provides the following scheduling mechanisms: Fixed Frequency schedule: Can …

Read more