Try our new research platform with insights from 80,000+ expert users
2023-07-07T15:28:00Z

Which code scanning solution is scanning MuleSoft?

BS
  • 5
  • 250
PeerSpot user
2

2 Answers

SS
User
2023-07-11T20:00:00Z
Jul 11, 2023
Real User
Jul 20, 2023

So, regarding your question, it was at clientX that I had the chance to first see these two tools into action, at least partially since we haven't gone fully live during that project. Mend.io is something I even proposed us to use here at newClient, since it does a Software Composition Analysis (SCA) and generates what's called a SBOM, Software Bill of Materials. It basically scans the pom.xml (before the package is built, not after) and generates a report with the dependencies and any known vulnerabilities, along with the CVE details/score, along with a proposed fix (if it exists). FOD can also be used for the same thing, and at clientX that was the intent, having it complementing the first scan made by mend.
As you described, there are these two concepts in the software security space, SCA and SAST. My feeling is that even though we can use the SCA capabilities of these tools (either Mend or FOD) for the SBOM generation, making sure we're not introducing a vulnerable component, for SAST (which is more focused on the code analysis) we're still very limited (mostly due to the nature of our Mule applications, totally XML based). I've never seen anything for the proprietary DW language either. Here at newClient we do use SonarQube loaded with a variation of the mule-sonarqube-plugin that is implemented in our pipelines to also generate a report and interrupt the build process if anything critical (we use it mostly to enforce internal standards via xpath rules) is found. If you need any assistance let me know steve.scott@apipeople.com - we are a Mule partner, expert and work in community bank/cu space on Fiserv, JHA, FIS etc.

PeerSpot user
Search for a product comparison
Rohit Sircar - PeerSpot reviewer
Vendor
2023-07-10T18:13:24Z
Jul 10, 2023
reviewer2560476 - PeerSpot reviewer
User
Sep 24, 2024

Please have a look at Falcon Suite (https://integralzone.com/falco...), a product built exclusively for MuleSoft project Governance, Auditing and Compliance. It addresses all of the above requirements and more.

PeerSpot user
Learn what your peers think about MuleSoft API Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Mulesoft API Manager is the portion of the Anypoint Platform that is used for the designing, building, managing, and publishing of APIs. Anypoint Platform uses Mule as its core runtime engine. Mulesoft API Manager is an extremely versatile solution. It offers users the ability to deploy their APIs in a number of different settings. You can use API Manager on a public cloud, a private cloud, or a hybrid. Additionally, users can use the solution to manage their deployments with ease. A few...
Download MuleSoft API Manager ReportRead more