A Mendix Studio Pro extension that integrates Quality and Security Management directly into your development environment.
- Mendix Studio Pro 11.7.0 or higher (theoretically, it may also work with version 11.4.0, but this hasn’t been tested yet)
- Node.js 22.x or higher
- You have a Sigrid/QSM account
- You have a Sigrid API token
git clone https://github.com/Software-Improvement-Group/sigrid-mendix-studio-pro.git
cd sigrid-mendix-studio-pro
npm installEdit config.mjs and set your Mendix app directory path and Studio Pro version:
// 1. The path to your Mendix project folder
// Windows example: "C:\\Users\\username\\Mendix\\MyApp" (Note the double backslashes)
// macOS example: "/Users/username/Mendix/MyApp"
export const appDir = "/path/to/your/Mendix/App";
// 2. The Studio Pro version you are using (e.g. "11.7.0")
export const studioProVersion = "11.7.0";
// 3. macOS only: The name of your Studio Pro application in /Applications
// Example: "Studio Pro 11.7.0" or "Studio Pro 11.7.0 Beta"
export const studioProApp = "Studio Pro 11.7.0";This configuration is used for both building the extension and launching Studio Pro.
Build the extension and launch Studio Pro:
npm startThis will automatically build the extension, find the .mpr file in your appDir, and launch Studio Pro with extension development mode enabled.
For development with automatic rebuilds:
npm run build:dev # Build with watch mode- Locate the Extensions menu in Studio Pro's main menu bar.
- Select QSM > QSM Settings.
- Enter your Sigrid/QSM credentials:
- Customer: Your Sigrid/QSM customer name
- System: Your Sigrid/QSM system name
- Token: Your Sigrid API token
- Sigrid/QSM URL (optional): Only set this if you are using a self-hosted Sigrid/QSM instance. Leave blank to use the default
https://sigrid-says.com.
- Click Save settings
Settings are saved to qsm-settings.json in your Mendix project directory and loaded automatically when the extension starts.
- Locate the Extensions menu in Studio Pro's main menu bar.
- Select QSM > Show QSM findings.
- View Maintainability, Security and Open Source Health findings in the dockable pane:
- Scope Selector: Filter findings between the Entire system or the Selected file currently open in Studio Pro.
- Navigation: Each finding shows a 📂 or 📋 icon. Click the 📂 icon to open and focus the corresponding document in Studio Pro. Click the 📋 icon to view the full file path for non-navigatable findings.
- Edit Finding Status: Click the ✏️ icon next to any finding to open the edit dialog. From there you can update the finding's status (e.g. Raw, Will Fix, Accepted) and add a remark. Changes are saved to Sigrid automatically.
- Open Finding in Sigrid: For Security findings, click the 🔗 icon next to any finding to open the selected finding in Sigrid.
- Use the Reload data button to refresh findings from Sigrid.
- Use the New scan request button to trigger an on-demand QSM scan for the system. This feature only works for systems residing on the Mendix Team Server.
Copyright Software Improvement Group
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.