Building an Inclusive Codebase With SonarQube
How to use VMware’s open-source, inclusive-language-ext-for-sonarqube to track noninclusive terminology in your code
For better context, I highly suggest reading my previous article, "Inclusive Code-struction: A How-To Guide“, as this article serves as a follow-up.
As developers, we strive to write clean, efficient, and inclusive code. However, sometimes we unintentionally use noninclusive terms or phrases that can alienate certain groups of people. That’s where SonarQube comes in — a popular code analysis tool that helps us detect code quality issues and vulnerabilities.
With the help of VMware’s open-source Inclusive Language Extension for SonarQube, we can now track noninclusive terms and phrases in our codebase. In this article, I’ll provide a step-by-step guide on utilizing this extension with SonarQube to create a more inclusive codebase.
In this article, we will be referring to the community free edition of SonarQube as it is readily available for anyone to use.
Step 1: Installing Sonarqube
A SonarQube instance has three components: the SonarQube server, the database, and one or more scanners.
- The SonarQube server includes a web server for the UI, a search server based on Elasticsearch, and a compute engine for processing code analysis reports.
- The database stores metrics, issues related to code quality and security, and SonarQube instance configuration.
- Sonar scanners are used to analyze projects and can be run on build or continuous integration servers.
Make sure to check out the Prerequisites on the SonarQube Docs before following their documentation to Set up SonarQube. If you encounter any issues during the set-up, make sure to check out the SonarQube Community forum for support and troubleshooting.
Step 2: Installing VMware’s extension for SonarQube
VMware’s open-source extension for SonarQube has made it much easier for developers to create an inclusive codebase. The “Inclusive Terminology Rule” that it adds to the list of static analysis rules is a powerful tool that helps detect the problematic language in code.
Follow the docs to install the ITS plugin on your SonarQube Server.
Note
- The ITS rule needs to be enabled for any one language(like Java) on your SonarQube server, and the scans will follow the ITS rules regardless of the language your code is written in.
- If you’d like SonarQube to disable scanning on your project’s Non-code artifacts or documentation (code’s comments, README.md files, etc.), you can customize it by following the steps here.
- By default, SonarQube performs many code quality checks on various rules, which you can choose to disable if you want to use SonarQube solely for noninclusive terminology scanning. To achieve this, you can create zero-rule Quality Profiles by following the steps provided in this link.
Step 3: Scan your Project!
After setting up SonarQube and installing the Inclusive Language Extension, the next step is to scan your project for noninclusive terms. Scanning your project is straightforward, as the extension adds a new rule to the SonarQube rule set.
Once you’ve set up your project in SonarQube, you can enable the Inclusive Terminology rule and run a scan on your codebase. The scan will analyze your code and flag any instances of noninclusive terms that it detects, giving you a clear picture of where you need to make changes.
Now, you can frequently scan your codebase, track the progress in eliminating noninclusive terms and ensure that new code is more inclusive.
The process of scanning and tracking can be automated by integrating SonarQube into your build and continuous integration pipelines. This way, you can catch noninclusive terms early in the development process and fix them before they make it to production. Yay!
I hope this guide has been helpful in creating a more inclusive codebase for your projects. Please don’t hesitate to contact me if you have any further questions or need any clarification. Let’s work together towards building a more inclusive and welcoming tech community!
