Microsoft’s Open Source tool ‘Sonar’ lets developers check websites for performance and security issues

Credit: Microsoft Developer Forum

Microsoft has announced the launch of a new open-source tool called Sonar that lets developers check their websites for potential performance and security issues.

Sonar is a linting tool and site scanner with a focus on helping developers build better, faster and more secure websites. It’s available both as a web service that’s hosted by Microsoft and as a command-line tool for those who want to dig deeper and integrate it into their own workflows and rules.

Microsft first announced Sonar earlier this year as a donation to the JS Foundation as part of its ongoing commitment to befriending the open source community.

How it works
Sonar lints your site against a number of different best practices and custom rules and gives you a report with the results so you know exactly what you need to improve.

You simply enter your project’s URL, and Sonar will comb through it for accessibility, interoperability, performance, security and progressive web app-related issues.

Once the scanning is done, it lists the errors it’s found and explicitly explains what’s going wrong, highlighting the errant code snippets and offering possible solutions.

How is different from other tools?
According to Antón Molleda, the senior program manager for Microsoft Edge, Sonar improves on the capabilities of other linting tools by executing your website code in a container instead of simply performing a static analysis for more accurate results, as well as allowing for integration with other services. And if you don’t care to use Sonar in your browser, you can also invoke its command-line interface.

The team also integrated existing tools like aXe Core, AMP validator, snyk.io, SSL Labs and Cloudinary.

[related-posts]

Credit: Windows Blog