Microsoft’s Sonar lets you check your website for performance and security issues
The team behind Microsoft’s Edge browser launched a new open-source tool today that lets you check your website — or really any other website if you’re so inclined — for potential performance and security issues. Sonar, as the project is called, is a linting tool and site scanner with a focus on helping developers build better, faster and more secure websites. It’s available both as a web service that’s hosted by Microsoft and as a command-line tool for those who want to dig deeper and integrate it into their own workflows and rules.
If all of this sounds familiar, that’s possibly because Microsoft donated the Sonar project to the JS Foundation earlier this year. Now, however, you don’t need to be a command-line wizard to make it work for you. Just plug in your website’s URL and you’re good to go.
The Sonar team argues that its approach to analyzing websites is a bit different from other tools because it doesn’t just run a static analysis on the code. Instead, it actually executes the code in a container and can run tests in parallel. The team also integrated existing tools like aXe Core, AMP validator, snyk.io, SSL Labs and Cloudinary.
The team also notes that it wanted to put the user at the center of the experience. “Rather than just telling developers what was wrong, sonar had to also say why,” Microsoft Edge PM Anton Molleda explains in today’s announcement. “It is important to know the reason for an issue so developers can decide if that really applies to their work. The requirements from website to website can change a lot―for example, an intranet website and an online shopping experience will have vastly different needs. Therefore, sonar should also be easy to use, configure, and expand.”
I trained the tool on techcrunch.com to see what recommendations it would come back with, but sadly all the errors it found came back with the same explanation: “Error in sonar analyzing this rule.” That’s not especially useful, but probably due to a lot of people trying out Sonar right now.