Sonar aims to make web development easier by offering accessibility, performance, and security improvements, according to Microsoft.
On Wednesday, Microsoft announced a new, open source linting tool and site scanner that offers developers an easier way to search their sites for errors and security flaws. The tool, called sonar, is "the next evolution of the static scan tool," according to a blog post from Antón Molleda, senior program manager of Microsoft Edge.
Sonar represents an update to Microsoft's modern.IE scanner used to detect optimizations for old versions of Internet Explorer, outdated libraries, and missing prefixes.
Compared to previous scanners, sonar includes improvements such as execution of website code rather than static analysis, a more flexible, modern set of rules, parallel test execution, integration with other services, and a completely open source code base, Molleda wrote. Developers can also use sonar as a command line tool (CLI), that can be integrated directly into local web development workflows.
SEE: Telephone interview cheat sheet: Web developer (Tech Pro Research)
Microsoft created a set of guiding principles for sonar before creating the tool, according to the post. These include putting the user at the center—sonar not only tells developers when it spots an error, it also tells them why.
"It is important to know the reason for an issue so developers can decide if that really applies to their work," Molleda wrote. "The requirements from website to website can change a lot―for example, an intranet website and an online shopping experience will have vastly different needs." With that being the case, Microsoft set out to make sonar easy to use, configure, and expand.
Beyond open sourcing the code, Microsoft donated the project to the JS Foundation over the summer to make it more accessible to all.
Microsoft intended for sonar to "avoid reinventing the wheel," Molleda wrote, instead tapping and integrating existing tools and services that help developers build for the web. With that being the case, sonar integrates with aXe Core, AMP validator, snyk.io, SSL Labs, and Cloudinary.
Sonar is now available as an open source online service, deployed on top of Azure using Docker containers.
Future releases will include features such as a plug-in for Visual Studio Code, configuration options for sonar, and new rules for areas such as performance, accessibility, security, and Progressive Web Apps.
The 3 big takeaways for TechRepublic readers
1. Microsoft's new, open source linting tool and site scanner sonar offers developers an easier way to scan their sites for errors and security flaws.
2. Sonar includes improvements over previous scanners such as execution of website code rather than static analysis, a more flexible, modern rules, parallel test execution, integration with other services, and a completely open source code base
3. Sonar is now available as an open source online service, deployed on top of Azure using Docker containers.
- 7 Windows 10 security features that could help prevent cyberattacks against your business (TechRepublic)
- Windows 10 Fall Creators Update: New features and security options (ZDNet)
- Nearly undetectable Microsoft Office exploit installs malware without an email attachment (TechRepublic)
- How Microsoft is thinking differently about hardware and software (ZDNet)
- Microsoft's vulnerability database hacked in 2013, public kept in dark (TechRepublic)