Sonar represents an update to Microsoft’s modern.IE scanner used to detect optimizations for old versions of Internet Explorer, outdated libraries, and missing prefixes.
Compared to previous scanners, sonar includes improvements such as execution of website code rather than static analysis, a more flexible, modern set of rules, parallel test execution, integration with other services, and a completely open source code base, Molleda wrote. Developers can also use sonar as a command line tool (CLI), that can be integrated directly into local web development workflows.
Microsoft created a set of guiding principles for sonar before creating the tool, according to the post. These include putting the user at the center—sonar not only tells developers when it spots an error, it also tells them why.
“It is important to know the reason for an issue so developers can decide if that really applies to their work,” Molleda wrote. “The requirements from website to website can change a lot―for example, an intranet website and an online shopping experience will have vastly different needs.” With that being the case, Microsoft set out to make sonar easy to use, configure, and expand.
Beyond open sourcing the code, Microsoft donated the project to the JS Foundation over the summer to make it more accessible to all.
Microsoft intended for sonar to “avoid reinventing the wheel,” Molleda wrote, instead tapping and integrating existing tools and services that help developers build for the web. With that being the case, sonar integrates with aXe Core, AMP validator, snyk.io, SSL Labs, and Cloudinary.
Sonar is now available as an open source online service, deployed on top of Azure using Docker containers.
Future releases will include features such as a plug-in for Visual Studio Code, configuration options for sonar, and new rules for areas such as performance, accessibility, security, and Progressive Web Apps.
The 3 big takeaways for TechRepublic readers
1. Microsoft’s new, open source linting tool and site scanner sonar offers developers an easier way to scan their sites for errors and security flaws.
2. Sonar includes improvements over previous scanners such as execution of website code rather than static analysis, a more flexible, modern rules, parallel test execution, integration with other services, and a completely open source code base
3. Sonar is now available as an open source online service, deployed on top of Azure using Docker containers.