Sonar Could Help Devs Build a Better Website

Microsoft’s Sonar, released last week under an open source license, could help developers build more effective and secure websites.

Sonar, a linting tool and site scanner, is the next evolution of the static scan tool, according to Microsoft.

The team that developed Microsoft’s Edge browser created Sonar as a better way for website maintainers to check performance and security issues. It searches out potential interoperability, performance, security and progressive Web app-related problems.

Finding website problems is half of what Sonar does. The other half is suggesting possible solutions.

Ease of Use

Microsoft first created a static scan tool within its Web browser in 2013 to detect optimizations for old versions of Internet Explorer, missing prefixes and outdated libraries. The updated version can execute website code. It has a modernized set of rules, capable of parallel test execution and integration with other services.

“Sonar will ease the adoption of Microsoft’s tooling and Azure for the community,” said Akshay Aggarwal, CEO of PeachTech and COO of Deja Vu Security.

However, “it is unlikely to move the needle on security significantly,” he told LinuxInsider.

Sonar combines existing technologies to address pressing security issues for Web developers. The innovation is in ease of use, as well as its integration capabilities with Microsoft’s developer tools and platform, he said.

What It Does

Sonar follows the trend of security tools being integrated with development according to the tenets of the DevSecOps movement, Aggarwal noted. Businesses can leverage Sonar without significant security programs to perform baseline assessments for security and to identify components with known vulnerabilities.

Microsoft donated Sonar to the JS Foundation this past summer. The Sonar Project code is available on Github.

The scanner tool is available as an open source Web service hosted by Microsoft and as a command-line (CLI) tool. The CLI functionality lets users integrate the tool directly into a website’s URL.

The service is deployed on top of Azure using Docker containers that can scan any publicly available website, said Antón Molleda, senior program manager for Microsoft Edge.

Sonar’s rules are backed by a collection of best practices for the Web. Links provide detailed documentation that keeps growing with each new rule built into the scanner, he explained.

How It Works

Sonar is a big improvement over previous scanners, according to Molleda. Among its advantages are the ability to execute website code instead of performing static analysis; a better set of rules; parallel test execution; and integration with other services.

Its completely open source code base is another benefit for continued development by the Sonar Project community.

Upcoming features under development:

  • A plug-in for Visual Studio Code;
  • Configuration customization options for the online service;
  • New rules for performance, accessibility, security, progressive Web apps and more.

The Sonar project is designed with a set of guiding principles that put the user at the center, build for the community’s best interests, and support collaboration with existing tools and services, according to Molleda.

Sonar’s Benefits

Sonar can be beneficial to just about every single website. But a developer or web designer must translate the analysis and take necessary actions, noted David Rosenthal, VP of digital business technology solutions at Razor Technology.

“In other words, I do not see it as necessary for your ‘non- customized GoDaddy WordPress site,'” he told LinuxInsider, but it is “absolutely valuable for larger and more complex websites with programming, third-party extensions,” and other tech features to manage.

9 thoughts on “Sonar Could Help Devs Build a Better Website

  1. I simply needed to say thanks again. I do not know what I might have done without those solutions shared by you over that concern. Previously it was an absolute difficult scenario in my position, however , looking at your specialized manner you solved it took me to jump with fulfillment. I’m happier for your work and in addition trust you comprehend what an amazing job you’re getting into educating most people through a web site. Most likely you haven’t got to know all of us.

  2. I am only writing to make you know what a incredible experience my friend’s girl undergone studying yuor web blog. She noticed several details, which include what it’s like to possess an ideal coaching nature to let others smoothly completely grasp a number of very confusing subject matter. You really did more than visitors’ expectations. I appreciate you for churning out those powerful, trusted, informative and in addition cool tips on the topic to Kate.

  3. I simply wanted to thank you so much all over again. I do not know what I could possibly have done without the actual information documented by you relating to that subject. Certainly was a frustrating condition for me personally, but viewing your specialized technique you treated it forced me to jump for fulfillment. I’m happy for this information and in addition hope that you are aware of an amazing job you’re providing training people through a site. Most probably you have never come across any of us.

  4. I simply wanted to appreciate you once again. I’m not certain the things I would have handled without those techniques shown by you on my theme. It absolutely was a hard situation in my circumstances, however , taking a look at the well-written tactic you handled that made me to weep over fulfillment. I will be happy for this guidance and in addition hope that you really know what a great job you’re undertaking educating some other people using your website. I am certain you have never encountered any of us.

  5. I would like to voice my appreciation for your kind-heartedness in support of men and women that must have guidance on this particular idea. Your very own commitment to passing the message up and down had been incredibly helpful and has surely made men and women like me to get to their desired goals. Your personal warm and friendly instruction implies much a person like me and much more to my peers. Thanks a ton; from each one of us.

  6. I not to mention my buddies were reading the nice tricks on your website while then I had a horrible feeling I had not expressed respect to the web blog owner for them. The men had been for this reason excited to study all of them and have now actually been using those things. I appreciate you for simply being well helpful and for picking this sort of awesome topics most people are really desperate to learn about. My personal honest regret for not expressing gratitude to you earlier.

  7. My wife and i felt very relieved Michael managed to do his investigation using the precious recommendations he made out of your web pages. It’s not at all simplistic to just find yourself giving freely procedures which usually people could have been selling. Therefore we do know we now have the website owner to appreciate because of that. Those explanations you have made, the simple site menu, the friendships your site help to create – it’s most exceptional, and it’s really making our son and our family recognize that the article is cool, which is highly vital. Thank you for the whole lot!

  8. I enjoy you because of your own efforts on this blog. My niece takes pleasure in getting into investigation and it’s really obvious why. Almost all know all about the lively method you deliver functional strategies on this web site and even recommend contribution from people on this idea so my princess is without question discovering a lot of things. Have fun with the rest of the new year. You’re the one performing a fantastic job.

Leave a Reply

Your email address will not be published.