Microsoft’s new open source tool can scan your website for security and performance headaches

Microsoft’s Sonar checks accessibility, interoperability, performance, Progressive Web Apps, and security.



89efa22df6f052fdd661ae3a47871c89.pngSonar’s “Nellie the narwhal” logo



Microsoft’s Edge browser team has released an open source ‘linting’ tool and a site scanner to help web developers secure their sites and keep up with evolving web standards.

According to Microsoft, Sonar improves on available static site scanners by executing website code, while integrating with other scanning services such as Qualys’ SSL certificate configuration testing service SSL Server Test, aXe for testing a site’s accessibility support, the Google-founded AMP Project, and, which is Sonar’s scanner for vulnerable JavaScript libraries.

Sonar currently supports five key rules categories to check a site for accessibility, interoperability with different browsers, and performance for fast page load times, Progressive Web Apps, and security.

Microsoft earlier this year donated the Sonar project to the JS Foundation to “remove any possible doubt that this project has the community’s best interest in mind”.

The project builds on earlier scanning tools Microsoft released to fix site coding problems caused by the need to support various versions of Internet Explorer.

Sonar was originally a command-line tool but it now has a ‘Nellie the narwhal’-branded online site scanner hosted on Azure, which allows developers to take a quick site health check.

According to Snyk, by default Sonar checks for the presence of JavaScript libraries with known vulnerabilities. Sonar scans for libraries and versions being used, then checks Snyk’s client-side JavaScript vulnerabilities and produces report with links to issues on Snyk, which has information to remedy the vulnerability. Snyk notes developers will still need to check server side code for similar bugs.

Following a study last year that found 37 percent of 133,000 websites had at least one JavaScript library with a known vulnerability, Snyk ran its own scan of the top 5,000 URLs and found that 76.6 percent were running a JavaScript library with at least one buggy library.

Cloudinary is supporting Sonar’s performance check with its website speed assessment tool, which shows how image size, format and other factors can reduce file size without compromising the experience.

Other features coming to Sonar in the future include a plug-in for Visual Studio Code, the ability to customize rule configuration in the scanner, and more rules to assess performance, accessibility, security, and Progressive Web Apps.

Comments are closed.

%d bloggers like this: