sonar: Linting the web forward
Introducing sonar
Today, we are excited to announce the next evolution of the static scan tool: sonar, a new linting tool and site scanner for the modern web.
sonar brings many improvements compared to previous scanners: execution of website code instead of static analysis, a more flexible and modernized set of rules, parallel test execution, integration with other services, a completely open source code base from day one, and more. Additionally, sonar can also be used as a command line tool (CLI) that you can integrate directly into your local web development workflows.
Web development is more than HTML, JavaScript, and CSS: developers are expected to have a grasp of accessibility, performance, security, emerging standards, and more, all while refreshing this knowledge every few months as the web evolves.
Linting the web forward
Simply put, the web is complex, and we want sonar to make it a bit easier for you to write great websites. To make sure that sonar can be helpful not only now, but in the future, we started with a set of guiding principles before we wrote a single line of code.
Put the user at the center
Rather than just telling developers what was wrong, sonar had to also say why. It is important to know the reason for an issue so developers can decide if that really applies to their work. The requirements from website to website can change a lot―for example, an intranet website and an online shopping experience will have vastly different needs. Therefore, sonar should also be easy to use, configure, and expand.
Build for the community’s best interests
The web belongs to everyone, and this project should too. Everything had to be open sourced since the beginning, but that wasn’t enough―we wanted to go even further and make it easier for the web community to get involved, and remove any possible doubt that this project has the community’s best interest in mind. For that reason, we decided to donate the project to the JS Foundation early during the summer.
Collaborate with existing tools and services
sonar should avoid reinventing the wheel, instead leveraging and integrating existing tools and services that help developers build for the web. We are happy to say that sonar now integrates with aXe Core, AMP validator, snyk.io, SSL Labs, and Cloudinary.
https://channel9.msdn.com/Events/WebPlatformSummit/Microsoft-Edge-Web-Summit-2017/ES07
You can hear more about sonar’s history and guiding principles in our session at Microsoft Edge Web Summit.
sonar today, and what’s next
We’ve come a long way since we wrote down those principles a few months ago: sonar is now available as an open sourced command line utility, built on node, that you can install via npm. Additionally, it has an open-source online service, deployed on top of Azure, using docker containers, that can scan any publicly available website. sonar’s rules are backed by a collection of best practices for the web, with links to more detailed documentation that keeps growing with each new rule.
But this is just the beginning. We’re hard at work on a backlog of exciting features for future releases, such as:
- A plug-in for Visual Studio Code: We want sonar to help you write better websites, and what better moment than when you are in your editor.
- Configuration options for the online service: As we fine tune the infrastructure, the rule configuration for our scanner is locked, but we look forward to adding customization options here in the near future.
- New rules for a variety of areas like performance, accessibility, security, Progressive Web Apps, and more.
If you are excited about sonar, making a better web, and want to contribute, we have a few issues where you might be able to help. Also, don’t forget to check the rest of the sonarwhal GitHub organization. PRs are always welcome and appreciated!
Take a few moments to try the sonar scanner and the CLI, and let us know what you think at @narwhallnellie on Twitter or in the comments below!
– Antón Molleda, Senior Program Manager, Microsoft Edge