Ping your site for security and performance issues

Sonar is a free online linting and scanning tool from Microsoft

James White
3 min readOct 29, 2017


From the team that brought the world Microsoft Edge comes a new open-source linting and scanning tool. The free tool, called Sonar, helps web developers identify and analyze website security and performance issues. In doing so, developers are better able to write the best code possible and work toward ridding the web of bad practices. The linting tool is available as an online service and as a command line tool. The online service is in preview so it may yield intermittent issues and unexpected results.

Web development is more than HTML, JavaScript, and CSS: developers are expected to have a grasp of accessibility, performance, security, emerging standards, and more, all while refreshing this knowledge every few months as the web evolves. — Antón Molleda, Senior Program Manager, Microsoft Edge

In June 2017, the JS Foundation announced they received Sonar as a donation from Microsoft. Microsoft donated Sonar to the JS Foundation because “a tool meant to serve the entire web should be built in an openly governed and neutral home,” according to the announcement. Sonar is now ready for use. The online scanner uses a pre-determined set of rules, but a future rendition will allow users to select the rules they want.

Analyze your website now

To get started with Sonar, input the URL of the website you want to analyze. Click the Run Scan button to begin the scanning process.

As the analysis begins, Sonar provides a convenient permalink that makes sharing the results easy. The tool also displays a status (Analyzing, Finished), a timer, and the total number of warnings and errors located by the scan.

Sonar scans a website using five rule categories: Accessibility, Interoperability, Performance, Progressive Web Apps (PWA) and Security. The tool displays the accumulated number of errors and warnings for each rule if any.

Once Sonar finishes its website analysis, details display for each error and warning. Click the Open Details button to expand and review the details of what specifically produced the warning. Also provided is a Sonar Documentation button that links to information explaining the importance of the warning, and what triggered it.

Sonar’s online service is deployed on top of Azure. It can scan any publicly accessible website. According to Antón Molleda, a Microsoft Edge Senior Program Manager, Sonar as it stands today is only the beginning. A plug-in for Visual Studio Code, configuration options for the online service, and new rules for a variety of areas are all coming to a future Sonar version.

Thank you for reading! :)

If this article helped you, please give it a *clap* before you go. And if it helped you, sharing it will help others too.

Contact me: Twitter | LinkedIn | 21



James White

Technical Writer and Content Producer