It’s available both as a web service that’s hosted by Microsoft and as a command-line toolfor those who want to dig deeper and integrate it into their own workflows and rules.
If all of this sounds familiar, that’s possibly because Microsoft donated the Sonar project to the JS Foundation earlier this year. Now, however, you don’t need to be a command-line wizard to make it work for you. Just plug in your website’s URL and you’re good to go.
The Sonar team argues that its approach to analyzing websites is a bit different from other tools because it doesn’t just run a static analysis on the code. Instead, it actually executes the code in a container and can run tests in parallel. The team also integrated existing tools like aXe Core, AMP validator, snyk.io, SSL Labs and Cloudinary.
The requirements from website to website can change a lot―for example, an intranet website and an online shopping experience will have vastly different needs. Therefore, sonar should also be easy to use, configure, and expand.”
