Check websites for security and performance issues with Sonar - gHacks Tech News

Check websites for security and performance issues with Sonar

Microsoft's Edge development team launched a new open source website scanner called Sonar yesterday which tests websites for security and performance issues.

Sonar is available as a web tool and command line tool; the web version of Sonar is easier to use though, as it requires just an URL to get started with the scan.

Initial scans were delayed quite a bit, likely because Sonar has been covered by news sites on launch day.  New scan requests are added to Sonar's processing queue. The service displays a permalink for the scan though which you can bookmark or keep open to open it at a later point in time.

Options to receive notifications when scans complete are not available though, and the page does not refresh automatically; so, reload frequently to get the tests results.

sonar web scanner

Sonar displays an overview of the scan at the top. It lists the total number of warnings and errors, as well as the scan time at the top. Below that a listing of warnings and errors sorted into groups such as accessibility, performance, security or interoperability.

You can click on any of those to jump to the details of that section. Sonar lists the issues that it found, e.g. no-protocol-relative-urls or meta-viewport, and the number of errors or warnings it found for each.

You need to click on the "open details" button next to an issue for details on the findings. This includes an error description, and the page element the error was detected on.

This may be enough to fix the issue right away, but you can click on the paper sheet icon as well to open information on that particular issue to find out more about it.

Sonar may highlight security issues, for instance when it detects libraries that are loaded that have known vulnerabilities. This is extremely useful but limited to what Sonar is configured to detect. You should not rely solely on the service when it comes to security, but it may assists you in your assessment.

Closing Words

Sonar is a service that is mostly useful for webmasters and administrators. While end users may use Sonar to scan their favorite websites, there is little that is gained from that.

Summary
Check websites for security and performance issues with Sonar
Article Name
Check websites for security and performance issues with Sonar
Description
Microsoft's Edge development team launched a new open source website scanner called Sonar yesterday which tests websites for security and performance issues.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Leo Feret said on October 27, 2017 at 4:52 pm
    Reply

    If you click on each “Open Details” you create a total report for what it found, which you can then print or save. The service plans to improve what it does in the future, so I will stay tuned….

  2. Felina Erse said on October 27, 2017 at 10:48 pm
    Reply

    Microsoft’s Sonar has a long way to go before it is a good as Google’s VirusTotal https://www.virustotal.com/en/

  3. jasray said on October 28, 2017 at 1:14 am
    Reply

    Nice!

  4. GreenL said on October 28, 2017 at 6:03 am
    Reply

    Wow, Ghacks seems to have several problems according to Sonar. Do you plan fixing it?

    1. Martin Brinkmann said on October 28, 2017 at 6:46 am
      Reply

      New theme coming :)

  5. ilev said on October 29, 2017 at 7:12 am
    Reply

    Can’t scan https sites as Sonar adds http to every url.

    1. Martin Brinkmann said on October 29, 2017 at 9:25 am
      Reply

      I did scan Ghacks, and it is https. Did you add the protocol in front of the address?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.