We performed a comparison between PortSwigger Burp Suite Professional and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"It offers very good accuracy. You can trust the results."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
"I have found the best features to be the performance and there are a lot of additional plugins available."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"The software quality gate streamlines the product's quality."
"It is very good at identifying technical debt."
"The product is simple."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"This solution has helped with the integration and building of our CICD pipeline."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"The technical support team's response time is mostly delayed and should be improved."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"The solution lacks sufficient stability."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"Scanning needs to be improved in enterprise and professional versions."
"In the Professional version, we cannot link it with the CI/CD process."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"Currently requires multiple tools, lacking one overall tool."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarQube is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our PortSwigger Burp Suite Professional vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.