We performed a comparison between PortSwigger Burp Suite Professional and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is Burp Collaborator."
"The intercepting feature is the most valuable."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"The solution scans web applications and supports APIs, which are the main features I really like."
"The active scanner, which does an automated search of any web vulnerabilities."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The initial setup is simple."
"There's plenty of documentation available to users."
"We consider it a handy tool that helps to resolve our issues immediately."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"If code coverage is a low number then that's of great value to me."
"There is a free version."
"It is very good at identifying technical debt."
"The solution doesn't offer very good scalability."
"We'd like to have more integration potential across all versions of the product."
"Improvement should be done as per the requirements of customers."
"As with most automated security tools, too many false positives."
"If your application uses multi-factor authentication, registration management cannot be automated."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"The solution lacks sufficient stability."
"The solution’s pricing could be improved."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"SonarQube could improve its static application security testing as per the industry standard."
"I have found this solution creates more noise than competitors."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"It would be better if SonarQube provided a good UI for external configuration."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarQube is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our PortSwigger Burp Suite Professional vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.