We performed a comparison between PortSwigger Burp Suite Professional and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The solution helped us discover vulnerabilities in our applications."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"You can download different plugins if you don't have them in the standard edition."
"The suite testing models are very good. It's very secure."
"The extension that it provides with the community version for the skills mapping is excellent."
"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"It easily ties into our continuous integration pipeline."
"The overall quality of the indicator is good."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"We have worked with the support from SonarQube and we have had good experiences."
"SonarQube is a fantastic tool which saves us precious time."
"In the Professional version, we cannot link it with the CI/CD process."
"The solution doesn't offer very good scalability."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"The solution’s pricing could be improved."
"The Initial setup is a bit complex."
"Improvement should be done as per the requirements of customers."
"It would be good if the solution could give us more details about what exactly is defective."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"We did have some trouble with the LDAP integration for the console."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"The product must improve security analysis."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarQube is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our PortSwigger Burp Suite Professional vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.