We performed a comparison between PortSwigger Burp Suite Professional and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is no other tool like it. I like the intuitiveness and the plugins that are available."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"The most valuable features are Burp Intruder and Burp Scanner."
"The most valuable feature is Burp Collaborator."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"You can download different plugins if you don't have them in the standard edition."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"The solution offers a very good community edition."
"SonarQube is admin friendly."
"Can tweak rules and feed them into our build pipelines."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"The most valuable features are code scanning and Quality Gates."
"This solution is simple to use and can be quickly deployed."
"The solution has a plug-in that supports both C and C++ languages."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"The solution lacks sufficient stability."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"The Initial setup is a bit complex."
"The reporting needs to be improved; it is very bad."
"The solution doesn't offer very good scalability."
"I would like to see dynamic code analysis in the next version of the software."
"It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"Ease of use/interface."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"You may need to purchase add-ons to get the useability you desire."
"The solution could improve by providing more advanced technologies."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarQube is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our PortSwigger Burp Suite Professional vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
