We performed a comparison between PortSwigger Burp Suite Professional and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a time-saver application."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The solution helped us discover vulnerabilities in our applications."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"It's enabled us to improve software quality and help us to disseminate best practices."
"The product itself has a friendly UI."
"We have worked with the support from SonarQube and we have had good experiences."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"The solution is stable."
"The stability is good."
"SonarQube is good for checking and maintaining code quality."
"If we're running a huge number of scans regularly, it slows down the tool."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"The solution’s pricing could be improved."
"Sometimes the solution can run a little slow."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"The BPM language is important and should be considered in SonarQube."
"The documentation is not clear and it needs to be updated."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"Lacks sufficient visibility and documentation."
"There could be better integration with other products."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarQube is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our PortSwigger Burp Suite Professional vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.