We performed a comparison between PortSwigger Burp Suite Professional and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We use the solution for vulnerability assessment in respect of the application and the sites."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The initial setup is simple."
"The intercepting feature is the most valuable."
"The extension that it provides with the community version for the skills mapping is excellent."
"The tool provides complimentary services. It allows you to add a lot of extensions, and you can get extensions quite often. It is quite a flexible application."
"The active scanner, which does an automated search of any web vulnerabilities."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"The product has a friendly UI that is easy to use and understand."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"It easily ties into our continuous integration pipeline."
"It is working fine. It provides a good value for money."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"The solution’s pricing could be improved."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"The Initial setup is a bit complex."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"There should be a heads up display like the one available in OWASP Zap."
"As with most automated security tools, too many false positives."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"There could be better integration with other products."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"The product must improve security analysis."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"Currently requires multiple tools, lacking one overall tool."
"I have found this solution creates more noise than competitors."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarQube is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our PortSwigger Burp Suite Professional vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.