We performed a comparison between PortSwigger Burp Suite Professional and Sonatype Lifecycle based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"It was easy to learn."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"The active scanner, which does an automated search of any web vulnerabilities."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"The solution is stable."
"The data quality is really good. They've got some of the best in the industry as far as that is concerned. As a result, it helps us to resolve problems faster. The visibility of the data, as well as their features that allow us to query and search - and even use it in the development IDE - allow us to remediate and find things faster."
"The component piece, where you can analyze the component, is the most valuable. You can pull the component up and you can look at what versions are bad, what versions are clean, and what versions haven't been reported on yet. You can make decisions based off of that, in terms of where you want to go. I like that it puts all that information right there in a window for you."
"The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go and trace which version of the component does not have any issues. The dashboard can be practical, as well. It can wave a particular version of a Java file or component. It can even grandfather certain components, because in a real world scenarios we cannot always take the time to go and update something because it's not backward compatible. Having these features make it a lot easier to use and more practical. It allows us to apply the security, without having an all or nothing approach."
"It was very easy to integrate into our build pipeline, with Jenkins and Nexus Repository as the central product."
"The reference provided for each issue is extremely helpful."
"There is a feature called Continuous Monitoring. As time goes on we'll be able to know whether a platform is still secure or not because of this feature."
"The way we can define policies and apply those policies selectively across the different applications is valuable. We can define a separate policy for public-facing applications and a separate policy for the internal applications. That is cool."
"The most valuable features of the Sonatype Nexus Lifecycle are the evaluation of the unit test coverage, vulnerability scanning, duplicate code lines, code smells, and unnecessary loops."
"There should be a heads up display like the one available in OWASP Zap."
"The solution is not easy to set it up. You need a lot of knowledge."
"PortSwigger Burp Suite Professional could improve the static code review."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"The Initial setup is a bit complex."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"Nexus Lifecycle is multiple products. One drawback I've noticed is that there are some differences in the features between the products within Lifecycle. They need to maintain the same structure, but there are some slight differences."
"The generation of false positives should be reduced."
"The price can be improved."
"Some of the APIs are just REST APIs and I would like to see more of the functionality in the plugin side of the world. For example, with the RESTful API I can actually delete or move an artifact from one Nexus repository to another. I can't do that with the pipeline API, as of yet. I'd like to see a bit more functionality on that side."
"The solution is not an SaaS product."
"They're working on the high-quality data with Conan. For Conan applications, when it was first deployed to Nexus IQ, it would scan one file type for dependencies. We don't use that method in Conan, we use another file type, which is an acceptable method in Conan, and they didn't have support for that other file type. I think they didn't even know about it because they aren't super familiar with Conan yet. I informed them that there's this other file type that they could scan for dependencies, and that's what they added functionality for."
"The team managing Nexus Lifecycle reported that their internal libraries were not being identified, so they have asked Sonatype's technical team to include that in the upcoming version."
"Another feature they could use is more languages. Sonatype has been mainly a Java shop because they look after Maven Central... But we've slowly been branching out to different languages. They don't cover all of them, and those that they do cover are not as in-depth as we would like them to be."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews while Sonatype Lifecycle is ranked 6th in Application Security Tools with 43 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Sonatype Lifecycle is rated 8.4. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Sonatype Lifecycle writes "Seamless to integrate and identify vulnerabilities and frees up staff time". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas Sonatype Lifecycle is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitLab and Checkmarx One. See our PortSwigger Burp Suite Professional vs. Sonatype Lifecycle report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.