Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Professional vs SonarQube Cloud (formerly SonarCloud) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

PortSwigger Burp Suite Prof...
Ranking in Static Application Security Testing (SAST)
6th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
60
Ranking in other categories
Application Security Tools (8th), Fuzz Testing Tools (1st)
SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
10th
Average Rating
8.2
Reviews Sentiment
6.3
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of PortSwigger Burp Suite Professional is 2.0%, down from 3.3% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 6.8%, up from 6.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Anton Krivonosov - PeerSpot reviewer
Jan 17, 2024
A special tool for penetration testers or security specialists to conduct security assessments
We use the solution for security assessments. It's a special tool for penetration testers or security specialists PortSwigger Burp Suite Professional is a standard tool in the security industry. It's a stable solution that has many features. You can download different plugins if you don't have…
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is useful for scanning and tracing activities."
"It offers very good accuracy. You can trust the results."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The solution is stable."
"The most valuable feature is Burp Collaborator."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"The solution has a great user interface."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The reports from SonarCloud are very good."
"For what it is meant to do, it works pretty well."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"The solution can be installed locally."
 

Cons

"Integration is a big problem."
"The tool is very expensive."
"As with most automated security tools, too many false positives."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"In the Professional version, we cannot link it with the CI/CD process."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"One area for improvement is the integrated browser, Chromium. Single Sign-On (SSO) methods like Microsoft authentication login sometimes fail and show errors. As a workaround, I have to use a different browser, such as Firefox, to log in and make Burp work."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"SonarCloud's UI needs enhancement."
"Reporting features are missing in SonarCloud."
"The solution needs to improve its customization and flexibility."
"It would be helpful if notifications could go out to an extra person."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
 

Pricing and Cost Advice

"At $400 or $500 per license paid annually, it is a very cheap tool."
"The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable."
"It has a yearly license. I am satisfied with its price."
"It is expensive for us in Brazil because the currency exchange rate from a dollar to a Brazilian Real is quite steep."
"Our licensing cost is approximately $400 USD per year."
"I rate the pricing a four out of ten."
"The yearly cost is about $300."
"PortSwigger Burp Suite Professional is an expensive solution."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"I rate the pricing a five out of ten."
"I am using the free version of the solution."
"The current pricing is quite cheap."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"While not extremely cheap, it aligns well with market standards and offers good value."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
13%
Government
11%
Manufacturing Company
8%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about PortSwigger Burp Suite Professional?
The solution helped us discover vulnerabilities in our applications.
What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?
I would rate the pricing a six out of ten. It's not as flexible here as it might be in European or American markets.
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
 

Also Known As

Burp
No data available
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce
Information Not Available
Find out what your peers are saying about PortSwigger Burp Suite Professional vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.