Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Professional vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

PortSwigger Burp Suite Prof...
Ranking in Application Security Tools
8th
Ranking in Static Application Security Testing (SAST)
6th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
60
Ranking in other categories
Fuzz Testing Tools (1st)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of PortSwigger Burp Suite Professional is 1.8%, down from 2.0% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Anton Krivonosov - PeerSpot reviewer
Jan 17, 2024
A special tool for penetration testers or security specialists to conduct security assessments
We use the solution for security assessments. It's a special tool for penetration testers or security specialists PortSwigger Burp Suite Professional is a standard tool in the security industry. It's a stable solution that has many features. You can download different plugins if you don't have…
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It was easy to learn."
"You can download different plugins if you don't have them in the standard edition."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"It is a time-saver application."
"Enables automation of different tasks such as authorization testing."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The solution has a great user interface."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"The fact that the solution does security scanning is valuable."
"It has very good scalability and stability."
"There's plenty of documentation available to users."
 

Cons

"We'd like to have more integration potential across all versions of the product."
"In the Professional version, we cannot link it with the CI/CD process."
"It would be good if the solution could give us more details about what exactly is defective."
"The reporting needs to be improved; it is very bad."
"The Initial setup is a bit complex."
"PortSwigger Burp Suite Professional could improve the static code review."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"The technical support team's response time is mostly delayed and should be improved."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"I would like to see dynamic code analysis in the next version of the software."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
 

Pricing and Cost Advice

"We have one license. The price is very nominal."
"The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable."
"There is no setup cost and the cost of licensing is affordable."
"The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them."
"We are using the community version, which is free."
"It is a cheap solution, but it may not be cheaper than other solutions."
"It is expensive for us in Brazil because the currency exchange rate from a dollar to a Brazilian Real is quite steep."
"There are different licenses available that include a free version."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"I think comparing the product to competitors it should be less expensive."
"We are using the Community edition of SonarQube."
"Compared to similar solutions, SonarQube was more accessible to us and had more benefits, with regards to size of the code base and supported languages. Apart from the Enterprise licensing fee, there are no additional costs."
"There are many different packages with different pricing options available. We are able to try what we have and if we need extra features we can upgrade the license."
"The product’s price is lower than Veracode’s price."
"We're using their free Community Edition version."
"Can try developer version for 14 days on the free trial."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
13%
Government
11%
Manufacturing Company
8%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about PortSwigger Burp Suite Professional?
The solution helped us discover vulnerabilities in our applications.
What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?
I would rate the pricing a six out of ten. It's not as flexible here as it might be in European or American markets.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

Burp
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce
Information Not Available
Find out what your peers are saying about PortSwigger Burp Suite Professional vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.