We performed a comparison between PortSwigger Burp Suite Professional and SonarCloud based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's good testing software."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"The active scanner, which does an automated search of any web vulnerabilities."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"You can scan any number of applications and it updates its database."
"The initial setup is simple."
"The most valuable feature is Burp Collaborator."
"The solution can be installed locally."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The most valuable feature of SonarCloud is its overall performance."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"Sometimes the solution can run a little slow."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"The solution’s pricing could be improved."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"There is not much automation in the tool."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"It would be helpful if notifications could go out to an extra person."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"We had some issues with the scanner."
"SonarCloud's UI needs enhancement."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 5th in Application Security Testing (AST) with 54 reviews while SonarCloud is ranked 10th in Application Security Testing (AST) with 10 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarCloud is rated 8.4. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas SonarCloud is most compared with SonarQube, Veracode, Checkmarx One and OWASP Zap. See our PortSwigger Burp Suite Professional vs. SonarCloud report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.