• Home
  • PortSwigger Burp Suite Professional vs. SonarQube

PortSwigger Burp Suite Professional vs SonarQube comparison

Cancel
You must select at least 2 products to compare!
PortSwigger Logo

PortSwigger Burp Suite Professional

Read 55 PortSwigger Burp Suite Professional reviews
4,991 views|3,266 comparisons
98% willing to recommend
Sonar Logo

SonarQube

Read 108 SonarQube reviews
54,985 views|43,627 comparisons
80% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
PortSwigger Burp Suite Professional vs. SonarQube
March 2024
Executive Summary

We performed a comparison between PortSwigger Burp Suite Professional and SonarQube based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed PortSwigger Burp Suite Professional vs. SonarQube Report (Updated: March 2024).
Download the complete report
768,740 professionals have used our research since 2012.
Featured Review
Anuradha.Kapoor Kapoor
Offers efficient scanning of entire websites but presence of false positive bugs, leading to time-consuming efforts...
We are basically a service provider, so whatever application goes out of our office, we use this to ensure that it is covered from an application... Read more →
Wang Dayong
Easy to integrate and has a plug-in that supports both C and C++ languages
When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I have found the best features to be the performance and there are a lot of additional plugins available.""The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good.""In my area of expertise, I feel like it has almost everything I could possibly require at this moment.""We use the solution for vulnerability assessment in respect of the application and the sites.""PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.""For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host.""The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool.""The solution helped us discover vulnerabilities in our applications."

More PortSwigger Burp Suite Professional Pros →

"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability.""The most valuable function is its usability.""Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications.""We advise all of our developers to have this solution in place.""The integrations SonarQube provides with our software delivery pipeline are very seamless.""It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go.""The reporting and the results are quick. It gets integrated within the pipeline well.""With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."

More SonarQube Pros →

Cons
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions.""In the Professional version, we cannot link it with the CI/CD process.""The use of system memory is an area that can be improved because it uses a lot.""The solution’s pricing could be improved.""The solution lacks sufficient stability.""I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us.""BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.""The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."

More PortSwigger Burp Suite Professional Cons →

"I am not very pleased with the technical debt computation.""The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler.""We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved.""We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release.""The solution could improve the management reports by making them easier to understand for the technical team that needs to review them.""There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have.""The product must improve security analysis.""I would like to see dynamic code analysis in the next version of the software."

More SonarQube Cons →

Pricing and Cost Advice
  • "This is a value for money product."
  • "The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees."
  • "Our licensing cost is approximately $400 USD per year."
  • "The yearly cost is about $300."
  • "There is no setup cost and the cost of licensing is affordable."
  • "Licensing costs are about $450/year for one use. For larger organizations, they're able to test against multiple applications while simultaneously others might have multiple versions of applications which needs to be tested which is why we have the enterprise edition."
  • "There are different licenses available that include a free version."
  • "At $400 or $500 per license paid annually, it is a very cheap tool."

    • More PortSwigger Burp Suite Professional Pricing and Cost Advice →

  • "This is open source."
  • "We did not purchase a license (required for C++ support), but this option was considered."
  • "Get the paid version which allows the customized dashboard and provides technical support."
  • "People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
  • "This product is open source and very convenient."
  • "The licence is standard open source licensing"
  • "The price point on SonarQube is good."
  • "Some of the plugins that were previously free are not free now."

    • More SonarQube Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    768,740 professionals have used our research since 2012.
    Questions from the Community
    Is OWASP Zap better than PortSwigger Burp Suite Pro?
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Read all 3 answers   →
    What do you like most about PortSwigger Burp Suite Professional?
    Top Answer:It is a time-saver application.
    Read all 41 answers   →
    What is your experience regarding pricing and costs for PortSwigger Burp ...
    Top Answer:The solution is worth the money.
    Read all 35 answers   →
    Is SonarQube the best tool for static analysis?
    Top Answer:I am not very familiar with SonarQube and their solutions, so I can not answer But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have  a look… more »
    Read all 10 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Ranking
    9th
    out of 74 in Application Security Tools
    Views
    4,991
    Comparisons
    3,266
    Reviews
    21
    Average Words per Review
    482
    Rating
    8.7
    1st
    out of 74 in Application Security Tools
    Views
    54,985
    Comparisons
    43,627
    Reviews
    19
    Average Words per Review
    391
    Rating
    8.0
    Comparisons
    Also Known As
    Burp
    Sonar
    Learn More
    PortSwigger
    Sonar
    Interactive Demo
    PortSwigger
    Demo Not Available
    Sonar
    Watch a demo
    Overview

    Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

    PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

    SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.

    At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides you through issue resolution, fostering a culture of continuous improvement. SonarQube’s comprehensive reporting is a valuable tool for dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. With SonarQube, you can achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

    Sonar is the only solution combining the power of industry-leading software quality analysis with static application security testing (SAST) and real-time coding guidance in the IDE (with SonarLint) to meet the DevOps and DevSecOps demand of putting agility, automation, and security in the hands of developers. Further accelerate DevOps continuous integration by helping developers find and fix issues in code before the software testing stage, reducing the churn of finding, fixing, rebuilding, and retesting your app.

    With over 5,000 Clean Code rules, SonarQube analyzes 30+ of the most popular programming languages, including dozens of frameworks, the top DevOps platforms (GitLab, GitHub, Azure DevOps, and Bitbucket, and more), and the leading infrastructure as code (IaC) platforms.

    SonarQube is the most trusted static code analyzer used by over 7 million developers and 400,000 organizations globally to clean over half a trillion lines of code.

    Sample Customers
    Google, Amazon, NASA, FedEx, P&G, Salesforce
    Top Industries
    REVIEWERS
    Manufacturing Company22%
    Financial Services Firm22%
    Computer Software Company19%
    Comms Service Provider13%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm11%
    Comms Service Provider9%
    Government9%
    REVIEWERS
    Computer Software Company30%
    Financial Services Firm21%
    Manufacturing Company7%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company15%
    Manufacturing Company11%
    Government6%
    Company Size
    REVIEWERS
    Small Business22%
    Midsize Enterprise21%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    REVIEWERS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise71%
    Buyer's Guide
    PortSwigger Burp Suite Professional vs. SonarQube
    March 2024
    Free Report: PortSwigger Burp Suite Professional vs. SonarQube
    Find out what your peers are saying about PortSwigger Burp Suite Professional vs. SonarQube and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,740 professionals have used our research since 2012.

    PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. PortSwigger Burp Suite Professional is rated 8.6, while SonarQube is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our PortSwigger Burp Suite Professional vs. SonarQube report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.