We performed a comparison between PortSwigger Burp Suite Professional and Sonatype Lifecycle based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"The most valuable features are Burp Intruder and Burp Scanner."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"The most valuable feature is Burp Collaborator."
"It helps in API testing, where manual intervention was previously necessary for each payload."
"The active scanner, which does an automated search of any web vulnerabilities."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The Software Security Center, which is often overlooked, stands out as the most effective feature."
"Automating the Jenkins plugins and the build title is a big plus."
"The component piece, where you can analyze the component, is the most valuable. You can pull the component up and you can look at what versions are bad, what versions are clean, and what versions haven't been reported on yet. You can make decisions based off of that, in terms of where you want to go. I like that it puts all that information right there in a window for you."
"The way we can define policies and apply those policies selectively across the different applications is valuable. We can define a separate policy for public-facing applications and a separate policy for the internal applications. That is cool."
"When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should be using instead."
"The integration of Lifecycle is really good with Jenkins and GitHub; those work very well. We've been able to get it to work seamlessly with them so that it runs on every build that we have."
"Its engine itself is most valuable in terms of the way it calculates and decides whether a security vulnerability exists or not. That's the most important thing. Its security is also pretty good, and its listing about the severities is also good."
"What's really nice about that is it shows a graph of all the versions for that particular component, and it marks out the ones that have a vulnerability and the ones that don't have a vulnerability."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"The pricing of the solution is quite high."
"We'd like to have more integration potential across all versions of the product."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"PortSwigger Burp Suite Professional could improve the static code review."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The technical support team's response time is mostly delayed and should be improved."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"Not all languages are supported in Fortify."
"Sonatype Nexus Lifecycle can improve the functionality. Some functionalities are missing from the UI that could be accessed using the API but they are not available. For example, seeing more than the 100 first reports or, seeing your comments when you process a waiver for a vulnerability or a violation."
"We use Azure DevOps as our application lifecycle management tool. It doesn't integrate with that as well as it does with other tools at the moment, but I think there's work being done to address that. In terms of IDEs, it integrates well. We would like to integrate it into our Azure cloud deployment but the integration with Azure Active Directory isn't quite as slick as we would like it to be. We have to do some workarounds for that at the moment."
"Some of the APIs are just REST APIs and I would like to see more of the functionality in the plugin side of the world. For example, with the RESTful API I can actually delete or move an artifact from one Nexus repository to another. I can't do that with the pipeline API, as of yet. I'd like to see a bit more functionality on that side."
"It can be tricky if you want to exclude some files from scanning. For instance, if you do not want to scan and push testing files to Fortify Software Security Center, that is tricky with some IDEs, such as IntelliJ. We found that there is an Exclude feature that is not working. We reported that to them for future fixing. It needs some work on the plugins to make them consistent across IDEs and make them easier."
"It would be helpful if it had a more detailed view of what has been quarantined, for people who don't have Lifecycle licenses. Other than that, it's pretty good."
"Their licensing is expensive."
"We had some issues, and I think we might still have some issues, where the Sonatype Nexus Repository has integrations with IQ and SonarQube. We're getting some errors on the UI, so we've had Sonatype look into that a little bit."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while Sonatype Lifecycle is ranked 6th in Application Security Tools with 42 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Sonatype Lifecycle is rated 8.4. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Sonatype Lifecycle writes "Seamless to integrate and identify vulnerabilities and frees up staff time". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas Sonatype Lifecycle is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitLab and Checkmarx One. See our PortSwigger Burp Suite Professional vs. Sonatype Lifecycle report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.