PortSwigger Burp Suite Professional and SonarQube Cloud are prominent in their respective cybersecurity categories, with Burp Suite having an advantage due to its comprehensive tools for application security testing.
Features: Burp Suite Professional includes powerful tools like Proxy for traffic interception and analysis, Repeater for testing web vulnerabilities with manual requests, and Intruder for automated testing using custom payloads. These features, along with community-developed plugins, make it a favorite for penetration testing. SonarQube Cloud offers continuous code quality analysis with a focus on reducing vulnerabilities, technical debt, and code smells for large codebases, integrating well with CI/CD pipelines.
Room for Improvement: Burp Suite Professional users request enhancements in API scanning for RESTful services, better reporting, and a reduction in false positives. SonarQube Cloud could improve dynamic code assessment capabilities, configuration processes, and reduce the prevalence of false positives in its scan results.
Ease of Deployment and Customer Service: Burp Suite Professional is mainly deployed on-premises with robust support and thorough documentation, though quicker response times are sometimes needed. SonarQube Cloud's deployment in public cloud environments offers strong community support but can be slow in providing direct support responses.
Pricing and ROI: Burp Suite Professional has a cost-effective pricing model of approximately $400-$500 per license annually, admired for its ROI in app security testing. SonarQube Cloud's pricing, based on lines of code, can be expensive for smaller businesses, yet it delivers significant returns for those needing comprehensive code analysis.
It is easily integrable with the CI/CD pipeline and supports multiple projects with its extensive plugin options.
The product is designed for bigger clients, while smaller companies are often put aside.
The technical support from PortSwigger is excellent.
The technical support for PortSwigger Burp Suite Professional is pretty good, and I would give it a nine.
Integrating it into different solutions is straightforward.
The customer service and support for SonarQube Cloud are responsive and helpful.
There are limitations, and it seems to have fewer capabilities than Veracode.
It has been used in multiple projects and performs well.
SonarQube Cloud is a scalable product, and I rate its scalability at seven out of ten.
PortSwigger Burp Suite Professional is very stable.
PortSwigger Burp Suite Professional is a very stable tool, and I would rate its stability as eight out of ten.
From my team's feedback, it is almost an eight out of ten.
It is a quite stable solution.
Some AI features might be added.
The dashboard of PortSwigger Burp Suite Professional could be made more user-friendly.
To improve SonarQube Cloud (formerly SonarCloud), it should excel in all these domains.
I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs.
Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels.
The pricing for PortSwigger is very cheap, and there are benefits in terms of time and cost savings.
I find the price of PortSwigger Burp Suite Professional to be very cost-efficient.
From my experience, SonarQube Cloud (formerly SonarCloud) is very expensive for small companies.
SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
We used the open-source version of SonarQube Cloud for its minimum features and did not license its extensive capabilities.
The most valuable feature of Burp Suite Professional is its ability to schedule tasks for scanning websites.
I especially value the features for penetration testing.
The most valuable features of PortSwigger Burp Suite Professional are its ease of use and its cost efficiency.
The most valuable features of SonarQube Cloud (formerly SonarCloud) include code inspection, addressing technical debt, and identifying security vulnerabilities.
I find SonarQube Cloud very easy to use and simple to integrate initially.
I use SonarQube Cloud (formerly SonarCloud) to check the quality of developer code and identify vulnerabilities.
| Product | Market Share (%) |
|---|---|
| PortSwigger Burp Suite Professional | 1.9% |
| SonarQube Cloud (formerly SonarCloud) | 4.2% |
| Other | 93.9% |
| Company Size | Count |
|---|---|
| Small Business | 16 |
| Midsize Enterprise | 14 |
| Large Enterprise | 35 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 3 |
| Large Enterprise | 4 |
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.
SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
