Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Application Security Platform

Semgrep, Inc.

Reviews from AWS customer

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

54 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Shuiab S.

Clean Interface and Clear Insights, But Setup Can Be Frustrating

  • October 21, 2025
  • Review provided by G2

What do you like best about the product?
The interface is extremely clean, and all vulnerabilities are clearly highlighted.
What do you dislike about the product?
Setting up the system for the first time was quite frustrating, as I found myself needing assistance from the IT agent on several occasions.
What problems is the product solving and how is that benefiting you?
This tool was useful in identifying vulnerabilities within the code and assisted in resolving issues that appeared in production.

    Information Technology and Services

Semgrep: A Powerful and Customizable SAST Solution

  • October 21, 2025
  • Review provided by G2

What do you like best about the product?
The most significant advantage of Semgrep is its highly customizable rule engine and ease of rule writing. The ability to define custom rules in YAML, tailored to specific codebases and threat models, sets it apart from many other SAST solutions. This flexibility allows for precise detection of custom vulnerabilities and adherence to specific coding standards. Its lightweight nature and rapid execution in CI/CD pipelines are also highly beneficial, enabling fast feedback loops without significantly impacting build times. Furthermore, the open-source core provides transparency and allows for community contributions and audits of the rule execution. The reachability analysis in Semgrep Supply Chain is also a standout feature, significantly reducing false positives by focusing on truly exploitable vulnerabilities within third-party components.
What do you dislike about the product?
While Semgrep excels in static analysis, its narrow focus can be a limitation for organizations seeking a comprehensive application security platform. It does not natively offer integrated scanning for secrets, Infrastructure as Code (IaC), containers, or CI/CD posture, necessitating the use of additional tools for broader coverage. The initial tuning required to reduce false positives and optimize rule sets can also be an upfront investment, especially for new users or complex projects. Finally, while rule writing is a strength, the learning curve for advanced rule creation can be steep for those new to the tool or static analysis in general. The lack of robust, built-in reporting features and export options for detailed vulnerability analysis is also a notable drawback.
What problems is the product solving and how is that benefiting you?
Semgrep solves the problem of finding security vulnerabilities, bugs, and enforcing code standards early and quickly in the development lifecycle. It helps shift security left by integrating directly into development workflows, such as CI/CD pipelines and IDEs.

    Andrew K.

Effortless Code Scanning, But Dynamic Issues Can Slip Through

  • October 21, 2025
  • Review provided by G2

What do you like best about the product?
Our company has it automatically enabled to scan our code. We can click a link and see what items need to be addressed. I get a review of my code every commit.
What do you dislike about the product?
I can hide security issues with dynamically loaded variables and methods
What problems is the product solving and how is that benefiting you?
Security issues that might have flown under the radar

    Arnau E.

Effortless Integrations and Impressive Coverage

  • October 21, 2025
  • Review provided by G2

What do you like best about the product?
Ease of integrations, broad coverage with different types of offerings.
What do you dislike about the product?
Integrations could be better, a bit of manual effort required.
What problems is the product solving and how is that benefiting you?
SAST, Secrets, SCA.

    Ryan M.

Effortless to Use and Implement—Works Perfectly!

  • October 21, 2025
  • Review provided by G2

What do you like best about the product?
Ease of usage and implementation in your github repo.
What do you dislike about the product?
Nothing, it has worked great for me and i have had no issues
What problems is the product solving and how is that benefiting you?
It his helping in vulnerability scanning.

    Deepam .

Semgrep Review

  • September 25, 2025
  • Review provided by G2

What do you like best about the product?
Semgrep is one of the best tools I've used for securing applications. Since it was integrated into our DevSecOps workflow, it has been able to identify a large number of issues much earlier in the development process. Semgrep scans for potentially vulnerable packages or outdated software versions within the codebase and accurately identifies the relevant CVEs. It also provides clear information about the impact and suggests the appropriate remediation steps, so developers don't need to search online for solutions.

I've found it particularly effective at detecting hardcoded secrets, even those that other tools like Trufflehog might miss. Semgrep Supply Chain also does an excellent job of pinpointing vulnerable software versions.

Overall, I consider Semgrep essential for securing CI/CD pipelines in today's environment.
What do you dislike about the product?
Nothing as such. It works out very well with all functionalities.
What problems is the product solving and how is that benefiting you?
Semgrep is great at automation and for earlier identification of security issues, saves a lot of manual effort for developers and pentesters

    Electrical/Electronic Manufacturing

Amazing tool

  • September 25, 2025
  • Review provided by G2

What do you like best about the product?
The tool offers all the necessary features to track and manage security vulnerabilities.
What do you dislike about the product?
The tool is extremely useful, with all its features working exactly as intended.
What problems is the product solving and how is that benefiting you?
Semgrep highlights all the security issues present in the tools and also offers solutions for each of them. Additionally, it provides explanations to help understand the problems and the recommended fixes.

    Mahmoud H.

I think Semgrep is a must have for every Software Company

  • September 16, 2025
  • Review provided by G2

What do you like best about the product?
The fact that it can scan dependencies and has so many rules configured on the spot, with a very friendly and easy to use UI for the SemGrep pro.
What do you dislike about the product?
I think what semgrep needs is a feature that summarizes the overall security standing of a repository/project. And to allow the user to be able to tell the platform the links between different repos/ if there are any.
What problems is the product solving and how is that benefiting you?
I am a security official in a company with over 300 repos. The fact that semgrep can seamlessly scan all lines of code with each change is amazing for me. It makes my work so much easier.

    Computer Software

Enhancing Security with Semgrep

  • September 12, 2025
  • Review provided by G2

What do you like best about the product?
Since it runs fast and integrates directly into CI/CD, my team can surface issues early — from insecure function use to misconfigured patterns — before they ever hit production.
What do you dislike about the product?
Filter limitations and changing some settings at the global level using UI. Having more advanced filtering and project-level controls would make it easier to manage findings across different environments, prioritize risks.
What problems is the product solving and how is that benefiting you?
The biggest benefit for us is automation and consistency. By integrating Semgrep into CI/CD pipelines, I can enforce secure coding practices at scale and ensure that every pull request is checked for common vulnerabilities. This reduces reliance on manual reviews, lowers the chance of critical bugs slipping into production, and frees me up to focus on more complex security work like pentesting and cloud security design.

    Computer Software

Hands-off setup could not be easier

  • September 09, 2025
  • Review provided by G2

What do you like best about the product?
Very little had to be done on our end to set up managed scans for the entire GitHub organization. Aside from Semgrep staff adjusting things to get a scan to complete, or large codebase was running SAST scans in a few days.
Github PR comments show users what to do, and AI can classify many reports correctly as not needing mitigation.
What do you dislike about the product?
Semgrep's features are designed around preventing new problems from being introduced in pull requests, but those same features are not available for issues found on trunk branches - these have to be dealt with manually.
What problems is the product solving and how is that benefiting you?
Identifying potential security flaws in existing code as part of compliance for security certifications.

showing 11 - 20