Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Application Security Platform

Semgrep, Inc.

Reviews from AWS customer

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

54 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Siddhesh J.

Fast and positive results

  • September 08, 2025
  • Review provided by G2

What do you like best about the product?
There are multiple things which is great in the SemGrep tool, 1st easy integration with GSM and CI-CD pipeline, 2nd is easy terminal based code scan which save lot of time and intergration if Code is small.
What do you dislike about the product?
Not specific as such, since everything is good in right price.
What problems is the product solving and how is that benefiting you?
compare to other tools, it is giving better, faster and accurate results in output, also tool suggestion and fix feature would be helpful for long lengthy code.

    Ivo M.

Fast, reliable, and developer-friendly static analysis tool

  • September 05, 2025
  • Review provided by G2

What do you like best about the product?
Semgrep is lightweight, very fast compared to traditional SAST tools, and integrates smoothly into CI/CD pipelines. I like that it has a strong rule ecosystem (community and Pro rules), and the ability to write custom rules makes it flexible for different coding standards and compliance needs. The dashboard provides great visibility into security findings and code quality issues, helping developers fix problems quickly without slowing them down.
What do you dislike about the product?
The initial setup for more advanced use cases can be tricky, especially when fine-tuning custom rules or managing large rule sets across multiple projects. Sometimes, there are false positives that require manual triage, and the learning curve for rule writing is a bit steep for newcomers. I would also like to see deeper integrations with more enterprise security platforms out-of-the-box.
What problems is the product solving and how is that benefiting you?
Semgrep helps us detect security vulnerabilities and coding issues early in the development lifecycle. It makes it easier to enforce secure coding standards across multiple teams without adding heavy friction to the developers’ workflow. By integrating directly into CI/CD pipelines, it reduces time-to-detection and prevents risky code from reaching production. This has improved both the security posture and the consistency of our applications while lowering the manual effort needed for code reviews.

    Computer Software

An easy to use and fun to customize SAST tool

  • December 04, 2024
  • Review provided by G2

What do you like best about the product?
That the SAST engine returns a very small number of false positives. And the rules are fun to write. I also like the reachability analysis of the supply chain tool so you don't get overwhelmed by false positives
What do you dislike about the product?
There is no export report feature. Moreover it would be useful a toggle to tell the supply chain tool to report all the vulnerable dependencies, regardless of their reachability.
What problems is the product solving and how is that benefiting you?
Helping to build secure products by writing more secure code

    Computer & Network Security

Semgrep experience

  • December 04, 2024
  • Review provided by G2

What do you like best about the product?
The easy customisation, custom rule creation and fast feedback for devs
What do you dislike about the product?
More products like IaC scanning or DAST, I would love to have full capabilities to scan apps
What problems is the product solving and how is that benefiting you?
Shifting left vulnerabilities

    Henry Mwawai

Automated code reviews and good scalability with custom rule adaptability

  • September 23, 2024
  • Review provided by PeerSpot

What is our primary use case?

We use Semgrep to check custom user pipelines and test their claims for any vulnerabilities. We process the code by passing it through the testing process for any operability issues before sending feedback to the developers and providing the final product. This is part of the static testing analysis of code analysis.

How has it helped my organization?

Semgrep has supported our team in automating code reviews and allowed us to catch vulnerabilities before the final product stage. This has improved both our development cost and development speed.

What is most valuable?

The most valuable feature is the ability to write our custom rules. This adaptability allows us to cater specifically to our needs.

What needs improvement?

There should be more information on how to acquire the system, catering to beginners in application security, to make it more user-friendly.

For how long have I used the solution?

My experience with Semgrep is very recent since we started integrating it into our processes.

What do I think about the stability of the solution?

There haven't been any severe stability issues from my end.

What do I think about the scalability of the solution?

We have not faced any scalability issues. Since we are a team of only two users, Semgrep scales well for our current requirements.

How are customer service and support?

There was some difficulty in hearing the questions due to static noise, implying potential issues with communication or support on the call. However, rejoining the call resolved the problem.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not switch from another product to Semgrep.

How was the initial setup?

The initial setup was straightforward, involving connecting the digital product to Semgrep. I am mainly involved in the usage aspect, and thus, I provided information from my perspective.

What about the implementation team?

We handled the setup internally within our team, and I particularly addressed it.

What was our ROI?

Semgrep has positively impacted our ROI by improving development speed and cost efficiency.

What other advice do I have?

I'd rate the solution eight out of ten.

    Shivam J.

Perfect code security analysis tool to check and eliminate vulnerabilities

  • February 20, 2024
  • Review provided by G2

What do you like best about the product?
The sast engine and the wholesome dashboard makes everything looks great and crisp
What do you dislike about the product?
I am not satisfied with the accuracy of the integration tools with it
What problems is the product solving and how is that benefiting you?
Making it easy to go shift left in security and in supply chain management security

    Abhineet S.

Just a right way to test and catch your code vulnerability

  • February 20, 2024
  • Review provided by G2

What do you like best about the product?
I like the SAST engine, it is powerful and capable alongwith less % of false positives. Apart from it, the pro and lot other built rules make it easy to integrate with any DevSecOps process.
What do you dislike about the product?
Currently the newer offering like SEMGREP AI and secrets manager does not add up perfectly
What problems is the product solving and how is that benefiting you?
It is catching the essential, critical and tainted in nature vulnerabilities in day to day code making it is good way to follow shift left practices.

    Computer Games

Simple yet powerful SAST & SCA

  • November 07, 2023
  • Review provided by G2

What do you like best about the product?
- Easy to integrate in CICD and custom workflows
- CLI configurations are simple
- Powerful scanning capabilities
- Supports many languages
- Reachability analysis is helpful
- Stable and reliable
What do you dislike about the product?
- Doesn't handle unicode chars properly at many places, if there are unicodes in your code then semgrep can crash
- No GUI for OSS version, they should atleast provide a basic GUI for OSS version
What problems is the product solving and how is that benefiting you?
Semgrep is helping us identify vulnerabilities at the early stages of the development by continously identifying the vulnerabilities in our codebase and highlighting the vulnerable OSS libraries being used.

    Dhaval D.

Free and open-source static code analysis tool

  • June 27, 2023
  • Review provided by G2

What do you like best about the product?
-Installation is pretty straightforward
-Supports almost all programming languages
-Scans are relatively faster than other static code analysis tool
-In certain cases, I have noticed results/findings from Semgrep were more accurate
What do you dislike about the product?
-There were quite a few false positives as well
-Other tools such as Sonarqube has more features and provides thorough reports
-Troubleshooting can be difficult
What problems is the product solving and how is that benefiting you?
In my case, I use Semgrep to find initial bugs in my code and it works almost perfectly in almost all cases and pass on the report to tester to debug more and fix the same issues.

    Stéphane S.

Amazing quality product and affordable for SMBs with great support team and community !

  • May 29, 2023
  • Review provided by G2

What do you like best about the product?
Semgrep helped us in no time narrowing down important vulnerabilities and focusing on what matters thanks to Semgrep Supply Chain.

It is the product with the best ROI I would recommend to add to your SSDLC. it fast, extendable and customizable, with a handy CLI.
What do you dislike about the product?
Less advanced Bitbucket / Jira integration compared to GitHub but catching up fast!
What problems is the product solving and how is that benefiting you?
Making sure we maintain cybersecurity compliance and ensure safety of the data we process. Semgrep Supply Chain ensure we are focusing the most important security issues first.

showing 21 - 30