Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Application Security Platform

Semgrep, Inc.

Reviews from AWS customer

1 AWS reviews
  • 5 star
    0
  • 4 star
    1
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

55 reviews
from and

External reviews are not included in the AWS star rating for the product.

4-star reviews ( Show all reviews )

    Financial Services

Semgrep is a plus with continuous management & tracking of open vulnerabilities.

  • December 15, 2022
  • Review provided by G2

What do you like best about the product?
Useful for tracking the open vulnerabilities, repository wise, until they're closed. I find the ability to create custom vulnerability config manually to be very useful, to extend the functionality beyond the vulnerabilities that could be picked up by existing available config templates.
What do you dislike about the product?
I think the findings could be improved. There's a limit to what static analysis tools can dig out from the code, and probably it's the limitation of technology itself, rather than semgrep.
What problems is the product solving and how is that benefiting you?
Picking up the bad patterns in the code very early during the development cycle. There are certain coding patterns that semgrep picks up, which could be leading to deeper or critical security issues later.

    Information Technology and Services

I got a really great experience using Semgrep to fix most vulnerabilities I had with my repo.

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
1 - Security inforcment.
2 - Finding common bugs in code.
What do you dislike about the product?
It was hard for to set it up with my GitHub repo, so things here can be improved for the future.
What problems is the product solving and how is that benefiting you?
- Like mentioned above the ability to scan for bugs and vulnerabilities in my public repo is one of the benefits.
- CI/CD life improvement.
- Improving code security.

    Garry P.

Way better than any other tool *cough* verracode *cough*

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
It's super easy to use and doesn't get in the way. The ability to create custom rules and easily ignore existing rules makes this tool standout above any of the other "static analysis" tools I've used to date.
What do you dislike about the product?
Honestly, there isn't much I dislike. Perhaps having buttons directly interact with the github comments would be nice?
What problems is the product solving and how is that benefiting you?
It's solving a range of issues:

* Security checks (e.g. no open S3 bucktes)
* code quality (e.g. don't nest for loops or conditionals)
* Infra verification via terraform checks

    Financial Services

Easy to extend with custom rules but bumped into lots of bugs

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
Easy to add custom rules (e.g. by using the online rule editor). Also, Semgrep App has some nice, convenient features (like private rule repository).
What do you dislike about the product?
Most of the paid Semgrep features can be worked around with the open source version (e.g. using a private git repository to store private rules), so I am not 100% sure the Semgrep Team license and the whole Semgrep App are mature enough to justify the price tag.
Also, we ran into many bugs since we started to roll it out within the organization. The good news is that Semgrep Support is responsive (although with 9 hours time zone diff); the bad news is that I require their help constantly since I find 1-2 new bugs every week.
What problems is the product solving and how is that benefiting you?
Preventing secrets and vulnerable code from being committed to git repositories by running Semgrep automatically as part of our CI/CD pipeline.

    Biotechnology

Excellent tool for outlining security vulnerabilities within your application

  • December 12, 2022
  • Review provided by G2

What do you like best about the product?
Great analysis of vulnerabilities with ability to review, rank and update status of each incident
What do you dislike about the product?
It would be great if Semgrep did further static analysis to cover code smells and code coverage, in addition to security.
What problems is the product solving and how is that benefiting you?
It provides insights into the security vulnerabilities within our application.

    Financial Services

Quick and effective SAST and Dependency Checking

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
Super easy to implement and manage. Seamless integration into our CI pipeline, and only gets in the developers' way when it needs to. Reachability testing of depenencies is nice.
What do you dislike about the product?
Not too much to dislike. The Supply Chain/dependency scanning is new and will need more rules for reachability, but these are gradually being built.
What problems is the product solving and how is that benefiting you?
Semgrep acts as an effective guardrail, allowing developers to write code and be guided when potential vulnerabilities are introduced.

    Information Technology and Services

Semgrep is best in class for customizability, ease of use, and support

  • December 08, 2022
  • Review provided by G2

What do you like best about the product?
Semgrep makes it really easy to write rules. It's really straightforward and the UI also allows you to easily get feedback on rules as well. The dashboard is also convenient and simple to use. The customer support is also pretty amazing, in that they will help you over a meeting with issues you may have with implementation.
What do you dislike about the product?
The binary has been buggy in the past, and has required some debugging and patching to get working correctly. However, the Semgrep team was helpful with the entire process.
What problems is the product solving and how is that benefiting you?
It's a fantastic way to get static code analysis implemented into your CI/CD pipeline. The integration hooks seamlessly into your GitHub environment and provides a clean interface for engineers to use.

    Information Technology and Services

Lightning fast SAST

  • December 08, 2022
  • Review provided by G2

What do you like best about the product?
It runs super quickly and consistently produces some of the highest-quality and relevant findings I've seen when comparing against other options.
What do you dislike about the product?
The web app could use some polish, but they're focused on rapid improvements.
What problems is the product solving and how is that benefiting you?
Greater visibility into vulnerabilities in our code.

showing 21 - 28