Listing Thumbnail

    Application Security Platform

     Info
    Sold by: Semgrep, Inc. 
    Application Security Testing
    0 AWS reviews
    |
    31 external reviews
    View purchase options
    Listing Thumbnail

    Application Security Platform

     Info
    Sold by: Semgrep, Inc. 
    View purchase options

    Overview

    Semgrep is a highly customizable application security platform built for security engineers and developers. Semgrep scans first and third-party code to find security issues unique to an organization, with an emphasis on surfacing actionable, low-noise, and developer friendly results at lightning speed.

    Semgrep's focus on confidence rating and reachability means that security teams can feel comfortable engaging developers directly in their workflows (e.g surfacing findings in PR comments), and Semgrep integrates seamlessly with CI and SCM tooling to automate these policies.

    With Semgrep, security teams can shift left and scale their programs with zero impact on developer velocity. With 3400+ out-of-the-box rules and the ability to easily create custom rules, Semgrep accelerates the time it takes to implement and scale a best-in-class AppSec program - all while adding value from Day 1.

    Highlights

    • Lightning fast code scanning that detects security vulnerabilities in 30+ languages with results prioritized for remediation
    • Reachability analysis of known vulnerabilities in used 3rd party software components make results actionable for developers
    • Easy-to-write custom rules to augment detection of security vulnerabilities, enforce coding standards, and improve code quality

    Details

    Sold by
    Semgrep, Inc. 
    Categories
    Security 
    Continuous Integration and Continuous Delivery 
    Delivery method

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases
    View financing details

    Pricing

    Application Security Platform

     Info
    View purchase options
    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for any usage exceeds the entitle amount or not covered in the contract. These charges will be applied on top of the contract price. If you choose not to renew or replace your contract before it ends, access to your entitlements will expire.

    12-month contract (3)

     Info
    Dimension
    Description
    Cost/12 months
    Code (SAST)
    Pro Engine + Pro Rules + Cloud Platform
    $480.00
    Supply Chain (SCA)
    Reachability + Dependency Search + License Compliance + Cloud Platform
    $480.00
    Secrets
    Secrets Scanning
    $720.00

    Additional usage costs (3)

     Info

    The following dimensions are not included in the contract terms, which will be charged based on your usage.

    Dimension
    Cost/user/hour
    Additional SAST Users
    $0.05
    Additional SCA Users
    $0.05
    Additional Secrets Users
    $0.08

    Vendor refund policy

    No refunds

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Get support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Get support

    Similar products

    Edgio Security Applications Platform
    By Edgio
    Edgio connects people with the digital content they love wherever they are. Edgio's Applications Platform enables clients to deliver sub-second web applications with unparalleled multi-layered security from a developer friendly single pane of glass.
    View product
    Aqua Security Cloud Native Application Protection Platform
    By Aqua Security Software Inc.
    Aqua Security enables AWS customers to innovate, accelerate, and scale their application modernization goals securely. Protect all AWS Workloads and the entire application lifecycle by automating image scans and enforcing security standards across development and runtime environments, reducing vulnerabilities, preventing, and stopping attacks, and identifying and mitigate unsafe LLM use through AI-Guided Remediation.
    View product
    Red Hat OpenShift Container Platform
    By Red Hat
    For North America and regions outside EMEA, Red Hat® OpenShift® is an enterprise Kubernetes container platform with full-stack automated operations to manage applications across hybrid cloud, multicloud, and edge deployments. Red Hat OpenShift improves developer productivity and promotes innovation.
    View product
    Apiiro Application Security Posture Management (ASPM) Platform
    By Apiiro
    Apiiro is the leader in application security posture management (ASPM), unifying application risk visibility, prioritization, and remediation to empower enterprise teams to secure their development and delivery to the cloud.
    View product

    Customer reviews

    Write a review

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    31 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Computer Software

    An easy to use and fun to customize SAST tool

    Reviewed on Dec 04, 2024
    Review provided by G2
    What do you like best about the product?
    That the SAST engine returns a very small number of false positives. And the rules are fun to write. I also like the reachability analysis of the supply chain tool so you don't get overwhelmed by false positives
    What do you dislike about the product?
    There is no export report feature. Moreover it would be useful a toggle to tell the supply chain tool to report all the vulnerable dependencies, regardless of their reachability.
    What problems is the product solving and how is that benefiting you?
    Helping to build secure products by writing more secure code
    Leave a comment0 comments
    Computer & Network Security

    Semgrep experience

    Reviewed on Dec 04, 2024
    Review provided by G2
    What do you like best about the product?
    The easy customisation, custom rule creation and fast feedback for devs
    What do you dislike about the product?
    More products like IaC scanning or DAST, I would love to have full capabilities to scan apps
    What problems is the product solving and how is that benefiting you?
    Shifting left vulnerabilities
    Leave a comment0 comments
    Shivam J.

    Perfect code security analysis tool to check and eliminate vulnerabilities

    Reviewed on Feb 20, 2024
    Review provided by G2
    What do you like best about the product?
    The sast engine and the wholesome dashboard makes everything looks great and crisp
    What do you dislike about the product?
    I am not satisfied with the accuracy of the integration tools with it
    What problems is the product solving and how is that benefiting you?
    Making it easy to go shift left in security and in supply chain management security
    Leave a comment0 comments
    Abhineet S.

    Just a right way to test and catch your code vulnerability

    Reviewed on Feb 20, 2024
    Review provided by G2
    What do you like best about the product?
    I like the SAST engine, it is powerful and capable alongwith less % of false positives. Apart from it, the pro and lot other built rules make it easy to integrate with any DevSecOps process.
    What do you dislike about the product?
    Currently the newer offering like SEMGREP AI and secrets manager does not add up perfectly
    What problems is the product solving and how is that benefiting you?
    It is catching the essential, critical and tainted in nature vulnerabilities in day to day code making it is good way to follow shift left practices.
    Leave a comment0 comments
    Computer Games

    Simple yet powerful SAST & SCA

    Reviewed on Nov 07, 2023
    Review provided by G2
    What do you like best about the product?
    - Easy to integrate in CICD and custom workflows
    - CLI configurations are simple
    - Powerful scanning capabilities
    - Supports many languages
    - Reachability analysis is helpful
    - Stable and reliable
    What do you dislike about the product?
    - Doesn't handle unicode chars properly at many places, if there are unicodes in your code then semgrep can crash
    - No GUI for OSS version, they should atleast provide a basic GUI for OSS version
    What problems is the product solving and how is that benefiting you?
    Semgrep is helping us identify vulnerabilities at the early stages of the development by continously identifying the vulnerabilities in our codebase and highlighting the vulnerable OSS libraries being used.
    Leave a comment0 comments
    View all reviews