DryRun Security
DryRun SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
16 reviews
from
External reviews are not included in the AWS star rating for the product.
DryRun Security Delivers Rich Code Security Context and Intelligence
What do you like best about the product?
DryRun security gives us a ton of context and intelligence around our code security that typical scanners don't give us.
What do you dislike about the product?
Nothing comes to mind. We use this for internal security and customer security facing reports.
What problems is the product solving and how is that benefiting you?
DryRun is adding another layer of intelligence to our security assessment capabilities. We use this for internal security enhancements, and we package some of this data up for customer facing reports.
As a security company, we have come to rely on it
What do you like best about the product?
I use it every day. We review anywhere from 5-50 PRs. Higher on a good day. We use any of the code review agents, but DryRun is the one we specifically rely on to review the security of the code
What do you dislike about the product?
Until recently, we could only use it on a PR by PR basis. They've added a repo review (or rather an entire codebase review), but I haven't had a chance to test it yet.
What problems is the product solving and how is that benefiting you?
As a security company, we have to ship secure code. It finds issues that others don't find. We've tried many different code review agents. They all find things, but DryRun specifically and continuously finds more in-depth security issues than others.
DryRun Supercharges AppSec with Context-Aware, Actionable PR Feedback
What do you like best about the product?
DryRun has been a strong force multiplier for our AppSec process. It analyzes changes in context (not just pattern matching), flags issues early in pull requests, and delivers feedback in a way engineers can act on quickly. We’ve seen fewer false positives vs. legacy SAST approaches, which makes it easier to build trust with dev teams.
What do you dislike about the product?
Full-repo scanning is an area I’d like to see expanded. I know it’s already on the roadmap, and I’m looking forward to deeper whole-repository coverage in addition to PR/change-based analysis.
What problems is the product solving and how is that benefiting you?
DryRun helps us catch meaningful security risk before merge, while cutting down the review bottleneck and reducing noise fatigue.
Fast, Context-Aware Security Feedback Right in GitHub Pull Requests
What do you like best about the product?
DryRun Security runs and provides feedback where we do our work: GitHub. Feedback is provided quickly within the context of the Pull request. This helps our team mitigate vulnerabilities before they are deployed.Vulnerabilities are reported in a context-aware manner, which reduces the number of false positives.
What do you dislike about the product?
Pricing requires contacting the team, and I typically prefer transparent pricing models. With that being said, the team is incredibly helpful, and quick to turn around price quotes.
What problems is the product solving and how is that benefiting you?
DryRun helps us mitigate Application Vulnerabilities prior to application deployment.
Catches Logic and Authorization Flaws Traditional SAST Often Misses
What do you like best about the product?
We use traditional SAST tools, but they mostly depend on rule-based static analysis. DryRun Security, by contrast, focuses on understanding code intent and logical flow, which makes it effective at finding authorization flaws, broken object-level authorization, insecure direct object reference, and insecure business logic. As AI assistants such as Cursor or ChatGPT-based tools become more widely adopted, we face new risks from AI-authored code. DryRun Security helps us focus specifically on the logic flaws that can show up in AI-generated code snippets—issues that traditional scanners often miss.
What do you dislike about the product?
This isn’t necessarily about the DryRun functionality itself, but it would be ideal to have DryRun Security available as a Marketplace offering in the cloud provider we use. That would make integration, renewal, and onboarding smoother and easier overall.
What problems is the product solving and how is that benefiting you?
We’re working to move toward a more developer-driven, integrated security process. For us, that means having a tool that’s deeply integrated into our Gitflow and can run in parallel with what developers are doing day in and day out. Beyond the contextual protection we’re getting, DryRun also helps reduce the number of external screens developers have to jump to in order to get the security insights they need.
DryRun’s Context-Aware Scanning Beats Legacy SAST
What do you like best about the product?
DryRun's use of LLMs and inclusion of context about the application makes it perform far better than traditional SAST tools. It is able to find "business logic" vulnerabilities that the legacy SAST scanners are simply unable to find and it better characterizes all of its results based on the application context it ingests.
What do you dislike about the product?
Up until recently, you could only do pull request-level scans. Recently they added the ability to do full-repository scans so I'm excited to see how this capability evolves.
What problems is the product solving and how is that benefiting you?
DryRun helps us embed security into the development process in a way that is really accessible to our development team but also visible to the security team. This helps make sure we're finding and addressing vulnerabilities before they make their way into production and gives the security team confidence that security concerns are front-of-mind for developers.
DryRun Keeps AI Code Fast and Secure with Pre-Merge Reviews
What do you like best about the product?
DryRun helps us keep up with the pace of AI code generation while ensuring that any code our developers check in goes through a security review before it’s merged.
What do you dislike about the product?
To get the most out of this product, as with any product, you need to devote time to working with it. The out-of-the-box policies are solid, but with a bit more time we could write more natural-language code policies tailored to specific use cases.
What problems is the product solving and how is that benefiting you?
DryRun is allowing us to complete security code reviews much more quickly than we were able to before. A review that used to take two weeks is now done in a few days.
One-Time Setup, Automatic Repo Scans, and Actionable PR Comments
What do you like best about the product?
Setup is a one-time process, and any new repos are scanned automatically. Findings appear as PR comments, which makes them easy for developers to notice, review, and act on.
Deepscan feels like a step forward for establishing a baseline for repo security standards and for uncovering issues in legacy repos.
Deepscan feels like a step forward for establishing a baseline for repo security standards and for uncovering issues in legacy repos.
What do you dislike about the product?
The management portal is still slow to use, and the loading time is noticeably slow by modern standards.
What problems is the product solving and how is that benefiting you?
It solves several things. First, it automatically covers new repos in scope without any human intervention. Second, feedback and findings show up directly as PR comments, so devs don’t need to jump to another tool or dashboard just to view them.
Spearheading Secure Code Development with Innovative Analysis
What do you like best about the product?
The team at DryRun Security has been wonderful to work with, and the technology is seamless to integrate. It provides valuable and ever-improving detections and allows us to accelerate secure code development, especially in the era of AI accelerating code creation. They are really innovating with agentic detections in software, not just static pattern matching like traditional SAST vendors, and can do multidimensional analysis across a wide range of contexts. This helps catch problems that would be otherwise impossible to detect with existing technology and makes our code even more secure against complex and emerging threats like prompt injection or IDOR. Additionally, integration with Impart Security's runtime protection platform is seamless, providing an end to end AI native solution. The initial setup of DryRun Security was very easy.
What do you dislike about the product?
I would love to see DryRun Security scan more of the codebase, not just pull requests. I believe they have recently launched a new feature called deepscan, and I would like the DryRun approach to be used in evaluating the entire repo so that I can get a sense of not just new code but also existing code security.
What problems is the product solving and how is that benefiting you?
I use DryRun Security to review pull requests for security vulnerabilities, improving code quality and preventing unidentified risks from merging. It accelerates secure code development with valuable detections and innovative multidimensional analysis, protecting against complex threats.
Automated Repo Scans That Save Time and Boost Security
What do you like best about the product?
Having automated scans directly in our repos saves so much time and helps make us secure.
What do you dislike about the product?
Personally I have not run into any issues on DRS that I do not like!
What problems is the product solving and how is that benefiting you?
It is helping us solve issues in our org with any issues inside of our code and helping us grabbing all of the issues during the PR. It is super easy to implement in the org making it a no brainer to use.
showing 1 - 10