Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

DryRun Security

DryRun Security

Reviews from AWS customer

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

12 reviews
from

External reviews are not included in the AWS star rating for the product.

    Jabez A.

Catches Logic and Authorization Flaws Traditional SAST Often Misses

  • February 13, 2026
  • Review provided by G2

What do you like best about the product?
We use traditional SAST tools, but they mostly depend on rule-based static analysis. DryRun Security, by contrast, focuses on understanding code intent and logical flow, which makes it effective at finding authorization flaws, broken object-level authorization, insecure direct object reference, and insecure business logic. As AI assistants such as Cursor or ChatGPT-based tools become more widely adopted, we face new risks from AI-authored code. DryRun Security helps us focus specifically on the logic flaws that can show up in AI-generated code snippets—issues that traditional scanners often miss.
What do you dislike about the product?
This isn’t necessarily about the DryRun functionality itself, but it would be ideal to have DryRun Security available as a Marketplace offering in the cloud provider we use. That would make integration, renewal, and onboarding smoother and easier overall.
What problems is the product solving and how is that benefiting you?
We’re working to move toward a more developer-driven, integrated security process. For us, that means having a tool that’s deeply integrated into our Gitflow and can run in parallel with what developers are doing day in and day out. Beyond the contextual protection we’re getting, DryRun also helps reduce the number of external screens developers have to jump to in order to get the security insights they need.

    Dan C.

DryRun’s Context-Aware Scanning Beats Legacy SAST

  • February 13, 2026
  • Review provided by G2

What do you like best about the product?
DryRun's use of LLMs and inclusion of context about the application makes it perform far better than traditional SAST tools. It is able to find "business logic" vulnerabilities that the legacy SAST scanners are simply unable to find and it better characterizes all of its results based on the application context it ingests.
What do you dislike about the product?
Up until recently, you could only do pull request-level scans. Recently they added the ability to do full-repository scans so I'm excited to see how this capability evolves.
What problems is the product solving and how is that benefiting you?
DryRun helps us embed security into the development process in a way that is really accessible to our development team but also visible to the security team. This helps make sure we're finding and addressing vulnerabilities before they make their way into production and gives the security team confidence that security concerns are front-of-mind for developers.

    Computer Software

DryRun Keeps AI Code Fast and Secure with Pre-Merge Reviews

  • February 13, 2026
  • Review provided by G2

What do you like best about the product?
DryRun helps us keep up with the pace of AI code generation while ensuring that any code our developers check in goes through a security review before it’s merged.
What do you dislike about the product?
To get the most out of this product, as with any product, you need to devote time to working with it. The out-of-the-box policies are solid, but with a bit more time we could write more natural-language code policies tailored to specific use cases.
What problems is the product solving and how is that benefiting you?
DryRun is allowing us to complete security code reviews much more quickly than we were able to before. A review that used to take two weeks is now done in a few days.

    Chenkai G.

One-Time Setup, Automatic Repo Scans, and Actionable PR Comments

  • February 12, 2026
  • Review provided by G2

What do you like best about the product?
Setup is a one-time process, and any new repos are scanned automatically. Findings appear as PR comments, which makes them easy for developers to notice, review, and act on.

Deepscan feels like a step forward for establishing a baseline for repo security standards and for uncovering issues in legacy repos.
What do you dislike about the product?
The management portal is still slow to use, and the loading time is noticeably slow by modern standards.
What problems is the product solving and how is that benefiting you?
It solves several things. First, it automatically covers new repos in scope without any human intervention. Second, feedback and findings show up directly as PR comments, so devs don’t need to jump to another tool or dashboard just to view them.

    Brian J.

Spearheading Secure Code Development with Innovative Analysis

  • February 12, 2026
  • Review provided by G2

What do you like best about the product?
The team at DryRun Security has been wonderful to work with, and the technology is seamless to integrate. It provides valuable and ever-improving detections and allows us to accelerate secure code development, especially in the era of AI accelerating code creation. They are really innovating with agentic detections in software, not just static pattern matching like traditional SAST vendors, and can do multidimensional analysis across a wide range of contexts. This helps catch problems that would be otherwise impossible to detect with existing technology and makes our code even more secure against complex and emerging threats like prompt injection or IDOR. Additionally, integration with Impart Security's runtime protection platform is seamless, providing an end to end AI native solution. The initial setup of DryRun Security was very easy.
What do you dislike about the product?
I would love to see DryRun Security scan more of the codebase, not just pull requests. I believe they have recently launched a new feature called deepscan, and I would like the DryRun approach to be used in evaluating the entire repo so that I can get a sense of not just new code but also existing code security.
What problems is the product solving and how is that benefiting you?
I use DryRun Security to review pull requests for security vulnerabilities, improving code quality and preventing unidentified risks from merging. It accelerates secure code development with valuable detections and innovative multidimensional analysis, protecting against complex threats.

    Information Technology and Services

Automated Repo Scans That Save Time and Boost Security

  • February 12, 2026
  • Review provided by G2

What do you like best about the product?
Having automated scans directly in our repos saves so much time and helps make us secure.
What do you dislike about the product?
Personally I have not run into any issues on DRS that I do not like!
What problems is the product solving and how is that benefiting you?
It is helping us solve issues in our org with any issues inside of our code and helping us grabbing all of the issues during the PR. It is super easy to implement in the org making it a no brainer to use.

    Todd B.

AppSec signal, not noise: DryRun catches the ‘Greeks in the horse’ PRs before they ship

  • February 11, 2026
  • Review provided by G2

What do you like best about the product?
DryRun Security gives me high-signal visibility into the changes that actually matter. The out-of-the-box analyzers help me quickly spot unexpected or risky behavior in pull requests without having to manually comb through everything. It’s become a practical way to scale AppSec review when PR volume is high—especially for catching edge cases that could create real operational or compliance impact.

I also appreciate how quickly the team is iterating: they’re regularly adding meaningful functionality, improving false-positive handling, and behaving like thought leaders in the AppSec space rather than “just another scanner.” Their continued momentum toward/through GRC certifications is a strong indicator they’re building for serious organizations, not hobby deployments.

Getting it installed was SO simple. We didn't need to tweak much, but once we started it got even better!

If the citizens of Troy had used DryRun Security, the Greeks never would have made it in.
What do you dislike about the product?
I don’t have many dislikes. If I had to pick one, it would be that I’d love to see even more investment in the developer experience and day-to-day workflow fit—making it a tool developers want to use, not one that security has to continually champion. It’s already valuable, but increasing developer pull (UX, messaging in PRs, “why it matters” context, smoother adoption) would make it even stickier.
What problems is the product solving and how is that benefiting you?
DryRun Security is solving the “too many PRs, not enough attention” problem—helping us detect the small number of changes that are genuinely risky, unusual, or non-compliant without forcing security or operations to read everything line-by-line. That directly reduces review fatigue and time-to-decision while increasing confidence that we aren’t missing the one PR that could cause a serious incident.

In our environment, it helps surface issues that could impact compliance and reliability—like changes that might enable non-compliant domain behavior or destabilize critical infrastructure dependencies (e.g., DNS-related risks). The practical benefit is fewer blind spots, faster reviews, and a stronger security posture without requiring a larger AppSec team.

    Roger W.

Deep Scan Delivers Insightful, Low-Noise Findings for Massive Legacy Codebases

  • February 11, 2026
  • Review provided by G2

What do you like best about the product?
The new Deep Scan feature, which performs a comprehensive review of our application, was incredibly helpful for identifying issues in a legacy application with millions of lines of code. Over the 20+ years of this application's lifespan, we've had several audits and 3rd-party reviews. DryRun's AI had a better grasp of the code's business intent and overall structure than most previous auditors. I expected a firehose of findings, most of which would be false positives or non-issues. However, the report listed 20 or so items to check, only one of which was a complete false positive. We're still tuning the engine for our uses, but the PR reviews have been helpful and insightful.
What do you dislike about the product?
Their UI can be a bit sluggish, especially when there are many linked GitLab repositories. It's pretty clear they've been spending most of their time on the scanning engines, and the UI was a lower priority. However, that seems to be clearing up, as the UI has improved. Ideally, you shouldn't need to use it much once it's up and running; you can just let it work directly with your repo.
What problems is the product solving and how is that benefiting you?
Most static scanners are so full of false positives that they're almost worthless when working with legacy codebases. The rise of AI-driven attacks is chilling, and it's reassuring to have something in place on our side that has been delivering measurable results.

    Justin L.

Streamlined Security with Seamless Workflow Integration

  • February 11, 2026
  • Review provided by G2

What do you like best about the product?
I use DryRun Security to look at my code for security vulnerabilities. It helps me deliver secure code to production, and I love its ease of use as it already plugs into the workflow I am used to. It's fast and lets me keep on working without having to compile my code and wait hours for a scan to finish. DryRun looks at my changes in the PR and determines if we are introducing risks to our application. The initial setup was really easy.
What do you dislike about the product?
There isn't anything to dislike
What problems is the product solving and how is that benefiting you?
I use DryRun Security to identify code vulnerabilities and deliver secure code to production. It's easy to use, integrates well with my workflow, and saves time by analyzing changes in pull requests without lengthy code compilation.

    Kyle R.

Efficient Code Review with Quick Feature Adaptations

  • February 11, 2026
  • Review provided by G2

What do you like best about the product?
I use DryRun Security to identify issues for security review or improvement as our engineering team commits a lot of code. It helps me be aware of risky changes to the codebase and assists with code security reviews. My favorite thing about DryRun is that it allows me to focus on other tasks rather than reviewing code changes and PRs all the time. I appreciate that their team is fairly quick to make feature request changes and listens to customer feedback. The initial setup was very easy and smooth, and there's really nothing like it at the moment — it's great.
What do you dislike about the product?
I do somewhat wish there were more customization options for tuning the analyzers, but that seems to be in the works.
What problems is the product solving and how is that benefiting you?
I use DryRun Security to identify risky changes and aid in code security reviews, allowing me to focus on other tasks rather than constantly reviewing code changes.

showing 1 - 10