DryRun Security
DryRun SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
20 reviews
from
External reviews are not included in the AWS star rating for the product.
High-Signal Security Reviews Right in the Developer Workflow
What do you like best about the product?
DryRun Security helps solve the problem of noisy and time-consuming security reviews by providing contextual, high-signal findings directly in the developer workflow. Instead of spending unnecessary time sorting through false positives or trying to determine which issues are actually exploitable, the platform uses AI-driven analysis to help identify the risks that actually matter and explain them in a way developers can act on. Its performance has also been a benefit, as it fits well into the pull request process without creating unnecessary friction or slowing down development.
It also helps bridge the gap between security and development teams. By providing AI-powered remediation guidance, pull request context, and policy-based guardrails, DryRun Security makes it easier to maintain security standards while still allowing teams to move quickly. The support experience has been another positive, with helpful guidance when questions come up or when we need assistance getting more value from the platform. Overall, DryRun Security supports faster, more confident development while giving security teams better visibility into code risk across repositories.
It also helps bridge the gap between security and development teams. By providing AI-powered remediation guidance, pull request context, and policy-based guardrails, DryRun Security makes it easier to maintain security standards while still allowing teams to move quickly. The support experience has been another positive, with helpful guidance when questions come up or when we need assistance getting more value from the platform. Overall, DryRun Security supports faster, more confident development while giving security teams better visibility into code risk across repositories.
What do you dislike about the product?
The main thing I would like to see improved is broader integration with external workflow and ticket management platforms, especially Jira. While DryRun Security provides useful findings and guidance in the developer workflow, having a more seamless way to create, track, and manage security tickets in Jira would make it easier for teams that rely heavily on Jira for vulnerability management, sprint planning, and remediation tracking. Stronger integrations with external platforms would help security and engineering teams operationalize findings more effectively across their existing processes.
What problems is the product solving and how is that benefiting you?
DryRun Security helps solve the problem of noisy and time-consuming security reviews by providing contextual, high-signal findings directly in the developer workflow. Instead of spending unnecessary time sorting through false positives or trying to determine which issues are actually exploitable, the platform uses AI-driven analysis to help identify the risks that actually matter and explain them in a way developers can act on. Its performance has also been a benefit, as it fits well into the pull request process without creating unnecessary friction or slowing down development.
It also helps bridge the gap between security and development teams. By providing AI-powered remediation guidance, pull request context, and policy-based guardrails, DryRun Security makes it easier to maintain security standards while still allowing teams to move quickly. The support experience has been another positive, with helpful guidance when questions come up or when we need assistance getting more value from the platform. Overall, DryRun Security supports faster, more confident development while giving security teams better visibility into code risk across repositories.
It also helps bridge the gap between security and development teams. By providing AI-powered remediation guidance, pull request context, and policy-based guardrails, DryRun Security makes it easier to maintain security standards while still allowing teams to move quickly. The support experience has been another positive, with helpful guidance when questions come up or when we need assistance getting more value from the platform. Overall, DryRun Security supports faster, more confident development while giving security teams better visibility into code risk across repositories.
Good Use Case for AI
What do you like best about the product?
Since its agentic and doesn't depend on rules, theres good coverage across any language, framework, or tool out of the box. It's been particularly helpful providing feedback to engineers on changes to infra level concerns like terraform or helm.
What do you dislike about the product?
No major downsides, just needs some refinement as it grows. Slack alerts can be a bit noisy, for example. Thus far the team has sought feedback frequently and eventually comes up with solutions.
What problems is the product solving and how is that benefiting you?
Scaling rich, contextual security feedback for engineers without slowing down our velocity. Critical issues are rare to start with in our environment, but it has flagged a few at the PR stage before they get merged, which is also great.
DryRun Surfaces Actionable Security Issues with Helpful PR Context
What do you like best about the product?
DryRun is better than any static code analyzer we’ve used. It consistently surfaces real security concerns in PRs, provides helpful context, and makes the findings actionable.
What do you dislike about the product?
The scans can be a little slower compared to a static analyzer which is expected and acceptable.
What problems is the product solving and how is that benefiting you?
Shorting security reviews for our team as we are moving to more AI assisted development and shipping more code per engineer.
Next Gen of SAST Tool That Has Cutting Edge Tech
What do you like best about the product?
Very easy to set up and has takes in Github permissions making me worry less about what people have permission on. This SAST tool is a cutting edge and utilizes AI in a proper way allowing us to plug and play the tool into repo and get findings on it consistently across the repos we worry about. Chatting with the sec team + dev team we can see it provides value that other SAST tools haven't provided but also isn't noisy and high accurate letting find very critical bugs that have been missed in the past.
What do you dislike about the product?
Nothing really. Had minor issues with missing common SAST features (dismissal, long PR comments) but Dry Run's team really steps up their game and take in customer feedback to consistently improve and make the product suit the customer as much as possible.
What problems is the product solving and how is that benefiting you?
Better experience with SAST and a lot more accurate allowing for a pleasant experience.
DryRun Security Delivers Rich Code Security Context and Intelligence
What do you like best about the product?
DryRun security gives us a ton of context and intelligence around our code security that typical scanners don't give us.
What do you dislike about the product?
Nothing comes to mind. We use this for internal security and customer security facing reports.
What problems is the product solving and how is that benefiting you?
DryRun is adding another layer of intelligence to our security assessment capabilities. We use this for internal security enhancements, and we package some of this data up for customer facing reports.
As a security company, we have come to rely on it
What do you like best about the product?
I use it every day. We review anywhere from 5-50 PRs. Higher on a good day. We use any of the code review agents, but DryRun is the one we specifically rely on to review the security of the code
What do you dislike about the product?
Until recently, we could only use it on a PR by PR basis. They've added a repo review (or rather an entire codebase review), but I haven't had a chance to test it yet.
What problems is the product solving and how is that benefiting you?
As a security company, we have to ship secure code. It finds issues that others don't find. We've tried many different code review agents. They all find things, but DryRun specifically and continuously finds more in-depth security issues than others.
DryRun Supercharges AppSec with Context-Aware, Actionable PR Feedback
What do you like best about the product?
DryRun has been a strong force multiplier for our AppSec process. It analyzes changes in context (not just pattern matching), flags issues early in pull requests, and delivers feedback in a way engineers can act on quickly. We’ve seen fewer false positives vs. legacy SAST approaches, which makes it easier to build trust with dev teams.
What do you dislike about the product?
Full-repo scanning is an area I’d like to see expanded. I know it’s already on the roadmap, and I’m looking forward to deeper whole-repository coverage in addition to PR/change-based analysis.
What problems is the product solving and how is that benefiting you?
DryRun helps us catch meaningful security risk before merge, while cutting down the review bottleneck and reducing noise fatigue.
Fast, Context-Aware Security Feedback Right in GitHub Pull Requests
What do you like best about the product?
DryRun Security runs and provides feedback where we do our work: GitHub. Feedback is provided quickly within the context of the Pull request. This helps our team mitigate vulnerabilities before they are deployed.Vulnerabilities are reported in a context-aware manner, which reduces the number of false positives.
What do you dislike about the product?
Pricing requires contacting the team, and I typically prefer transparent pricing models. With that being said, the team is incredibly helpful, and quick to turn around price quotes.
What problems is the product solving and how is that benefiting you?
DryRun helps us mitigate Application Vulnerabilities prior to application deployment.
Catches Logic and Authorization Flaws Traditional SAST Often Misses
What do you like best about the product?
We use traditional SAST tools, but they mostly depend on rule-based static analysis. DryRun Security, by contrast, focuses on understanding code intent and logical flow, which makes it effective at finding authorization flaws, broken object-level authorization, insecure direct object reference, and insecure business logic. As AI assistants such as Cursor or ChatGPT-based tools become more widely adopted, we face new risks from AI-authored code. DryRun Security helps us focus specifically on the logic flaws that can show up in AI-generated code snippets—issues that traditional scanners often miss.
What do you dislike about the product?
This isn’t necessarily about the DryRun functionality itself, but it would be ideal to have DryRun Security available as a Marketplace offering in the cloud provider we use. That would make integration, renewal, and onboarding smoother and easier overall.
What problems is the product solving and how is that benefiting you?
We’re working to move toward a more developer-driven, integrated security process. For us, that means having a tool that’s deeply integrated into our Gitflow and can run in parallel with what developers are doing day in and day out. Beyond the contextual protection we’re getting, DryRun also helps reduce the number of external screens developers have to jump to in order to get the security insights they need.
DryRun’s Context-Aware Scanning Beats Legacy SAST
What do you like best about the product?
DryRun's use of LLMs and inclusion of context about the application makes it perform far better than traditional SAST tools. It is able to find "business logic" vulnerabilities that the legacy SAST scanners are simply unable to find and it better characterizes all of its results based on the application context it ingests.
What do you dislike about the product?
Up until recently, you could only do pull request-level scans. Recently they added the ability to do full-repository scans so I'm excited to see how this capability evolves.
What problems is the product solving and how is that benefiting you?
DryRun helps us embed security into the development process in a way that is really accessible to our development team but also visible to the security team. This helps make sure we're finding and addressing vulnerabilities before they make their way into production and gives the security team confidence that security concerns are front-of-mind for developers.
showing 1 - 10