Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Application Security Platform

Semgrep, Inc. | 1

Reviews from AWS Marketplace

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

29 reviews
from G2

External reviews are not included in the AWS star rating for the product.

    Financial Services

Great community driven SAST

  • December 09, 2022
  • Review verified by G2

What do you like best about the product?
We were sold on the idea that Semgrep was Python based and detections were community driven. While still providing us with the ability to write custom detections.
What do you dislike about the product?
Nothing in particular. If anything, I'd like Semgrep to add GitHub Dependabot / Snyk like features so we can manage more controls around our source code through a single vendor. The latest Supply Chain feature is a new addition.
What problems is the product solving and how is that benefiting you?
Our static analysis needs - especially custom controls. Previously we had developed our own SAST tool, but as the company grew, we decided to move to something commercial and more robust.

    Jovin L.

Semgrep works really well in Devsecops environments

  • December 09, 2022
  • Review verified by G2

What do you like best about the product?
Semgrep is quick and allows us to write additional rules very easily.
This makes it very effective, and there is support for a lot of languages. The dashboard is user friendly and its easy to look for findings reported.
What do you dislike about the product?
Semgrep does not show co-relation with multiple files. For example if an input is not filtered and is reflected on another page where it would get rendered it would be difficult to identify inSemgrep.
Finding a way to have co-relation between multiple files would be great to have.
What problems is the product solving and how is that benefiting you?
Semgrep allows to run vast number of scans across a large set of repos. That helps in a devsecops environment.

    Avinash S.

No place for False Positives

  • December 09, 2022
  • Review verified by G2

What do you like best about the product?
It is the most efficient and simple to use integration for SAST.
Free, and community-driven
Discussions on Slack channels provide valuable help and insights.
What do you dislike about the product?
Nothing major. It is evolving in right direction.
But A trial version would be good.
What problems is the product solving and how is that benefiting you?
Mostly eliminating the use of multiple SAST scanners into one.

    Computer Software

Semgrep helped us catch security bugs while scaling and supporting our code review processes

  • December 09, 2022
  • Review verified by G2

What do you like best about the product?
Semgrep's powerful rule language and engine blends usability with flexibility. Developers being able to write their own rules in Semgrep without knowing exactly how Semgrep works has helped us scale our deployment.
What do you dislike about the product?
Without fine-tuning, Semgrep (like any SAST) can be pretty noisy. I know they've been working on surfacing developer feedback to rule writers and maintainers, but I still wish there was a more scalable way to reduce noise (e.g. rule change suggestions based on where developers report false positives).
What problems is the product solving and how is that benefiting you?
We wanted to surface information about security to developers when they needed it in code review. Semgrep is helping us do that.

    Computer Software

Semgrep's custom rules are the killer SAST feature

  • December 09, 2022
  • Review verified by G2

What do you like best about the product?
Custom rules and being able to fork + modify the existing rules make Semgrep a lot more valuable as a SAST tool. For certain rules, a couple of additional "pattern-not"s have reduced our false-positive rate by as much as 30%. That kind of thing is easy in Semgrep and pretty much impossible with all other SAST tools I've used. Many other providers claim that you don't need that capability with their tools; because they have teams of people who already improve their false-positive rate. In reality, I've found Semgrep's approach works much better to cut down on spurious results.
What do you dislike about the product?
Semgrep App is still noticeably immature. There are many minor bugs around the editor, creating private rules, and the rule board. I haven't found any without some sort of workaround thus far, and R2C's support team is extremely responsive. On balance, the upsides of centralizing your rule management and having a single pane of glass to view all findings are worth the sometimes buggy UI and lacking features (such as the inability to delete rules published via the CLI).
What problems is the product solving and how is that benefiting you?
Semgrep solves static analysis for us. We're using it across all of our repositories and using custom rules to catch common mistakes our team makes. Compared to our previous SAST tool (Veracode), Semgrep scans much more quickly, and our developers love how much easier it is to triage findings.

    Computer Software

Extremely easy to setup and use resulting in immediate value.

  • December 08, 2022
  • Review verified by G2

What do you like best about the product?
Very easy to set up and the time to value is very short.
What do you dislike about the product?
I wish the rules had more information on remediation.
What problems is the product solving and how is that benefiting you?
Providing static application security analysis with high quality scanning

    Information Technology and Services

Semgrep is best in class for customizability, ease of use, and support

  • December 08, 2022
  • Review provided by G2

What do you like best about the product?
Semgrep makes it really easy to write rules. It's really straightforward and the UI also allows you to easily get feedback on rules as well. The dashboard is also convenient and simple to use. The customer support is also pretty amazing, in that they will help you over a meeting with issues you may have with implementation.
What do you dislike about the product?
The binary has been buggy in the past, and has required some debugging and patching to get working correctly. However, the Semgrep team was helpful with the entire process.
What problems is the product solving and how is that benefiting you?
It's a fantastic way to get static code analysis implemented into your CI/CD pipeline. The integration hooks seamlessly into your GitHub environment and provides a clean interface for engineers to use.

    Computer Software

Semgrep review

  • December 08, 2022
  • Review provided by G2

What do you like best about the product?
I love how customizable semgrep is in terms of identifying static as well as prod sec vulnerabilities
What do you dislike about the product?
No standard set of error checks for static analysis atleast. Has to be customized
What problems is the product solving and how is that benefiting you?
Detecting prod sec vulnerabilities as well as static errors

    Information Technology and Services

Lightning fast SAST

  • December 08, 2022
  • Review verified by G2

What do you like best about the product?
It runs super quickly and consistently produces some of the highest-quality and relevant findings I've seen when comparing against other options.
What do you dislike about the product?
The web app could use some polish, but they're focused on rapid improvements.
What problems is the product solving and how is that benefiting you?
Greater visibility into vulnerabilities in our code.

showing 21 - 29