Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Application Security Platform

Semgrep, Inc.

Reviews from AWS customer

1 AWS reviews
  • 5 star
    0
  • 4 star
    1
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

55 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Information Technology and Services

I got a really great experience using Semgrep to fix most vulnerabilities I had with my repo.

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
1 - Security inforcment.
2 - Finding common bugs in code.
What do you dislike about the product?
It was hard for to set it up with my GitHub repo, so things here can be improved for the future.
What problems is the product solving and how is that benefiting you?
- Like mentioned above the ability to scan for bugs and vulnerabilities in my public repo is one of the benefits.
- CI/CD life improvement.
- Improving code security.

    Garry P.

Way better than any other tool *cough* verracode *cough*

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
It's super easy to use and doesn't get in the way. The ability to create custom rules and easily ignore existing rules makes this tool standout above any of the other "static analysis" tools I've used to date.
What do you dislike about the product?
Honestly, there isn't much I dislike. Perhaps having buttons directly interact with the github comments would be nice?
What problems is the product solving and how is that benefiting you?
It's solving a range of issues:

* Security checks (e.g. no open S3 bucktes)
* code quality (e.g. don't nest for loops or conditionals)
* Infra verification via terraform checks

    Financial Services

Easy to extend with custom rules but bumped into lots of bugs

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
Easy to add custom rules (e.g. by using the online rule editor). Also, Semgrep App has some nice, convenient features (like private rule repository).
What do you dislike about the product?
Most of the paid Semgrep features can be worked around with the open source version (e.g. using a private git repository to store private rules), so I am not 100% sure the Semgrep Team license and the whole Semgrep App are mature enough to justify the price tag.
Also, we ran into many bugs since we started to roll it out within the organization. The good news is that Semgrep Support is responsive (although with 9 hours time zone diff); the bad news is that I require their help constantly since I find 1-2 new bugs every week.
What problems is the product solving and how is that benefiting you?
Preventing secrets and vulnerable code from being committed to git repositories by running Semgrep automatically as part of our CI/CD pipeline.

    Biotechnology

Excellent tool for outlining security vulnerabilities within your application

  • December 12, 2022
  • Review provided by G2

What do you like best about the product?
Great analysis of vulnerabilities with ability to review, rank and update status of each incident
What do you dislike about the product?
It would be great if Semgrep did further static analysis to cover code smells and code coverage, in addition to security.
What problems is the product solving and how is that benefiting you?
It provides insights into the security vulnerabilities within our application.

    Computer Software

Good set of rules, but a bunch of false positives

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
The upsides are that code scanning is very fast, and the ruleset is complete. Rule management on the rule board is also very easy. Integrations and webhooks are a plus.
What do you dislike about the product?
The downsides are that the number of false positives for some of the rules is enormous due to the lack of taint tracking support for PHP. Improving this ruleset, or adding taint tracking for PHP would be most helpful.
What problems is the product solving and how is that benefiting you?
Semgrep is helping us scan our PHP code for first-party vulnerabilities. The most tangible benefit is better coding standards. Their SCA product is also very interesting.

    Financial Services

Quick and effective SAST and Dependency Checking

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
Super easy to implement and manage. Seamless integration into our CI pipeline, and only gets in the developers' way when it needs to. Reachability testing of depenencies is nice.
What do you dislike about the product?
Not too much to dislike. The Supply Chain/dependency scanning is new and will need more rules for reachability, but these are gradually being built.
What problems is the product solving and how is that benefiting you?
Semgrep acts as an effective guardrail, allowing developers to write code and be guided when potential vulnerabilities are introduced.

    Financial Services

Semgrep suited us very well

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
Easy integration and custom rules. The CLI makes it very easy to run tests locally.
What do you dislike about the product?
The new UI is a little confusing and the filter addition is a little slow
What problems is the product solving and how is that benefiting you?
Helped with our SAST program

    Financial Services

Great community driven SAST

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
We were sold on the idea that Semgrep was Python based and detections were community driven. While still providing us with the ability to write custom detections.
What do you dislike about the product?
Nothing in particular. If anything, I'd like Semgrep to add GitHub Dependabot / Snyk like features so we can manage more controls around our source code through a single vendor. The latest Supply Chain feature is a new addition.
What problems is the product solving and how is that benefiting you?
Our static analysis needs - especially custom controls. Previously we had developed our own SAST tool, but as the company grew, we decided to move to something commercial and more robust.

    Jovin L.

Semgrep works really well in Devsecops environments

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
Semgrep is quick and allows us to write additional rules very easily.
This makes it very effective, and there is support for a lot of languages. The dashboard is user friendly and its easy to look for findings reported.
What do you dislike about the product?
Semgrep does not show co-relation with multiple files. For example if an input is not filtered and is reflected on another page where it would get rendered it would be difficult to identify inSemgrep.
Finding a way to have co-relation between multiple files would be great to have.
What problems is the product solving and how is that benefiting you?
Semgrep allows to run vast number of scans across a large set of repos. That helps in a devsecops environment.

    Avinash S.

No place for False Positives

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
It is the most efficient and simple to use integration for SAST.
Free, and community-driven
Discussions on Slack channels provide valuable help and insights.
What do you dislike about the product?
Nothing major. It is evolving in right direction.
But A trial version would be good.
What problems is the product solving and how is that benefiting you?
Mostly eliminating the use of multiple SAST scanners into one.

showing 41 - 50