Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Application Security Platform

Semgrep, Inc.

Reviews from AWS customer

1 AWS reviews
  • 5 star
    0
  • 4 star
    1
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

57 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Financial Services

Semgrep is a plus with continuous management & tracking of open vulnerabilities.

  • December 15, 2022
  • Review provided by G2

What do you like best about the product?
Useful for tracking the open vulnerabilities, repository wise, until they're closed. I find the ability to create custom vulnerability config manually to be very useful, to extend the functionality beyond the vulnerabilities that could be picked up by existing available config templates.
What do you dislike about the product?
I think the findings could be improved. There's a limit to what static analysis tools can dig out from the code, and probably it's the limitation of technology itself, rather than semgrep.
What problems is the product solving and how is that benefiting you?
Picking up the bad patterns in the code very early during the development cycle. There are certain coding patterns that semgrep picks up, which could be leading to deeper or critical security issues later.

    Insurance

Effective, efficient and eng friendly scanner

  • December 14, 2022
  • Review provided by G2

What do you like best about the product?
It's a super customizable, fast and effective tool to have as an inline scanner on the CI/CD pipeline.
What do you dislike about the product?
Nothing really - support is amazing and while they are still early in developing their product suite, they are super receptive to feedback
What problems is the product solving and how is that benefiting you?
Shifting security left in an Eng friendly way

    Information Technology and Services

I got a really great experience using Semgrep to fix most vulnerabilities I had with my repo.

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
1 - Security inforcment.
2 - Finding common bugs in code.
What do you dislike about the product?
It was hard for to set it up with my GitHub repo, so things here can be improved for the future.
What problems is the product solving and how is that benefiting you?
- Like mentioned above the ability to scan for bugs and vulnerabilities in my public repo is one of the benefits.
- CI/CD life improvement.
- Improving code security.

    Garry P.

Way better than any other tool *cough* verracode *cough*

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
It's super easy to use and doesn't get in the way. The ability to create custom rules and easily ignore existing rules makes this tool standout above any of the other "static analysis" tools I've used to date.
What do you dislike about the product?
Honestly, there isn't much I dislike. Perhaps having buttons directly interact with the github comments would be nice?
What problems is the product solving and how is that benefiting you?
It's solving a range of issues:

* Security checks (e.g. no open S3 bucktes)
* code quality (e.g. don't nest for loops or conditionals)
* Infra verification via terraform checks

    Financial Services

Easy to extend with custom rules but bumped into lots of bugs

  • December 13, 2022
  • Review provided by G2

What do you like best about the product?
Easy to add custom rules (e.g. by using the online rule editor). Also, Semgrep App has some nice, convenient features (like private rule repository).
What do you dislike about the product?
Most of the paid Semgrep features can be worked around with the open source version (e.g. using a private git repository to store private rules), so I am not 100% sure the Semgrep Team license and the whole Semgrep App are mature enough to justify the price tag.
Also, we ran into many bugs since we started to roll it out within the organization. The good news is that Semgrep Support is responsive (although with 9 hours time zone diff); the bad news is that I require their help constantly since I find 1-2 new bugs every week.
What problems is the product solving and how is that benefiting you?
Preventing secrets and vulnerable code from being committed to git repositories by running Semgrep automatically as part of our CI/CD pipeline.

    Biotechnology

Excellent tool for outlining security vulnerabilities within your application

  • December 12, 2022
  • Review provided by G2

What do you like best about the product?
Great analysis of vulnerabilities with ability to review, rank and update status of each incident
What do you dislike about the product?
It would be great if Semgrep did further static analysis to cover code smells and code coverage, in addition to security.
What problems is the product solving and how is that benefiting you?
It provides insights into the security vulnerabilities within our application.

    Computer Software

Good set of rules, but a bunch of false positives

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
The upsides are that code scanning is very fast, and the ruleset is complete. Rule management on the rule board is also very easy. Integrations and webhooks are a plus.
What do you dislike about the product?
The downsides are that the number of false positives for some of the rules is enormous due to the lack of taint tracking support for PHP. Improving this ruleset, or adding taint tracking for PHP would be most helpful.
What problems is the product solving and how is that benefiting you?
Semgrep is helping us scan our PHP code for first-party vulnerabilities. The most tangible benefit is better coding standards. Their SCA product is also very interesting.

    Financial Services

Quick and effective SAST and Dependency Checking

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
Super easy to implement and manage. Seamless integration into our CI pipeline, and only gets in the developers' way when it needs to. Reachability testing of depenencies is nice.
What do you dislike about the product?
Not too much to dislike. The Supply Chain/dependency scanning is new and will need more rules for reachability, but these are gradually being built.
What problems is the product solving and how is that benefiting you?
Semgrep acts as an effective guardrail, allowing developers to write code and be guided when potential vulnerabilities are introduced.

    Financial Services

Semgrep suited us very well

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
Easy integration and custom rules. The CLI makes it very easy to run tests locally.
What do you dislike about the product?
The new UI is a little confusing and the filter addition is a little slow
What problems is the product solving and how is that benefiting you?
Helped with our SAST program

    Financial Services

Great community driven SAST

  • December 09, 2022
  • Review provided by G2

What do you like best about the product?
We were sold on the idea that Semgrep was Python based and detections were community driven. While still providing us with the ability to write custom detections.
What do you dislike about the product?
Nothing in particular. If anything, I'd like Semgrep to add GitHub Dependabot / Snyk like features so we can manage more controls around our source code through a single vendor. The latest Supply Chain feature is a new addition.
What problems is the product solving and how is that benefiting you?
Our static analysis needs - especially custom controls. Previously we had developed our own SAST tool, but as the company grew, we decided to move to something commercial and more robust.

showing 41 - 50