Semgrep Reviews & Product Details

Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments.

Product Website

Seller

Semgrep

Discussions

Semgrep Community

Languages Supported

English

Overview by

Nav Singh

Pricing

Pricing provided by Semgrep.

Semgrep Code, Supply Chain, and Secrets Detection

Starting at $40.00

1 contributor Per Month

View More Pricing Information

Semgrep Integrations

(9)

Verified by Semgrep

Semgrep Media

Semgrep Demo - Semgrep Supply Chain (SCA)

Semgrep Supply Chain makes it easy to find and remediate the 2% of dependency vulnerabilities that are actually reachable in your code.

A SAST solution where developers actually fix the majority of issues they see. Make fix rate the north star metric of your AppSec program with Semgrep Code.

Go beyond regex: leverage Semantic Analysis, entropy analysis, and validation to accurately detect and fix secrets.

The Semgrep dashboard provides clear, actionable insights into code security and quality, helping teams quickly identify, prioritize, and remediate issues across their projects.

Semgrep is a code security solution that enables organizations to scale their security programs quickly and easily.

Interactive Demo

edit

Try an interactive demo created by the software seller (right here on G2).

Try demo

G2 reviews are authentic and verified.

Here's how.

Mahmoud H.

Information Security Intern

Mid-Market (51-1000 emp.)

9/16/2025

"I think Semgrep is a must have for every Software Company"

4.5/5

What do you like best about Semgrep?

The fact that it can scan dependencies and has so many rules configured on the spot, with a very friendly and easy to use UI for the SemGrep pro. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

I think what semgrep needs is a feature that summarizes the overall security standing of a repository/project. And to allow the user to be able to tell the platform the links between different repos/ if there are any. Review collected by and hosted on G2.com.

Nitish U.

Product Security Lead

Computer & Network Security

Mid-Market (51-1000 emp.)

4/13/2026

"Accurate Results and a Polished UI from Semgrep"

4.5/5

What do you like best about Semgrep?

Accuracy, UI. Semgrep AI assistant. Semgrep SCA reachability matrix Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

Bugs, Crashes. Frequent issues in PR scans. Review collected by and hosted on G2.com.

Verified User in Computer Software

Mid-Market (51-1000 emp.)

9/12/2025

"Enhancing Security with Semgrep"

4/5

What do you like best about Semgrep?

Since it runs fast and integrates directly into CI/CD, my team can surface issues early — from insecure function use to misconfigured patterns — before they ever hit production. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

Filter limitations and changing some settings at the global level using UI. Having more advanced filtering and project-level controls would make it easier to manage findings across different environments, prioritize risks. Review collected by and hosted on G2.com.

What problems is Semgrep solving and how is that benefiting you?

The biggest benefit for us is automation and consistency. By integrating Semgrep into CI/CD pipelines, I can enforce secure coding practices at scale and ensure that every pull request is checked for common vulnerabilities. This reduces reliance on manual reviews, lowers the chance of critical bugs slipping into production, and frees me up to focus on more complex security work like pentesting and cloud security design. Review collected by and hosted on G2.com.

Siddhesh J.

Senior Security Analyst & Consultant

Information Technology and Services

Mid-Market (51-1000 emp.)

9/8/2025

"Fast and positive results"

4.5/5

What do you like best about Semgrep?

There are multiple things which is great in the SemGrep tool, 1st easy integration with GSM and CI-CD pipeline, 2nd is easy terminal based code scan which save lot of time and intergration if Code is small. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

Not specific as such, since everything is good in right price. Review collected by and hosted on G2.com.

Andrew K.

Systems Administrator

Enterprise (> 1000 emp.)

10/21/2025

"Effortless Code Scanning, But Dynamic Issues Can Slip Through"

2.5/5

What do you like best about Semgrep?

Our company has it automatically enabled to scan our code. We can click a link and see what items need to be addressed. I get a review of my code every commit. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

I can hide security issues with dynamically loaded variables and methods Review collected by and hosted on G2.com.

Verified User in Computer Software

Small-Business (50 or fewer emp.)

9/9/2025

"Hands-off setup could not be easier"

4.5/5

What do you like best about Semgrep?

Very little had to be done on our end to set up managed scans for the entire GitHub organization. Aside from Semgrep staff adjusting things to get a scan to complete, or large codebase was running SAST scans in a few days.

Github PR comments show users what to do, and AI can classify many reports correctly as not needing mitigation. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

Semgrep's features are designed around preventing new problems from being introduced in pull requests, but those same features are not available for issues found on trunk branches - these have to be dealt with manually. Review collected by and hosted on G2.com.

Verified User in Semiconductors

Enterprise (> 1000 emp.)

10/21/2025

"Insightful Vulnerability Analysis, But Needs Automatic Analysis"

5/5

What do you like best about Semgrep?

The tool provides an analysis of detected vulnerabilities in the code and also offers suggested fixes. This feature is helpful for identifying potential issues and understanding how to address them. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

Currently, I have to manually trigger the analysis each time a new detection occurs, but I would prefer if the analysis happened automatically as soon as something is detected. Review collected by and hosted on G2.com.

Verified User in International Affairs

Enterprise (> 1000 emp.)

10/21/2025

"Speeds Up Bug Detection, But Rule Syntax Can Be Limiting for Complex Code"

4/5

What do you like best about Semgrep?

The best thing about Semgrep is that it helps catch bugs and enforce code standards early in development, without slowing engineers down. It’s quick, understandable, and fits naturally into the developer workflow. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

My main dislike is that Semgrep’s rule syntax can feel restrictive when dealing with dynamic code or frameworks that rely heavily on metaprogramming. It’s great for straightforward patterns, but deeper semantic analysis sometimes needs more manual effort. Review collected by and hosted on G2.com.

Verified User in Hospital & Health Care

Enterprise (> 1000 emp.)

10/30/2025

"Flexible Rules and GitHub Integration Shine, But Needs Better Product Segmentation"

4.5/5

What do you like best about Semgrep?

Semgrep offers a single platform for SAST and SCA solutions which is good, but the best part is semgrep rules they are so flexible and easy to write that you dont need to manually do filtering or removing.

The tool has another feature I personally like is github actions that will show bugs in git itself with an AI reviewed fixed version. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

Semgrep doesnt have Product wise segmentation like for organizations with multiple products you will have only projects and have to use labels to categorise those products. Review collected by and hosted on G2.com.

Shuiab S.

EDA hardwarw engineer

Enterprise (> 1000 emp.)

10/21/2025

"Clean Interface and Clear Insights, But Setup Can Be Frustrating"

4/5

What do you like best about Semgrep?

The interface is extremely clean, and all vulnerabilities are clearly highlighted. Review collected by and hosted on G2.com.

What do you dislike about Semgrep?

Setting up the system for the first time was quite frustrating, as I found myself needing assistance from the IT agent on several occasions. Review collected by and hosted on G2.com.