No more typing reviews! Try our Samantha, our new voice AI agent.

What is Semgrep?

Get the report
Helped 903,182 peers since 2012

Featured Semgrep reviews

Semgrep mindshare

As of July 2026, the mindshare of Semgrep in the Static Application Security Testing (SAST) category stands at 2.3%, down from 2.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Semgrep2.3%
SonarQube14.2%
Checkmarx One9.1%
Other74.4%
Static Application Security Testing (SAST)

PeerResearch reports based on Semgrep reviews

TypeTitleDate
CategoryStatic Application Security Testing (SAST)Jul 6, 2026Download
ProductReviews, tips, and advice from real usersJul 6, 2026Download
ComparisonSemgrep vs SonarQubeJul 6, 2026Download
ComparisonSemgrep vs Checkmarx OneJul 6, 2026Download
ComparisonSemgrep vs VeracodeJul 6, 2026Download
Suggested products
TitleRatingMindshareRecommending
SonarQube4.014.2%84%135 interviewsAdd to research
Snyk4.15.8%100%51 interviewsAdd to research
 
 
Key learnings from peers
Last updated Jun 28, 2026

Valuable Features

Room for Improvement

ROI

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

By reviewers
Company SizeCount
Small Business4
Large Enterprise3
By reviewers
By visitors reading reviews
Company SizeCount
Small Business148
Midsize Enterprise67
Large Enterprise303
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
15%
Manufacturing Company
11%
Computer Software Company
8%
Comms Service Provider
7%
Outsourcing Company
6%
University
5%
Retailer
4%
Government
4%
Construction Company
3%
Media Company
3%
Healthcare Company
3%
Educational Organization
3%
Insurance Company
3%
Legal Firm
3%
Transportation Company
2%
Wholesaler/Distributor
2%
Leisure / Travel Company
2%
Hospitality Company
2%
Real Estate/Law Firm
2%
Pharma/Biotech Company
2%
Performing Arts
1%
Recreational Facilities/Services Company
1%
Energy/Utilities Company
1%
Marketing Services Firm
1%
Non Profit
1%
Agriculture
1%
Consumer Goods Company
1%
Aerospace/Defense Firm
1%
Religious Institution
1%

Compare Semgrep with alternative products

Learn more about Semgrep

Semgrep customers

Related questions

 
Semgrep Reviews Summary
Author infoRatingReview Summary
Cloud & Application Security at Sixt SE4.0I've used Semgrep for several months and value its contextual analysis, seamless IDE integration, and minimal noise, though scan time and integration limitations persist; overall, it’s a strong, scalable tool improving developer experience and application security.
Sr. Project Analyst [Cybersecurity] at a consultancy with 10,001+ employees4.0I use Semgrep for SAST and code review, finding it easy to use, highly customizable, and efficient. It saves significant time daily, proving more effective than SonarQube. While stable and scalable, it could be more user-friendly and comprehensive.
DevOps Engineer at Exponential Craft4.0As a DevOps person, I effectively use Semgrep for SAST, finding high-priority vulnerabilities. It's user-friendly, stable, and greatly improves our security posture, saving significant time and money, leading me to highly recommend it.
DevSecOps Security Engineer at a manufacturing company with 10,001+ employees3.0I use Semgrep for POCs in SAST, secret scanning, and SCA, valuable for benchmarking. It excels in SCA, but its open-source version has false positives and lacks enterprise UI/scalability. I rated it 6.5/10.
Angular Developer at Flourish Software4.5I find Semgrep excellent for fast, user-friendly vulnerability detection and CI/CD integration, saving me significant time weekly. It's stable, scalable, and cost-effective, outperforming SonarQube. I only wish it had more AI features.
SecOps Engineer at IriusRisk3.0I primarily use Semgrep for SCA in CI/CD, finding its easy integration and automated checks reduce manual effort. However, its coverage, advanced features, and high price are areas for improvement, and it's complex to maintain.
Security Consultant | Application Security at Jowatechs4.0We use Semgrep to check custom user pipelines for vulnerabilities, benefiting from its ability to write custom rules. It improves our development speed and cost efficiency, although more beginner-friendly information is needed. We didn't switch from another product.
Manjunath Maneppagol - PeerSpot reviewer
Manjunath Maneppagol
Cloud & Application Security at Sixt SE
Nov 29, 2025
Context-aware code analysis has reduced noise and now improves developer experience with actionable security findings
AP
Aman Raj Pandey
Sr. Project Analyst [Cybersecurity] at a consultancy with 10,001+ employees
Jun 21, 2026
Automated security checks have transformed code reviews and save hours every development week
Olakunle Obasoro - PeerSpot reviewer
Olakunle Obasoro
DevOps Engineer at Exponential Craft
Jun 18, 2026
Code scans have accelerated remediation and keep development focused on security
reviewer2014131 - PeerSpot reviewer
reviewer2014131
DevSecOps Security Engineer at a manufacturing company with 10,001+ employees
May 31, 2026
Benchmarking security testing has shaped our tool evaluations but still needs fewer false positives
Hiten Nandasana - PeerSpot reviewer
Hiten Nandasana
Angular Developer at Flourish Software
Jun 27, 2026
Early detection has transformed our code reviews and makes our development process faster
Francisco Javier Vergara - PeerSpot reviewer
Francisco Javier Vergara
SecOps Engineer at IriusRisk
Mar 20, 2026
Automated dependency checks have improved our workflows but remain complex and costly to manage
Henry Mwawai - PeerSpot reviewer
Henry Mwawai
Security Consultant | Application Security at Jowatechs
Sep 23, 2024
Automated code reviews and good scalability with custom rule adaptability