

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
It saves a significant amount of time by covering attack surfaces.
I have seen a return on investment, as Acunetix helps reduce the man-days and effort needed for scanning bulk applications through automated assessments.
This can be translated to being able to do the same amount of work with less technicians.
Tasks that previously took days are completed in significantly less time.
I can say it saves us time related to coding and also saves money, making it a very reliable tool for our organization with great features.
For high-severity issues, they reach out within two to three hours, and for critical issues, a response is received within 15 minutes.
The technical support from Invicti is very good and fast.
Support staff not being familiar with the problem.
Their documentation and community are very active, so most of the time when problems occur, I get a solution.
Customer support and services for Semgrep are very reliable and good.
Customer support is really good and there is also strong community support.
Acunetix can handle increasing workloads and more applications easily.
I was able to control it from 10 repositories or 10 services to thousands of repositories in a couple of minutes very simply.
This is an open-source tool, so it absolutely does the job, but if you were to implement a tool such as this in an enterprise, this would probably not be scalable.
Semgrep makes it easy to integrate and grow within any environment without concern for crashes.
If there is no master branch or default branch, the tool fails to identify it and will never scan it unless manually somebody looks into it and fixes the issue.
Since I have been using it, I have not experienced any downtime.
The main concern is related to false positives; Acunetix needs to work on identifying valid and invalid findings.
I could supply it with maybe a Swagger file or a JSON file, and Acunetix would pick it up, scan all the endpoints according to the OWASP Top Ten, and give me remediation and actionable remediation reports.
Acunetix should have better integration with newer tools such as GitHub and Azure DevOps.
The UI and additional dashboarding and other details would definitely make the tool more user-friendly and more of a candidate to be implemented in an enterprise.
Currently, they are working on identifying business logic vulnerabilities or privilege escalation vulnerabilities by looking at the code, and they should continue to focus on and improve this effort.
More advanced dependency analysis features in the SCA part and deeper vulnerability databases would be beneficial.
The pricing cost is affordable for small and mid-sized organizations, and when compared to Checkmarx, it is significantly affordable, as Checkmarx is quite expensive.
We secured a special licensing model for penetration testing companies, which is cost-effective.
The pricing of Acunetix is pretty expensive and could be improved.
It is basically open-source, so the cost to set up is no cost.
It offers very reasonable pricing and costs.
Its most valuable role is in enhancing security by identifying potential vulnerabilities efficiently.
The solution is excellent at detecting SQL injection and cross-site scripting vulnerabilities.
The best feature Acunetix offers is the centralized dashboard and the quality of reports it generates, which includes various options for selecting reports and developer options for directly sharing the reports with developers.
When you triage with AI, it gathers context around the finding and reduces the noise about 80 to 90 percent of the time, asking you to focus only on findings that really matter.
The Software Composition Analysis is the most valuable feature in Semgrep.
The best feature of Semgrep is its ability to highlight high priority issues during scanning, making it critical for developers to address these vulnerabilities promptly.
| Product | Mindshare (%) |
|---|---|
| Acunetix | 2.7% |
| Semgrep | 2.3% |
| Other | 95.0% |


| Company Size | Count |
|---|---|
| Small Business | 18 |
| Midsize Enterprise | 7 |
| Large Enterprise | 19 |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Large Enterprise | 3 |
Acunetix is a dynamic application security tool used globally for web application vulnerability scanning, focusing on SQL injection and cross-site scripting.
Acunetix provides a comprehensive web vulnerability assessment platform designed for identifying and remediating security threats. Users benefit from its ability to schedule scans, boasting a fast detection rate for common vulnerabilities. The tool's centralized dashboard helps organizations with compliance monitoring and features such as crawling and login sequence enhancements, contributing depth to its security assessments. Despite high praise for its integration capabilities and automated scanning that saves time, pricing and false positives present challenges. Organizations often use Acunetix to maintain internal security and evaluate pre-release environments.
What are Acunetix's main features?In industries like finance, healthcare, and technology, Acunetix assists in protecting sensitive data through robust scanning and reporting capabilities. Its ability to perform dynamic assessments makes it a chosen tool in regulatory environments and development settings, offering both internal security inspections and pre-release evaluations.
Semgrep is an advanced static analysis tool designed to identify vulnerabilities and enforce coding standards, catering primarily to professionals with a focus on enhancing code security and quality.
Engineered for software development environments, Semgrep delivers efficient security feedback with minimal setup. By offering a rich collection of rule sets, it allows customization and integration into CI/CD pipelines, supporting continuous code examination. Semgrep not only uncovers hidden flaws but also enforces best practices, making it a valuable asset for development teams seeking to build secure and reliable software.
What are the most important features of Semgrep?In industry applications, Semgrep is a popular choice for sectors such as finance and healthcare, where code integrity and security are paramount. Its integration capabilities allow for effective oversight of compliance and secure coding standards without disrupting existing workflows. This adaptability ensures it meets sector-specific requirements, making it a trusted tool in fields where data privacy and protection are critical.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.