No more typing reviews! Try our Samantha, our new voice AI agent.
Semgrep Logo

Semgrep pros and cons

Vendor: Semgrep
3.7 out of 5
Leave a review

Pros & Cons summary

Semgrep offers custom rule writing and integrates smoothly with CI/CD pipelines, appealing to developers. It specializes in SAST, secret scanning, and Software Composition Analysis, boosted by AI. While it enhances value with custom rules, its complexity and high cost might deter some users. Beginners in application security may need more acquisition details. Although Semgrep excels, scan speeds and maintenance challenges limit its appeal, with some finding competitors superior.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the category report

Prominent pros & cons

PROS

Semgrep offers the ability to write custom rules.
It integrates easily with CI/CD pipelines, making it developer-friendly.
Semgrep excels in SAST, secret scanning, and Software Composition Analysis scanning types.
The AI-backed capability is a major strength compared to competitors.
The flexibility in writing custom rules enhances its value.

CONS

There should be more information on how to acquire Semgrep, catering to beginners in application security, to make it more user-friendly.
Semgrep is really complex to maintain and to use.
Semgrep has a huge price tag.
Semgrep receives a six out of 10 because there are other tools that are better.
Their scan time is an issue; sometimes the scan never completes with AI-based scanning, making it difficult.
 

Semgrep Pros review quotes

Manjunath Maneppagol - PeerSpot reviewer
Manjunath Maneppagol
Cloud & Application Security at Sixt SE
Nov 29, 2025
Compared to other competitors in the market, the AI-backed capability is the biggest strength of Semgrep.
Read full review
AP
Aman Raj Pandey
Sr. Project Analyst [Cybersecurity] at a consultancy with 10,001+ employees
Jun 21, 2026
The feature is easy to use, saves a lot of time, and is streamlined in nature.
Read full review
reviewer2014131 - PeerSpot reviewer
reviewer2014131
DevSecOps Security Engineer at a manufacturing company with 10,001+ employees
May 31, 2026
Semgrep flourishes with the SAST, secret scanning, and Software Composition Analysis types of scanning.
Read full review
Buyer's Guide
Static Application Security Testing (SAST)
May 2026
Download Free Report
Find out what your peers are saying about Semgrep, SonarSource Sàrl, Snyk and others in Static Application Security Testing (SAST). Updated: May 2026.
DOWNLOAD NOW
900,644 professionals have used our research since 2012.
Francisco Javier Vergara - PeerSpot reviewer
Francisco Javier Vergara
SecOps Engineer at IriusRisk
Mar 20, 2026
The best part of Semgrep is its ease of integration with CI/CD pipelines and how it is a developer-friendly tool.
Read full review
Henry Mwawai - PeerSpot reviewer
Henry Mwawai
Security Consultant | Application Security at Jowatechs
Sep 23, 2024
The most valuable feature is the ability to write our custom rules.
Read full review
 

Semgrep Cons review quotes

Manjunath Maneppagol - PeerSpot reviewer
Manjunath Maneppagol
Cloud & Application Security at Sixt SE
Nov 29, 2025
I have consistently observed that their scan time is an issue; sometimes with their AI-based scanning, when you triage that scan, the scan never completes or finishes, which makes it difficult.
Read full review
AP
Aman Raj Pandey
Sr. Project Analyst [Cybersecurity] at a consultancy with 10,001+ employees
Jun 21, 2026
Semgrep can be improved by making it more user-friendly.
Read full review
reviewer2014131 - PeerSpot reviewer
reviewer2014131
DevSecOps Security Engineer at a manufacturing company with 10,001+ employees
May 31, 2026
I give Semgrep a six out of 10 simply because there are other tools that are better than this out there.
Read full review
Buyer's Guide
Static Application Security Testing (SAST)
May 2026
Download Free Report
Find out what your peers are saying about Semgrep, SonarSource Sàrl, Snyk and others in Static Application Security Testing (SAST). Updated: May 2026.
DOWNLOAD NOW
900,644 professionals have used our research since 2012.
Francisco Javier Vergara - PeerSpot reviewer
Francisco Javier Vergara
SecOps Engineer at IriusRisk
Mar 20, 2026
However, as a tool it is really complex to maintain and to use, and it has a huge price tag.
Read full review
Henry Mwawai - PeerSpot reviewer
Henry Mwawai
Security Consultant | Application Security at Jowatechs
Sep 23, 2024
There should be more information on how to acquire the system, catering to beginners in application security, to make it more user-friendly.
Read full review

Product Categories

Product Categories
Static Application Security Testing (SAST)
Supply Chain Management Software
Software Composition Analysis (SCA)
Static Code Analysis

Popular Comparisons

Popular Comparisons
SonarQube vs Semgrep Logo
SonarQube vs Semgrep
Snyk vs Semgrep Logo
Snyk vs Semgrep
Checkmarx One vs Semgrep Logo
Checkmarx One vs Semgrep
GitLab vs Semgrep Logo
GitLab vs Semgrep
Veracode vs Semgrep Logo
Veracode vs Semgrep
JFrog Xray vs Semgrep Logo
JFrog Xray vs Semgrep
Coverity Static vs Semgrep Logo
Coverity Static vs Semgrep
Black Duck SCA vs Semgrep Logo
Black Duck SCA vs Semgrep
Mend.io vs Semgrep Logo
Mend.io vs Semgrep
OpenText Core Application Security vs Semgrep Logo
OpenText Core Application Security vs Semgrep
OWASP Zap vs Semgrep Logo
OWASP Zap vs Semgrep
Qualys Web Application Scanning vs Semgrep Logo
Qualys Web Application Scanning vs Semgrep
Aikido Security vs Semgrep Logo
Aikido Security vs Semgrep
Klocwork vs Semgrep Logo
Klocwork vs Semgrep
OpenText Static Application Security Testing vs Semgrep Logo
OpenText Static Application Security Testing vs Semgrep
See all alternatives

Product Categories

Product Categories
Static Application Security Testing (SAST)
Supply Chain Management Software
Software Composition Analysis (SCA)
Static Code Analysis

Popular Comparisons

Popular Comparisons
SonarQube vs Semgrep Logo
SonarQube vs Semgrep
Snyk vs Semgrep Logo
Snyk vs Semgrep
Checkmarx One vs Semgrep Logo
Checkmarx One vs Semgrep
GitLab vs Semgrep Logo
GitLab vs Semgrep
Veracode vs Semgrep Logo
Veracode vs Semgrep
JFrog Xray vs Semgrep Logo
JFrog Xray vs Semgrep
Coverity Static vs Semgrep Logo
Coverity Static vs Semgrep
Black Duck SCA vs Semgrep Logo
Black Duck SCA vs Semgrep
Mend.io vs Semgrep Logo
Mend.io vs Semgrep
OpenText Core Application Security vs Semgrep Logo
OpenText Core Application Security vs Semgrep
OWASP Zap vs Semgrep Logo
OWASP Zap vs Semgrep
Qualys Web Application Scanning vs Semgrep Logo
Qualys Web Application Scanning vs Semgrep
Aikido Security vs Semgrep Logo
Aikido Security vs Semgrep
Klocwork vs Semgrep Logo
Klocwork vs Semgrep
OpenText Static Application Security Testing vs Semgrep Logo
OpenText Static Application Security Testing vs Semgrep
See all alternatives
Related questions
  • 325
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 61
Which is the most comprehensive open source Web Security Testing tool?
  • 88
What is the best Application Security Testing platform?
  • 82
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 123
SAST vs. DAST: Which is better for application security testing?
  • 100
What tools do you rely on for building a DevSecOps pipeline?
  • 190
What does the Log4j/Log4Shell vulnerability mean for your company?
  • 127
Checkmarx or Veracode. Which should we choose?
  • 246
What are your recommended automated penetration testing tools?
  • 101
What are the OWASP top 10 in 2020?