Try our new research platform with insights from 80,000+ expert users
Semgrep Logo

Semgrep Reviews

Vendor: Semgrep
4.0 out of 5
Leave a review

What is Semgrep?

Semgrep is an advanced static analysis tool designed to identify vulnerabilities and enforce coding standards, catering primarily to professionals with a focus on enhancing code security and quality.

Get the Static Application Security Testing (SAST) Buyer's Guide and find out what your peers are saying about Semgrep, SonarQube Server (formerly SonarQube), GitLab and more!
Semgrep is the #4 ranked solution in top Supply Chain Management Software, #8 ranked solution in top Static Code Analysis solutions, #11 ranked solution in top Software Composition Analysis (SCA) solutions, and #24 ranked solution in AST tools. PeerSpot users give Semgrep an average rating of 8.0 out of 10. Semgrep is most commonly compared to SonarQube Server (formerly SonarQube): Semgrep vs SonarQube Server (formerly SonarQube). Semgrep is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.
Buyer's Guide
Static Application Security Testing (SAST)
September 2025
Get the category report
Helped 868,787 peers since 2012

Semgrep mindshare

Product category:
Static Application Security Testing (...
As of October 2025, the mindshare of Semgrep in the Static Application Security Testing (SAST) category stands at 3.0%, up from 0.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Semgrep3.0%
SonarQube Server (formerly SonarQube)19.7%
Checkmarx One10.0%
Other67.3%
Static Application Security Testing (SAST)
 
 
Key learnings from peers

Valuable Features

  • "The most valuable feature is the ability to write our custom rules."

Room for Improvement

  • "There should be more information on how to acquire the system, catering to beginners in application security, to make it more user-friendly."
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Static Application Security Testing (SAST) Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Financial Services Firm
18%
Manufacturing Company
13%
Computer Software Company
11%
Comms Service Provider
5%
Retailer
4%
University
4%
Government
4%
Media Company
4%
Healthcare Company
4%
Outsourcing Company
3%
Legal Firm
3%
Educational Organization
3%
Insurance Company
3%
Energy/Utilities Company
2%
Construction Company
2%
Pharma/Biotech Company
2%
Hospitality Company
2%
Non Profit
2%
Recreational Facilities/Services Company
2%
Real Estate/Law Firm
1%
Performing Arts
1%
Consumer Goods Company
1%
Wholesaler/Distributor
1%
Aerospace/Defense Firm
1%
Transportation Company
1%

Compare Semgrep with alternative products

Go!

Learn more about Semgrep

Engineered for software development environments, Semgrep delivers efficient security feedback with minimal setup. By offering a rich collection of rule sets, it allows customization and integration into CI/CD pipelines, supporting continuous code examination. Semgrep not only uncovers hidden flaws but also enforces best practices, making it a valuable asset for development teams seeking to build secure and reliable software.

What are the most important features of Semgrep?
  • Customizable Rules: Allows users to define specific rules to match unique coding requirements.
  • Open Rule Repository: Provides access to a vast array of pre-defined rules covering common security issues.
  • CI/CD Integration: Seamlessly integrates into development workflows, providing immediate feedback.
  • Multi-language Support: Detects issues across different programming languages, enhancing its usability.
What benefits or ROI should users consider?
  • Enhanced Security Posture: Elevates the security standards of codebases.
  • Time Efficiency: Reduces time spent on manual code reviews.
  • Adaptability: Easily adapts to evolving coding standards and practices.
  • Cost-effectiveness: Minimizes the need for external security audits.

In industry applications, Semgrep is a popular choice for sectors such as finance and healthcare, where code integrity and security are paramount. Its integration capabilities allow for effective oversight of compliance and secure coding standards without disrupting existing workflows. This adaptability ensures it meets sector-specific requirements, making it a trusted tool in fields where data privacy and protection are critical.

Semgrep was previously known as Semgrep Code, Semgrep Supply Chain, Semgrep AppSec Platform.

Semgrep customers

Policygenius, Tide, Lyft, Thinkific, FloQast, Vanta, and Fareportal

Related questions

  • 10
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 14
Which is the most comprehensive open source Web Security Testing tool?
  • 51
What is the best Application Security Testing platform?
  • 9
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 23
SAST vs. DAST: Which is better for application security testing?
  • 32
What tools do you rely on for building a DevSecOps pipeline?
  • 38
What does the Log4j/Log4Shell vulnerability mean for your company?
  • 37
Checkmarx or Veracode. Which should we choose?
  • 65
What are your recommended automated penetration testing tools?
  • 22
What are the OWASP top 10 in 2020?

Product Categories

Product Categories
Static Application Security Testing (SAST)
Supply Chain Management Software
Software Composition Analysis (SCA)
Static Code Analysis

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Semgrep Logo
SonarQube Server (formerly SonarQube) vs Semgrep
GitLab vs Semgrep Logo
GitLab vs Semgrep
Snyk vs Semgrep Logo
Snyk vs Semgrep
Checkmarx One vs Semgrep Logo
Checkmarx One vs Semgrep
Veracode vs Semgrep Logo
Veracode vs Semgrep
Coverity Static vs Semgrep Logo
Coverity Static vs Semgrep
Black Duck SCA vs Semgrep Logo
Black Duck SCA vs Semgrep
Mend.io vs Semgrep Logo
Mend.io vs Semgrep
JFrog Xray vs Semgrep Logo
JFrog Xray vs Semgrep
OpenText Core Application Security vs Semgrep Logo
OpenText Core Application Security vs Semgrep
OWASP Zap vs Semgrep Logo
OWASP Zap vs Semgrep
SonarQube Cloud (formerly SonarCloud) vs Semgrep Logo
SonarQube Cloud (formerly SonarCloud) vs Semgrep
OpenText Static Application Security Testing vs Semgrep Logo
OpenText Static Application Security Testing vs Semgrep
Klocwork vs Semgrep Logo
Klocwork vs Semgrep
CodeSonar vs Semgrep Logo
CodeSonar vs Semgrep
See all alternatives
 
Semgrep Reviews Summary
Author infoRatingReview Summary
Security Consultant | Application Security at Jowatechs4.0We use Semgrep to check custom user pipelines for vulnerabilities, benefiting from its ability to write custom rules. It improves our development speed and cost efficiency, although more beginner-friendly information is needed. We didn't switch from another product.