# Best Secure Code Review Software *By [Adam Crivello](https://research.g2.com/insights/author/adam-crivello)* Secure code review software enables either automated or manual code examination to seek out vulnerabilities and security risks. These solutions are similar to [peer code review software](https://www.g2.com/categories/peer-code-review), but they are specifically focused on ensuring security best practices as opposed to general coding best practices, and some solutions execute automated code review rather than enabling peer review. Manual secure code review software allows multiple developers to view and comment on changes to code so that the code’s author can remediate any security issues. Automated secure code review software takes the place of a human peer, scanning for noncompliant code and leaving remediation suggestions for the author. This software helps DevSecOps teams to shift the onus of secure software onto developers, allowing teams to remediate security issues earlier in the continuous delivery process. In doing so, teams can better achieve secure code as the default, rather than risk deploying vulnerable software. To qualify for inclusion in the Secure Code Review category, a product must: - Scan an author’s code or allow other developers to view it - Automatically leave comments on specific code, or allow other developers to do the same - Explicitly focus on code security - Send messages when requests for code review happen or code review comments are submitted ## Category Overview **Total Products under this Category:** 69 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 5,000+ Authentic Reviews - 69+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Secure Code Review Software At A Glance - **Leader:** [GitHub](https://www.g2.com/products/github/reviews) - **Highest Performer:** [OX Security](https://www.g2.com/products/ox-security/reviews) - **Easiest to Use:** [GitHub](https://www.g2.com/products/github/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [GitHub](https://www.g2.com/products/github/reviews) --- **Sponsored** ### Endor Labs Endor Labs helps you build and ship secure software fast, whether it's written by humans and AI. While conventional code scanning tools drown teams in false positives, Endor Labs zeroes in on real risks, empowering developers without slowing them down. Trusted by OpenAI, Snowflake, Peloton, Robinhood, Dropbox, Rubrik, and more, Endor Labs is transforming AppSec. • 92% less alerts: Unify code scanning (SAST, SCA, container, secrets, malware, AI models) and automate security code reviews with AI. Pinpoint real vulnerabilities with function-level reachability, filtering out unreachable risks and letting developers fix what matters as they code. • 6X faster fixes: Skip the guesswork. Endor Labs guides developers towards safe OSS upgrades, and backports fixes for hard-to-update libraries. • Guardrails for AI coding assistants: Endor Labs natively integrates into AI coding assistants to help them produce code securely by default. Additionally, Endor Labs has built multiple agents to review the AI and human generated code for architecture and business-logic issues. • Compliance, streamlined: FedRAMP, PCI, NIST, and SLSA compliance is simplified with artifact signing, SBOM, VEX, and more—accelerating your path to secure, compliant code. Learn more at: www.endorlabs.com/demo-request [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=paid_promo&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2639&secure%5Bmedium%5D=sponsored&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1317430&secure%5Bresource_id%5D=2639&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fsecure-code-review&secure%5Btoken%5D=3ea5b6e72698590d618f3bca82129b9680d6bd1e94b08c799e70408c4e1a7694&secure%5Burl%5D=https%3A%2F%2Fwww.endorlabs.com%2Fplatform&secure%5Burl_type%5D=paid_promos) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [GitHub](https://www.g2.com/products/github/reviews) GitHub is where the world builds software. Millions of individuals, organizations and businesses around the world use GitHub to discover, share, and contribute software. Developers at startups to Fortune 50 companies use GitHub, every step of the way. **Average Rating:** 4.7/5.0 **Total Reviews:** 2,268 **User Satisfaction Scores:** - **Quality of Support:** 8.7/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.0/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [GitHub](https://www.g2.com/sellers/github) - **Year Founded:** 2008 - **HQ Location:** San Francisco, CA - **Twitter:** @github (2,642,101 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1418841/ (6,106 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer, Senior Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 46% Small-Business, 31% Mid-Market #### Pros & Cons **Pros:** - Features (123 reviews) - Ease of Use (110 reviews) - Team Collaboration (108 reviews) - Collaboration (106 reviews) - Version Control (102 reviews) **Cons:** - Complexity (46 reviews) - Learning Curve (44 reviews) - Difficulty for Beginners (42 reviews) - Learning Difficulty (40 reviews) - Difficult Learning (35 reviews) ### 2. [Aikido Security](https://www.g2.com/products/aikido-security/reviews) Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. **Average Rating:** 4.6/5.0 **Total Reviews:** 141 **User Satisfaction Scores:** - **Quality of Support:** 9.3/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.5/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security) - **Company Website:** https://aikido.dev - **Year Founded:** 2022 - **HQ Location:** Ghent, Belgium - **Twitter:** @AikidoSecurity (6,430 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (175 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, Founder - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 70% Small-Business, 18% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (78 reviews) - Security (55 reviews) - Features (52 reviews) - Easy Integrations (47 reviews) - Easy Setup (47 reviews) **Cons:** - Missing Features (19 reviews) - Expensive (17 reviews) - Limited Features (16 reviews) - Pricing Issues (15 reviews) - Lacking Features (14 reviews) ### 3. [GitGuardian](https://www.g2.com/products/gitguardian/reviews) GitGuardian is an end-to-end NHI security platform designed to help organizations strengthen their Non-Human Identity (NHI) security posture and address compliance standards and regulations. As attackers increasingly target NHIs, such as service accounts, service principals, and applications, protecting and managing these critical assets has become paramount. NHIs rely on “secrets” like API keys and certificates for authentication, and their rapid proliferation has led to significant secrets sprawl. GitGuardian’s platform is built on two core pillars: Secrets Security and NHI Governance, delivering a holistic approach to NHI security. With Secrets Security, GitGuardian aims to eliminate leaks and sprawl, detecting compromised or misused secrets across both public and internal environments. This foundation of NHI security is strengthened by monitoring for incidents, policy violations, and illegitimate use of secrets. GitGuardian offers three powerful products under its Secrets Security umbrella. GitGuardian’s Secrets Detection tackles internal secrets sprawl by identifying sensitive data in source code and developer productivity tools. The platform supports over 420 types of secrets, including API keys, private keys, and database credentials. With a robust policy engine, security teams can enforce rules across major version control systems (VCSs) like GitHub, GitLab, BitBucket, and Azure DevOps, CI/CD tools such as Jenkins, Travis CI as well as tools like Slack, Jira, container registries, and more. GitGuardian Public Monitoring scans public GitHub repositories, detecting sensitive information in both organizational and developers' public personal repos. This is crucial, as 80% of corporate secrets leaked on public GitHub stem from personal accounts. GitGuardian Honeytoken deploys decoy secrets that lure attackers looking for active secrets across your assets. Any unauthorized access attempts will trigger immediate alerts, enabling rapid detection and response during the software development lifecycle. With NHI Governance, GitGuardian offers a centralized inventory of secrets, tracking their context and usage. This enables teams to detect high-risk secrets, manage their rotation, and leverage analytics to enhance the overall NHI security posture. Together, Secrets Security and NHI Governance work symmetrically: one track focuses on detecting compromised secrets, while the other manages legitimate usages of secrets and their lifecycle. Trusted by over 600,000 developers and recognized as the top security app on GitHub Marketplace, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF, and Bouygues Telecom, ensuring robust protection for their sensitive secrets. **Average Rating:** 4.8/5.0 **Total Reviews:** 255 **User Satisfaction Scores:** - **Quality of Support:** 9.2/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.5/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [GitGuardian](https://www.g2.com/sellers/gitguardian-c1eb71ef-0ed6-4024-9679-56d9bee1fe3e) - **Company Website:** https://www.gitguardian.com/ - **Year Founded:** 2017 - **HQ Location:** Paris, Île-de-France - **Twitter:** @GitGuardian (6,057 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/gitguardian (176 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer, Software Developer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 84% Small-Business, 12% Mid-Market #### Pros & Cons **Pros:** - Alert Notifications (18 reviews) - Security (17 reviews) - Vulnerability Detection (11 reviews) - Git Integration (9 reviews) - Accuracy (8 reviews) **Cons:** - False Positives (12 reviews) - Inefficient Notifications (4 reviews) - Limited Customization (3 reviews) - Confusing Interface (2 reviews) - Difficulty for Beginners (2 reviews) ### 4. [GitLab](https://www.g2.com/products/gitlab/reviews) GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace **Average Rating:** 4.5/5.0 **Total Reviews:** 872 **User Satisfaction Scores:** - **Quality of Support:** 8.5/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.6/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [GitLab Inc.](https://www.g2.com/sellers/gitlab-inc) - **Company Website:** https://about.gitlab.com/ - **Year Founded:** 2014 - **HQ Location:** San Francisco, California - **Twitter:** @gitlab (170,869 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5101804/ (3,357 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer, Senior Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 37% Mid-Market, 37% Small-Business #### Pros & Cons **Pros:** - Ease of Use (43 reviews) - Features (42 reviews) - CI (36 reviews) - CD Integration (34 reviews) - Integrations (34 reviews) **Cons:** - Complexity (21 reviews) - Difficult Learning (19 reviews) - Confusing Interface (16 reviews) - Complex User Interface (15 reviews) - Learning Curve (13 reviews) ### 5. [Check Point CloudGuard CNAPP](https://www.g2.com/products/check-point-cloudguard-cnapp/reviews) CloudGuard CNAPP provides you with more context to drive actionable security and smarter prevention, from code-to-cloud, across the application lifecycle. CloudGuard’s prevention-first approach protects applications and workloads throughout the software development lifecycle, and includes an effective risk management engine, with automated remediation prioritization, to allow users to focus on the security risks that matter. With CloudGuard's unified & modular platform , customers receive: Enhanced Cloud Security Posture Management Deep Workload Security Visibility at Scale with No Agents Enforcement of Least Privilege with Cloud Infrastructure Entitlement Management (CIEM) Runtime Protection for Cloud Workloads (CWPP) Context-Based Web Application and API Protection (WAF) Shift CNAPP Left to Secure Applications in the CI/CD Pipeline Context Graph Visualization & Cloud Detection and Response For more information on CloudGuard CNAPP, visit https://www.checkpoint.com/cloudguard/cnapp/ **Average Rating:** 4.5/5.0 **Total Reviews:** 168 **User Satisfaction Scores:** - **Quality of Support:** 8.6/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.9/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Check Point Software Technologies](https://www.g2.com/sellers/check-point-software-technologies) - **Year Founded:** 1993 - **HQ Location:** Redwood City, CA - **Twitter:** @CheckPointSW (70,998 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/check-point-software-technologies/ (8,356 employees on LinkedIn®) - **Ownership:** NASDAQ:CHKP **Reviewer Demographics:** - **Who Uses This:** Security Engineer, Software Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 48% Enterprise, 37% Mid-Market #### Pros & Cons **Pros:** - Security (45 reviews) - Cloud Security (35 reviews) - Ease of Use (30 reviews) - Cloud Integration (29 reviews) - Comprehensive Security (29 reviews) **Cons:** - Improvement Needed (13 reviews) - Complexity (12 reviews) - Difficult Setup (10 reviews) - Integration Issues (10 reviews) - Poor Customer Support (10 reviews) ### 6. [SonarQube](https://www.g2.com/products/sonarqube/reviews) Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company. **Average Rating:** 4.4/5.0 **Total Reviews:** 138 **User Satisfaction Scores:** - **Quality of Support:** 8.1/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.1/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [SonarSource Sàrl](https://www.g2.com/sellers/sonarsource-sarl) - **Company Website:** https://www.sonarsource.com - **Year Founded:** 2008 - **HQ Location:** Geneva, Switzerland - **Twitter:** @SonarSource (10,935 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/sonarsource/ (929 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer, DevOps Engineer - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 42% Enterprise, 39% Mid-Market #### Pros & Cons **Pros:** - Code Quality (24 reviews) - Features (20 reviews) - Issue Identification (19 reviews) - Ease of Use (18 reviews) - Easy Integrations (18 reviews) **Cons:** - Software Bugs (12 reviews) - Complex Configuration (10 reviews) - False Positives (10 reviews) - Complexity (8 reviews) - Complex Setup (8 reviews) ### 7. [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) Microsoft Defender for Cloud is a cloud native application protection platform for multicloud and hybrid environments with comprehensive security across the full lifecycle, from development to runtime. **Average Rating:** 4.4/5.0 **Total Reviews:** 279 **User Satisfaction Scores:** - **Quality of Support:** 8.6/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.5/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.6/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft) - **Year Founded:** 1975 - **HQ Location:** Redmond, Washington - **Twitter:** @microsoft (13,114,353 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®) - **Ownership:** MSFT **Reviewer Demographics:** - **Who Uses This:** Saas Consultant, Software Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 39% Mid-Market, 35% Enterprise #### Pros & Cons **Pros:** - Security (121 reviews) - Comprehensive Security (92 reviews) - Cloud Security (71 reviews) - Vulnerability Detection (63 reviews) - Threat Detection (57 reviews) **Cons:** - Complexity (27 reviews) - Expensive (24 reviews) - Delayed Detection (22 reviews) - False Positives (19 reviews) - Improvement Needed (19 reviews) ### 8. [Coverity](https://www.g2.com/products/coverity/reviews) Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards. **Average Rating:** 4.2/5.0 **Total Reviews:** 55 **User Satisfaction Scores:** - **Quality of Support:** 8.6/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.1/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.2/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Synopsys](https://www.g2.com/sellers/synopsys-53e76f66-bf39-4c28-b0f2-97178ec8ddfd) - **Year Founded:** 1986 - **HQ Location:** Mountain View, CA - **Twitter:** @synopsys (24,264 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2457/ (28,121 employees on LinkedIn®) - **Ownership:** NASDAQ:SNPS **Reviewer Demographics:** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 65% Enterprise, 27% Mid-Market ### 9. [OX Security](https://www.g2.com/products/ox-security/reviews) OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform. Unlike traditional “Shift Left” approaches that collapsed under AI’s speed, VibeSec makes software secure by default by preventing risks before they exist. Powered by the OX AI Data Lake and dynamic code-to-runtime context, OX Security delivers: Autonomous, embedded security that runs as fast as developers. Dynamic risk context that shrinks security backlogs before they spiral. Continuous alignment across code, cloud, APIs, and runtime. With OX, developers focus on building while security runs itself, giving enterprises complete confidence that every release ships secure. OX Security -Vendor desc (request to update): OX Security is the company behind VibeSec, an AI-native autonomous security platform built for the AI development era. Unlike traditional tools that chase vulnerabilities after code is written, VibeSec embeds dynamic security context directly into AI coding environments like Cursor and Copilot. The result: every line of code is secure by default. For the first time, security moves at the speed of AI-driven development, preventing vulnerabilities before they exist, shrinking backlogs with every commit, and making security a seamless part of the development flow. **Average Rating:** 4.8/5.0 **Total Reviews:** 51 **User Satisfaction Scores:** - **Quality of Support:** 9.6/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.0/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [OX Security](https://www.g2.com/sellers/ox-security) - **Year Founded:** 2021 - **HQ Location:** New York, USA - **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (184 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 63% Mid-Market, 25% Enterprise #### Pros & Cons **Pros:** - Features (27 reviews) - Ease of Use (23 reviews) - Customer Support (22 reviews) - Integration Support (22 reviews) - Security (22 reviews) **Cons:** - Integration Issues (8 reviews) - Missing Features (8 reviews) - Complexity (5 reviews) - Inadequate Reporting (5 reviews) - Limited Cloud Integration (5 reviews) ### 10. [Checkmarx](https://www.g2.com/products/checkmarx/reviews) Checkmarx is a type of application security solution designed to help organizations safeguard their software development processes while enhancing efficiency and reducing costs. The Checkmarx One platform stands out in the realm of enterprise-grade security, offering comprehensive protection that addresses the complexities of modern software development, including legacy systems and AI-generated code. By scanning trillions of lines of code annually, Checkmarx enables companies to significantly lower their vulnerability density, ensuring a robust defense against potential threats. The platform is particularly beneficial for software development teams, security professionals, and organizations that prioritize secure coding practices. With the increasing reliance on AI technologies and the rapid pace of software development, Checkmarx One provides essential tools to mitigate risks associated with both traditional and emerging programming languages. Its innovative architecture, powered by autonomous security agents and AI-native intelligence, allows organizations to integrate security seamlessly into their development workflows, thereby accelerating development velocity without compromising on safety. Key features of Checkmarx One include Triage Assist, which employs an autonomous AI agent to prioritize vulnerabilities based on real-world exploitability and contextual risk. This feature empowers teams to concentrate their efforts on the most critical issues rather than getting bogged down by static severity scores. Additionally, Remediation Assist generates review-ready fixes for validated vulnerabilities prior to code merges, streamlining the secure delivery process and minimizing the manual overhead typically associated with remediation tasks. Developer Assist is another notable feature, acting as a standalone security agent that identifies risks during the coding process. By providing safe, explainable, and verified fixes directly within the integrated development environment (IDE), it supports developers in maintaining a stable and rapid development pace. Furthermore, the platform includes AI Supply Chain Security, which offers centralized governance and visibility for AI components embedded in applications, ensuring that hidden AI assets are discovered and managed effectively. Lastly, Checkmarx One incorporates advanced analysis engines such as AI SAST and DAST for AI, which enhance security measures across various environments. The AI SAST feature expands detection capabilities to cover emerging and unsupported programming languages, while the DAST for AI strengthens runtime protection in continuous integration and deployment (CI/CD) settings. Together, these features position Checkmarx One as a comprehensive solution for organizations looking to fortify their software development lifecycle against evolving threats. **Average Rating:** 4.2/5.0 **Total Reviews:** 32 **User Satisfaction Scores:** - **Quality of Support:** 8.3/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.9/10) - **Ease of Setup:** 7.7/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Checkmarx](https://www.g2.com/sellers/checkmarx) - **Company Website:** https://www.checkmarx.com - **Year Founded:** 2006 - **HQ Location:** Paramus, NJ - **Twitter:** @Checkmarx (7,266 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/checkmarx (997 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 58% Enterprise, 25% Mid-Market #### Pros & Cons **Pros:** - Implementation Ease (2 reviews) - User Interface (2 reviews) - Accuracy of Results (1 reviews) - Automation Testing (1 reviews) - Customer Support (1 reviews) **Cons:** - False Positives (1 reviews) - Lacking Features (1 reviews) - Missing Features (1 reviews) - Poor Navigation (1 reviews) ### 11. [Semgrep](https://www.g2.com/products/semgrep/reviews) Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments. **Average Rating:** 4.6/5.0 **Total Reviews:** 55 **User Satisfaction Scores:** - **Quality of Support:** 8.8/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.4/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Semgrep](https://www.g2.com/sellers/semgrep) - **Company Website:** https://semgrep.dev - **Year Founded:** 2017 - **HQ Location:** San Francisco, US - **Twitter:** @semgrep (4,299 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/returntocorp (238 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 45% Enterprise, 42% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (16 reviews) - Features (14 reviews) - Vulnerability Detection (13 reviews) - Scanning Efficiency (12 reviews) - Security (12 reviews) **Cons:** - Not User-Friendly (7 reviews) - Limited Features (6 reviews) - Difficult Learning (5 reviews) - Lack of Guidance (5 reviews) - Learning Curve (5 reviews) ### 12. [DryRun Security](https://www.g2.com/products/dryrun-security/reviews) Security leaders face a paradox: ship faster and enable agentic development while staying secure and keeping developers productive. DryRun Security resolves this by securing every pull request and repo with a high-precision, automated security engineer review right where developers and their agents build. DryRun Security is the industry’s most accurate agentic code security intelligence platform. Powered by its proprietary Contextual Security Analysis (CSA) engine, DryRun Security delivers the AI moment for security teams in an AI-native developer world. Traditional static application security testing (SAST) floods teams with alerts, misses higher-order risk, and burns time in triage. DryRun Security goes beyond SAST with contextual analysis that prioritizes what is exploitable and impactful in your codebase, then helps engineers remediate fast. Instead of “find everything and hope someone sorts it out,” DryRun Security delivers code security intelligence that is ready to act on. DryRun Security puts a security engineer directly into developer workflows. In pull requests, the Code Review Agent reviews changes in context, explains risk in plain language, and guides fixes where developers already work. In repos, the DeepScan Agent produces focused, human-grade findings for the issues that actually matter, without weeks of manual review before major milestones. The Custom Policy Agent enforces guardrails with Natural Language Code Policies, so you can standardize security and compliance requirements across teams without brittle rule sets. Codebase Insights allows leaders to ask questions of their entire codebase like "Are we exposed to this new vulnerability" and have confidence in minutes. DryRun Security also integrates with AI coding workflows, so remediation happens with the precision of a security engineer working at machine speed. Teams connect DryRun Security insights and guidance into Claude, Cursor, OpenAI Codex, and Windsurf, helping developers and their agents fix issues with contextual, security-engineered direction tied to the PR and codebase. What DryRun Security delivers (beyond SAST) • Automated secure code review in every pull request with high-signal findings and low noise • Contextual Security Analysis that catches common vulnerabilities and deeper multi-dependency and logic risks • Automated remediation guidance that helps engineers fix faster, with explanations and next steps • Secrets analysis identifies genuine hardcoded secrets and suppresses the usual false alarms • Policy enforcement in PRs using Natural Language Code Policies for consistent guardrails across repos • Codebase intelligence and reporting for AppSec visibility, prioritization, and audit-ready evidence DryRun Security supports most code environments, languages, and frameworks, including: • GitHub, GitLab • C#, Golang, Elixir, JavaScript, TypeScript, Python, Ruby, Java, Kotlin, PHP, Swift, HTML • Infrastructure as Code (Terraform, YAML) • And more **Average Rating:** 4.9/5.0 **Total Reviews:** 19 **User Satisfaction Scores:** - **Quality of Support:** 10.0/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 8.9/10) - **Ease of Setup:** 10.0/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [DryRun Security](https://www.g2.com/sellers/dryrun-security) - **Year Founded:** 2023 - **HQ Location:** Austin, US - **LinkedIn® Page:** https://www.linkedin.com/company/dryrun-security/ (19 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 42% Small-Business, 26% Mid-Market #### Pros & Cons **Pros:** - Security (13 reviews) - Vulnerability Detection (9 reviews) - Features (8 reviews) - Accuracy (7 reviews) - Easy Setup (7 reviews) **Cons:** - Slow Performance (2 reviews) - Slow Speed (2 reviews) - UX Improvement (2 reviews) - Limited Customization (1 reviews) - Workflow Issues (1 reviews) ### 13. [Jit](https://www.g2.com/products/jit/reviews) Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit's AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit's platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​ **Average Rating:** 4.5/5.0 **Total Reviews:** 43 **User Satisfaction Scores:** - **Quality of Support:** 9.3/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.2/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [jit](https://www.g2.com/sellers/jit) - **Year Founded:** 2021 - **HQ Location:** Boston, MA - **Twitter:** @jit_io (523 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (151 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 44% Mid-Market, 42% Small-Business #### Pros & Cons **Pros:** - Security (10 reviews) - Easy Integrations (8 reviews) - Ease of Use (7 reviews) - Efficiency (7 reviews) - Integration Support (7 reviews) **Cons:** - Integration Issues (4 reviews) - Limited Features (4 reviews) - Limited Integration (4 reviews) - Poor Documentation (4 reviews) - Complexity (3 reviews) ### 14. [Kiuwan Code Security & Insights](https://www.g2.com/products/kiuwan-code-security-insights/reviews) Fast, Flexible Code Security! Kiuwan is a robust, end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify and remediate vulnerabilities. By integrating seamlessly into your CI/CD pipeline, Kiuwan enables early detection and remediation of security issues. Kiuwan supports strict compliance with industry standards including OWASP, CWE, MISRA, NIST, PCI DSS, and CERT, among others. Top features: ✅ Extensive language support: Over 30 programming languages. ✅ Detailed action plans: Prioritize remediation with tailored action plans. ✅ Code Security: Seamless Static Application Security Testing (SAST) integration. ✅ Insights: On-demand or continuous scanning Software Composition Analysis (SCA) to help reduce third-party threats. ✅ One-click Software Bill of Materials (SBOM) generation. Kiuwan is now part of Sembi - a global portfolio of market-leading software brands focused on software quality, security, and developer productivity. Code Smarter. Secure Faster. Ship Sooner **Average Rating:** 4.5/5.0 **Total Reviews:** 29 **User Satisfaction Scores:** - **Quality of Support:** 8.9/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.0/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Kiuwan](https://www.g2.com/sellers/kiuwan) - **Year Founded:** 2012 - **HQ Location:** Houston, TX - **Twitter:** @Kiuwan (3,357 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/981904/ (27 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Banking - **Company Size:** 41% Enterprise, 35% Mid-Market #### Pros & Cons **Pros:** - Accuracy (2 reviews) - Accuracy of Findings (2 reviews) - Customer Support (2 reviews) - Ease of Use (2 reviews) - Automation Testing (1 reviews) ### 15. [Qodo](https://www.g2.com/products/qodo/reviews) Qodo is the AI Code Review Platform that helps development teams maintain code quality as AI accelerates development velocity. Qodo works across IDEs, Git platforms, and CLI to catch bugs earlier, enforce standards automatically, and scale review processes to match faster coding output. Qodo combines deep codebase understanding with agentic review agents to validate code logic, detect architectural drift, prevent security issues, and ensure compliance before merge. Qodo goes beyond pattern matching or static AI reviews by combining contextual reasoning, test validation, and code understanding to deliver feedback that aligns with your project’s unique architecture and standards. Key capabilities include automated pull request review with agentic code suggestions, local code review in your IDE, custom rules enforcement, test generation for code changes, and multi-repo codebase indexing. **Average Rating:** 4.8/5.0 **Total Reviews:** 61 **User Satisfaction Scores:** - **Quality of Support:** 9.0/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.4/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [CodiumAI](https://www.g2.com/sellers/codiumai) - **Year Founded:** 2022 - **HQ Location:** Tel Aviv, IL - **Twitter:** @CodiumAI (105 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/codiumai/ (120 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 55% Small-Business, 24% Enterprise #### Pros & Cons **Pros:** - Ease of Use (16 reviews) - Functionality (11 reviews) - Time-saving (11 reviews) - Helpful (9 reviews) - Automation (7 reviews) **Cons:** - Slow Performance (4 reviews) - Learning Curve (3 reviews) - Testing Issues (3 reviews) - Bug Issues (2 reviews) - Poor UI Design (2 reviews) ### 16. [CodeScene](https://www.g2.com/products/codescene/reviews) CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality. We enable software development teams to make confident, data-driven decisions that fuel performance and developer productivity. CodeScene guides developers and technical leaders to: - Get a holistic overview and evolution of your software system in one single dashboard. - Identify, prioritize, and tackle technical debt based on return on investment. - Maintain a healthy codebase with powerful CodeHealth™ Metrics, spend less time on rework and more time on innovation. - Seamlessly integrate with Pull Requests and editors, get actionable code reviews and refactoring recommendations. - Set Improvement goals and quality gates for teams to work towards while monitoring the progress. - Support retrospectives by identifying areas for improvement. - Benchmark performance against personalized trends. - Understand the social side of the code, measure socio-technical factors like key personnel dependencies, knowledge sharing and inter-team coordination. - Put findings into context based on how your organization and your code evolves. Supporting 28+ programming languages, CodeScene offers an automated integration with GitHub, BitBucket, Azure DevOps or GitLab pull requests to incorporate the analysis results into existing delivery workflows. Get early warnings and recommendations about complex code before merging it to the main branch, set quality gates to trigger in case your code health declines. **Average Rating:** 4.6/5.0 **Total Reviews:** 39 **User Satisfaction Scores:** - **Quality of Support:** 9.1/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.2/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [CodeScene AB](https://www.g2.com/sellers/codescene-ab) - **Company Website:** https://www.codescene.com - **Year Founded:** 2015 - **HQ Location:** Malmö, SE - **Twitter:** @codescene (1,231 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/codescene/ (33 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software - **Company Size:** 41% Mid-Market, 36% Small-Business #### Pros & Cons **Pros:** - Features (8 reviews) - Issue Identification (7 reviews) - Code Quality (6 reviews) - Customer Support (5 reviews) - Improvement (5 reviews) **Cons:** - Integration Issues (4 reviews) - Difficult Learning (3 reviews) - Difficulty for Beginners (3 reviews) - Learning Difficulty (3 reviews) - Difficult Configuration (2 reviews) ### 17. [Bito](https://www.g2.com/products/bito/reviews) Bito's AI Architect is the context layer that powers your entire engineering workflow so every agent reasons like your best architect. Engineering teams run on context that sits across codebases, Jira tickets, Confluence docs, Slack threads, and a handful of senior engineers. Fragmented, inaccessible, and impossible to scale. Bito's AI Architect builds a knowledge graph from all of it, mapping services, dependencies, APIs, and operational history across every repository. That context powers every phase of the engineering workflow. Technical design and feasibility analysis in Jira, Linear, and Slack, before anyone writes code. Grounded code generation via MCP in Cursor, Claude Code, and Codex. Codebase aware code reviews in GitHub, GitLab, and Bitbucket. No code stored. No model trained on customer code. SOC 2 Type II certified. **Average Rating:** 4.7/5.0 **Total Reviews:** 16 **User Satisfaction Scores:** - **Quality of Support:** 9.0/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.2/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Bito](https://www.g2.com/sellers/bito) - **Year Founded:** 2021 - **HQ Location:** Menlo Park, Ca - **Twitter:** @BitoHQ (1,235 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bitodev/ (58 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software - **Company Size:** 50% Small-Business, 44% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (12 reviews) - Coding Assistance (7 reviews) - Easy Integrations (4 reviews) - Efficiency (3 reviews) - Features (2 reviews) **Cons:** - Difficult Learning (2 reviews) - Expensive (2 reviews) - Training Required (2 reviews) - Long Responses (1 reviews) - Poor Interface Design (1 reviews) ### 18. [Klocwork](https://www.g2.com/products/klocwork/reviews) Perforce Klocwork is an enterprise grade SAST solution for C, C++, C#, Rust (support coming March 2026), Java, JavaScript, Python, and Kotlin. It helps development teams detect security vulnerabilities, quality issues, and reliability defects early, while supporting compliance with industry and regulatory standards. Klocwork is purpose built to analyze very large, complex codebases and scales to hundreds of millions of lines of code, well beyond the practical limits of many traditional SAST tools. This makes it especially suited for organizations developing long lived, safety critical, or security critical systems. Designed for DevOps and DevSecOps, Klocwork integrates with complex build systems, CI/CD pipelines, cloud and containerized environments, and common developer tools—enabling consistent security and quality enforcement without slowing development. Static Application Security Testing (SAST) Klocwork identifies a wide range of security vulnerabilities, including SQL injection, tainted data flows, buffer overflows, and other insecure coding practices. It also detects bugs and quality issues such as null pointer dereferences, memory and resource leaks, uncaught exceptions, and code smells. The solution supports compliance with internationally recognized standards including CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961. Automated CI/CD integrations make continuous security testing practical even for very large systems. AI Assisted Code Remediation with MCP Klocwork extends static analysis with AI assisted code remediation, designed to help developers resolve findings faster and with greater confidence. Using MCP based capabilities, Klocwork securely exposes rich static analysis context—defect data, rule knowledge, and precise fix guidance—to supported AI code assist tools directly within the IDE. Rather than relying on generic AI suggestions, Klocwork’s remediation feature combines deep static analysis insights with comprehensive documentation and exact fix instructions, enabling AI assistants to propose accurate, context aware corrections for security vulnerabilities, quality defects, and coding standard violations. Fixes are presented as clear diffs and require developer review and approval, making the approach suitable for safety and security critical environments. By integrating remediation into the developer workflow, Klocwork reduces time spent interpreting analysis results, researching fixes, and switching between tools. Developers stay in their IDE, receive guided remediation aligned with secure coding standards and project specific rules, and can immediately re analyze code to validate fixes. This completes the optimal shift left approach—helping teams not only find issues early, but fix them efficiently and consistently. Project Streams and Enterprise Scalability Klocwork’s Project Streams feature simplifies managing shared codebases with multiple variants or branches. A single rule configuration can be applied across streams, issues common to multiple variants stay synchronized, and stream specific findings are clearly identified for reporting and compliance. Developer Focused and Centralized Klocwork integrates directly into popular IDEs to deliver fast, contextual feedback as developers write code. Out of the box compiler support eliminates manual setup, while centralized dashboards provide visibility into trends, risk, and compliance across projects of any size. **Average Rating:** 4.4/5.0 **Total Reviews:** 22 **User Satisfaction Scores:** - **Quality of Support:** 8.5/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.1/10 (Category avg: 8.9/10) - **Ease of Setup:** 7.5/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Perforce](https://www.g2.com/sellers/perforce) - **Year Founded:** 1995 - **HQ Location:** Minneapolis, MN - **Twitter:** @perforce (5,097 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/perforce/ (2,032 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 48% Mid-Market, 35% Small-Business ### 19. [Assembla](https://www.g2.com/products/assembla/reviews) Assembla is the most secure version control and project collaboration platform in the world. We provide secure cloud hosting for Subversion, Perforce and Git repositories with integrated project management for more than 5,500 customers around the globe. Assembla helps development teams meet and even exceed HIPAA, SOC 2, PCI and GDPR compliance standards with our best practice VCS. Embrace agile, meet compliance, and stay innovative while managing all of your projects and source code from a central control point with industry-leading compliance and security. **Average Rating:** 4.1/5.0 **Total Reviews:** 125 **User Satisfaction Scores:** - **Quality of Support:** 8.2/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.6/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Assembla](https://www.g2.com/sellers/assembla) - **Year Founded:** 2005 - **HQ Location:** San Antonio, TX - **Twitter:** @assembla (3,824 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/339775/ (20 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 47% Small-Business, 43% Mid-Market ### 20. [GuardRails](https://www.g2.com/products/guardrails-guardrails/reviews) GuardRails is an end-to-end security platform that makes AppSec easier for both security and development teams. We scan, detect, and provide real-time guidance to fix vulnerabilities early. Trusted by hundreds of teams around the world to build safer apps, GuardRails integrates seamlessly into the developers’ workflow, quietly scans as they code, and shows how to fix security issues on the spot via Just-in-Time training. GuardRails commits to keeping the noise low and only reporting high-impact vulnerabilities that are relevant to your organization. GuardRails helps organizations shift security everywhere and build a strong DevSecOps pipeline, so they can go faster to market without risking security. **Average Rating:** 4.3/5.0 **Total Reviews:** 29 **User Satisfaction Scores:** - **Quality of Support:** 8.5/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 8.9/10) - **Ease of Setup:** 8.5/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [GuardRails](https://www.g2.com/sellers/guardrails) - **Year Founded:** 2017 - **HQ Location:** Singapore, Singapore - **Twitter:** @guardrailsio (1,554 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/13599521 (13 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 52% Small-Business, 48% Mid-Market #### Pros & Cons **Pros:** - Security (13 reviews) - Vulnerability Detection (11 reviews) - Ease of Use (9 reviews) - Error Reduction (9 reviews) - Threat Detection (9 reviews) **Cons:** - Missing Features (4 reviews) - Time Management (3 reviews) - Bug Issues (2 reviews) - Dashboard Issues (2 reviews) - False Positives (2 reviews) ### 21. [DeepSource](https://www.g2.com/products/deepsource/reviews) DeepSource is an all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle. - Guaranteed below 5% false-positive rate with highly accurate and fast static analyzers - Automated issue remediation with Autofix™️ - Code Issue and security reporting: OWASP Top 10, SANS Top 25, Code Coverage, and more - Self-hosted option with one-click installation and upgrades **Average Rating:** 4.6/5.0 **Total Reviews:** 22 **User Satisfaction Scores:** - **Quality of Support:** 9.5/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 8.9/10) - **Ease of Setup:** 10.0/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [DeepSource](https://www.g2.com/sellers/deepsource) - **Year Founded:** 2018 - **HQ Location:** San Francisco, California - **LinkedIn® Page:** https://www.linkedin.com/company/deepsourcelabs/ (19 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software - **Company Size:** 82% Small-Business, 9% Enterprise ### 22. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps. **Average Rating:** 3.8/5.0 **Total Reviews:** 24 **User Satisfaction Scores:** - **Quality of Support:** 8.0/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 8.9/10) - **Ease of Setup:** 5.7/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [VERACODE](https://www.g2.com/sellers/veracode) - **Year Founded:** 2006 - **HQ Location:** Burlington, MA - **Twitter:** @Veracode (21,992 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (505 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 72% Enterprise, 28% Mid-Market #### Pros & Cons **Pros:** - Security (2 reviews) - Vulnerability Detection (2 reviews) - Accuracy of Results (1 reviews) - Automated Scanning (1 reviews) - Code Quality (1 reviews) **Cons:** - Expensive (1 reviews) - Licensing Issues (1 reviews) - Pricing Issues (1 reviews) ### 23. [Amplify](https://www.g2.com/products/amplify-security-amplify/reviews) Amplify is a comprehensive security platform designed to enhance the protection of digital assets for organizations of all sizes. It offers a suite of tools that integrate seamlessly to provide real-time threat detection, proactive risk management, and automated incident response. By leveraging advanced analytics and machine learning, Amplify identifies vulnerabilities and mitigates potential threats before they can impact operations. Its user-friendly interface ensures that security teams can efficiently monitor and manage their security posture, reducing the complexity often associated with cybersecurity solutions. Key Features and Functionality: - Real-Time Threat Detection: Continuously monitors network traffic and system activities to identify and alert on potential security incidents as they occur. - Automated Incident Response: Implements predefined protocols to swiftly address and neutralize threats, minimizing downtime and operational disruption. - Advanced Analytics and Machine Learning: Utilizes sophisticated algorithms to analyze patterns and predict potential vulnerabilities, enhancing proactive defense strategies. - Seamless Integration: Easily integrates with existing IT infrastructure, ensuring a smooth deployment without the need for extensive system overhauls. - User-Friendly Interface: Provides an intuitive dashboard that allows security teams to oversee and manage security operations effectively. Primary Value and Problem Solved: Amplify addresses the critical need for robust cybersecurity by offering a unified platform that simplifies threat detection and response. It empowers organizations to proactively manage risks, ensuring the safety of sensitive data and maintaining business continuity. By automating complex security processes and providing actionable insights, Amplify reduces the burden on IT teams and enhances overall operational efficiency. **Average Rating:** 4.9/5.0 **Total Reviews:** 11 **Seller Details:** - **Seller:** [Amplify Security](https://www.g2.com/sellers/amplify-security) - **Company Website:** https://amplify.security/ - **Year Founded:** 2022 - **HQ Location:** Boise, Idaho - **LinkedIn® Page:** https://www.linkedin.com/company/amplify-security/ (9 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services #### Pros & Cons **Pros:** - Security (6 reviews) - Speed (6 reviews) - Accuracy (4 reviews) - Code Quality (4 reviews) - Ease of Use (3 reviews) **Cons:** - Inadequate Search Functionality (3 reviews) - Missing Features (3 reviews) - Complex Setup (1 reviews) - False Positives (1 reviews) ### 24. [Baz AI Code Review](https://www.g2.com/products/baz-ai-code-review/reviews) Baz AI Code Review is an AI-native code review platform designed to help engineering teams ship higher-quality code faster. Unlike traditional static analysis tools or AI reviewers that focus on style and syntax, Baz performs deep, behavior-aware code analysis to catch real bugs, breaking changes, and contract violations before they reach production. Baz understands how code works, not just how it looks. Deep, behavior-focused code analysis Baz analyzes AST diffs, control flow, APIs, and usage patterns to identify issues that matter in real systems. It detects breaking changes such as renamed or removed APIs, behavioral regressions, unsafe assumptions, and edge cases that are easy to miss during manual reviews. This allows teams to catch production-impacting issues early, without slowing development. Spec-aware reviews tied to real requirements Baz connects code changes directly to product intent. By validating changes against Linear tickets and specifications, Baz ensures that what was implemented matches what was requested. This reduces misalignment between product and engineering, shortens feedback cycles, and prevents incomplete or incorrect implementations from slipping through review. Customizable AI agents for every team Every engineering organization has its own conventions, architecture, and risk profile. Baz allows teams to define custom AI review agents that enforce internal coding standards, security policies, infrastructure rules, and domain-specific best practices. This makes Baz effective across multiple teams and disciplines, including backend, frontend, data engineering, and SRE. Faster reviews without human friction Baz significantly reduces code review time by automating repetitive and high-signal feedback. Because feedback comes from an AI reviewer rather than a teammate, it helps remove interpersonal friction while maintaining consistent standards across teams, locations, and seniority levels. Built for real-world engineering workflows Baz integrates directly into existing change workflows and scales to large, multi-file changes. Teams can tune sensitivity to reduce noise, focus on high-impact issues, and gradually expand coverage as their codebase evolves. **Average Rating:** 4.9/5.0 **Total Reviews:** 9 **User Satisfaction Scores:** - **Quality of Support:** 10.0/10 (Category avg: 9.2/10) - **Ease of Setup:** 10.0/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [Baz](https://www.g2.com/sellers/baz) - **Year Founded:** 2023 - **HQ Location:** Tel Aviv, IL - **LinkedIn® Page:** https://www.linkedin.com/company/bazco (25 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 33% Mid-Market, 11% Small-Business #### Pros & Cons **Pros:** - Code Review (8 reviews) - Features (5 reviews) - Ease of Use (4 reviews) - Accuracy (3 reviews) - Setup Ease (3 reviews) **Cons:** - Inefficient Notifications (2 reviews) - False Positives (1 reviews) - Inefficiency (1 reviews) - Integration Issues (1 reviews) - Missing Features (1 reviews) ### 25. [ZeroPath](https://www.g2.com/products/zeropath/reviews) ZeroPath (YC S24) is the first AI-native application security platform that fundamentally reimagines how organizations find and fix vulnerabilities. Unlike deterministic SAST tools that bolt AI onto legacy rule engines, ZeroPath was built from the ground up to combine large language models with advanced program analysis (AST, data flow, taint tracking) by Ex-Tesla Red Team and Google Security engineers. ZeroPath's core differentiation is detecting critical vulnerabilities that pattern-matching SAST fundamentally cannot find. It catches IDORs, authorization bypasses, race conditions, and authentication bugs by reasoning about application behavior and developer intent. This capability achieved a 92% alert reduction when triaging findings from legacy tools. ZeroPath is best suited for enterprises and startups that want a complete appsec experience with: AI-powered SAST across 16+ languages, SCA with exploitability analysis (90% noise reduction by determining if dependency CVEs are actually reachable in your code), secrets detection with validation, IaC scanning for Terraform/CloudFormation/Kubernetes, and natural language security policies. Context-aware autopatch generation fixes 70% of vulnerabilities automatically with framework-specific patches that match your coding standards. To keep the developer experience seamless, ZeroPath integrates into existing workflows with zero configuration. It provides Sub-60-second PR scans on GitHub, GitLab, Bitbucket, and Azure DevOps to provide instant security feedback without blocking development. Developers receive clear explanations, one-click fixes, and can refine patches using natural language commands directly in PR comments. The platform automatically attributes vulnerabilities to responsible developers and syncs bidirectionally with Jira, Linear, and more. Overall, less noise, along with the breadth of integrations, has already made security teams faster in triaging and finding real vulnerabilities. Having been security engineers ourselves, we also understand how important visibility is for the evaluations. ZeroPath users get executive dashboards with real-time MTTR tracking, automated compliance reporting for SOC2 and ISO27001, and risk-based prioritization using CVSS 4.0 scoring. The platform provides complete visibility across organizational repositories, including security models, authentication patterns, and filtering logic, without manual configuration. Our research team dogfeeds our own technology and has discovered CVE-2025-61928 (critical account takeover in better-auth with 300k+ weekly downloads), identified 170+ verified bugs in curl, found 7 vulnerabilities in django-allauth enabling account impersonation, and discovered 0-days in production systems at Netflix, Hulu, and Salesforce. Currently trusted by 750+ companies running 200k+ scans monthly, ZeroPath delivers what security-conscious engineering teams need: more real vulnerabilities, dramatically less noise, and automated fixes that actually work. **Average Rating:** 4.5/5.0 **Total Reviews:** 11 **User Satisfaction Scores:** - **Quality of Support:** 9.4/10 (Category avg: 9.2/10) - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 8.9/10) - **Ease of Setup:** 9.0/10 (Category avg: 8.7/10) **Seller Details:** - **Seller:** [ZeroPath](https://www.g2.com/sellers/zeropath) - **Company Website:** https://zeropath.com - **Year Founded:** 2024 - **HQ Location:** San Francisco, US - **LinkedIn® Page:** https://www.linkedin.com/company/zeropathai/ (9 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 36% Small-Business, 27% Mid-Market #### Pros & Cons **Pros:** - Accuracy (6 reviews) - Accuracy of Findings (6 reviews) - Security (6 reviews) - Vulnerability Detection (5 reviews) - Vulnerability Identification (4 reviews) **Cons:** - Bug Issues (2 reviews) - Bugs (2 reviews) - Software Bugs (2 reviews) - Cost Issues (1 reviews) - Dashboard Issues (1 reviews) ## Parent Category [DevSecOps Software](https://www.g2.com/categories/devsecops) ## Related Categories - [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis) - [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) - [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)