# Codacy vs Semgrep Comparison | | Codacy | Semgrep | |---|---|---| | **Star Rating** | 4.6 out of 5 | 4.6 out of 5 | | **Total Reviews** | 29 | 55 | | **Largest Market Segment** | Small-Business (60.7% of reviews) | Enterprise (46.3% of reviews) | | **Entry Level Price** | Free | Starting at $40.00 1 contributor Per Month | --- ## Top Pros & Cons ### Codacy Pros: - Security (2 reviews) - Automation (1 reviews) Cons: - Expensive (1 reviews) ### Semgrep Pros: - Ease of Use (16 reviews) - Features (14 reviews) Cons: - Not User-Friendly (7 reviews) - Limited Features (6 reviews) --- ## Ratings Comparison | Rating | Codacy | Semgrep | |---|---|---| | **Meets Requirements** | 9.0 (20 reviews) | 8.8 (49 reviews) | | **Ease of Use** | 9.1 (21 reviews) | 9.1 (50 reviews) | | **Ease of Setup** | 9.0 (14 reviews) | 9.4 (37 reviews) | | **Ease of Admin** | 8.9 (12 reviews) | 9.1 (22 reviews) | | **Quality of Support** | 9.1 (15 reviews) | 8.8 (44 reviews) | | **Has the product been a good partner in doing business?** | 9.1 (9 reviews) | 9.6 (22 reviews) | | **Product Direction (% positive)** | 8.3 (21 reviews) | 9.2 (45 reviews) | --- ## Pricing ### Codacy #### Entry-Level Pricing Plan: Open Source Price: Free Description: Unlimited free code scanning for open-source projects Key Features: - Unlimited lines of code in public projects - Code quality and security scanning across 49 languages and frameworks - 100% cloud-based analysis via Git - no server or build steps needed [Browse all 3 editions](https://www.g2.com/products/codacy/pricing) #### Free Trial Yes ### Semgrep #### Entry-Level Pricing Plan: Semgrep Code, Supply Chain, and Secrets Detection Price: Starting at $40.00 1 contributor Per Month Description: Extensible AppSec for growing teams. Choose from Code (SAST), Supply Chain (SCA), and Secrets Detection to eliminate noise out of the box, streamline developer workflows, and give security teams full visibility. Key Features: - Choose from SAST, SCA, and Secrets Detection - Pro Rules and cross-file analysis - AI Assistant [Learn more about Semgrep](https://www.g2.com/products/semgrep/reviews) #### Free Trial Yes --- ## Features Comparison By Category ### Application Shielding | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | N/A | N/A | #### Protect | Feature | Codacy | Semgrep | |---|---|---| | **Login** | Not enough data | Not enough data | | **Data Injections** | Not enough data | Not enough data | | **Code** | Not enough data | Not enough data | | **Certificate Exploitation** | Not enough data | Not enough data | | **Advanced Awareness** | Not enough data | Not enough data | | **Digital Content** | Feature Not Available | Not enough data | #### Execute | Feature | Codacy | Semgrep | |---|---|---| | **Environment** | Not enough data | Not enough data | | **Compliance** | Not enough data | Not enough data | | **Cross-Platform Implementation** | Not enough data | Not enough data | ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | 8.4/10 | 22 | #### Administration | Feature | Codacy | Semgrep | |---|---|---| | **API / Integrations** | Not enough data | 9.0 (18 reviews) | | **Extensibility** | Not enough data | 8.2 (17 reviews) | #### Analysis | Feature | Codacy | Semgrep | |---|---|---| | **Reporting and Analytics** | Not enough data | 8.4 (19 reviews) | | **Issue Tracking** | Not enough data | 9.2 (22 reviews) | | **Static Code Analysis** | Not enough data | 9.4 (22 reviews) | | **Code Analysis** | Not enough data | 9.2 (22 reviews) | #### Testing | Feature | Codacy | Semgrep | |---|---|---| | **Command-Line Tools** | Not enough data | 8.7 (20 reviews) | | **Manual Testing** | Not enough data | Feature Not Available | | **Test Automation** | Not enough data | Feature Not Available | | **Compliance Testing** | Not enough data | 7.7 (17 reviews) | | **Black-Box Scanning** | Not enough data | 7.5 (18 reviews) | | **Detection Rate** | Not enough data | 8.1 (19 reviews) | | **False Positives** | Not enough data | 7.3 (21 reviews) | #### Agentic AI - Static Application Security Testing (SAST) | Feature | Codacy | Semgrep | |---|---|---| | **Autonomous Task Execution** | Not enough data | 7.9 (11 reviews) | ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | N/A | N/A | #### Administration | Feature | Codacy | Semgrep | |---|---|---| | **API / Integrations** | Not enough data | Feature Not Available | | **Extensibility** | Not enough data | Feature Not Available | #### Analysis | Feature | Codacy | Semgrep | |---|---|---| | **Reporting and Analytics** | Not enough data | Not enough data | | **Issue Tracking** | Not enough data | Not enough data | | **Static Code Analysis** | Not enough data | Not enough data | | **Vulnerability Scan** | Not enough data | Not enough data | | **Code Analysis** | Not enough data | Not enough data | #### Testing | Feature | Codacy | Semgrep | |---|---|---| | **Manual Testing** | Not enough data | Feature Not Available | | **Test Automation** | Not enough data | Feature Not Available | | **Compliance Testing** | Not enough data | Feature Not Available | | **Black-Box Scanning** | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | | **False Positives** | Not enough data | Not enough data | ### Vulnerability Scanner | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | 8.1/10 | 12 | #### Performance | Feature | Codacy | Semgrep | |---|---|---| | **Issue Tracking** | Not enough data | 8.2 (12 reviews) | | **Detection Rate** | Not enough data | 8.0 (11 reviews) | | **False Positives** | Not enough data | 8.0 (11 reviews) | | **Automated Scans** | Not enough data | 9.0 (10 reviews) | #### Network | Feature | Codacy | Semgrep | |---|---|---| | **Compliance Testing** | Not enough data | 8.5 (10 reviews) | | **Perimeter Scanning** | Not enough data | 7.8 (10 reviews) | | **Configuration Monitoring** | Not enough data | 8.0 (10 reviews) | #### Application | Feature | Codacy | Semgrep | |---|---|---| | **Manual Application Testing** | Not enough data | Feature Not Available | | **Static Code Analysis** | Not enough data | 8.9 (11 reviews) | | **Black Box Testing** | Not enough data | 8.5 (11 reviews) | #### Agentic AI - Vulnerability Scanner | Feature | Codacy | Semgrep | |---|---|---| | **Autonomous Task Execution** | Not enough data | 6.9 (6 reviews) | | **Proactive Assistance** | Not enough data | 7.5 (6 reviews) | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | 8.4/10 | 18 | #### Functionality - Software Composition Analysis | Feature | Codacy | Semgrep | |---|---|---| | **Language Support** | Not enough data | 8.4 (18 reviews) | | **Integration** | Not enough data | 8.2 (18 reviews) | | **Transparency** | Not enough data | 8.5 (18 reviews) | #### Effectiveness - Software Composition Analysis | Feature | Codacy | Semgrep | |---|---|---| | **Remediation Suggestions** | Not enough data | 8.5 (18 reviews) | | **Continuous Monitoring** | Not enough data | 8.3 (18 reviews) | | **Thorough Detection** | Not enough data | 8.3 (18 reviews) | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | 8.4/10 | 21 | #### Documentation | Feature | Codacy | Semgrep | |---|---|---| | **Feedback** | Not enough data | 8.9 (19 reviews) | | **Prioritization** | Not enough data | 9.3 (20 reviews) | | **Remediation Suggestions** | Not enough data | 8.2 (20 reviews) | #### Security | Feature | Codacy | Semgrep | |---|---|---| | **False Positives** | Not enough data | 7.4 (21 reviews) | | **Custom Compliance** | Not enough data | 7.9 (17 reviews) | | **Agility** | Not enough data | 8.9 (17 reviews) | ### Application Security | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | N/A | N/A | #### Generative AI | Feature | Codacy | Semgrep | |---|---|---| | **AI Text Summarization** | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | 7.7/10 | 10 | #### Agentic AI - Static Code Analysis | Feature | Codacy | Semgrep | |---|---|---| | **Adaptive Learning** | Not enough data | 7.7 (10 reviews) | | **Natural Language Interaction** | Not enough data | 7.6 (9 reviews) | | **Proactive Assistance** | Not enough data | 7.7 (10 reviews) | ### AI AppSec Assistants | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | N/A | N/A | #### Performance - AI AppSec Assistants | Feature | Codacy | Semgrep | |---|---|---| | **Remediation** | Not enough data | Not enough data | | **Real-time Vulnerability Detection** | Not enough data | Not enough data | | **Accuracy** | Not enough data | Not enough data | #### Integration - AI AppSec Assistants | Feature | Codacy | Semgrep | |---|---|---| | **Stack Integration** | Not enough data | Not enough data | | **Workflow Integration** | Not enough data | Not enough data | | **Codebase Contextual Awareness** | Not enough data | Not enough data | ### Interactive Application Security Testing (IAST) | Product | Score | Reviews | |---|---|---| | **Codacy** | N/A | N/A | | **Semgrep** | N/A | N/A | #### Agentic AI - Interactive Application Security Testing (IAST) | Feature | Codacy | Semgrep | |---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | --- ## Categories **Shared Categories (4):** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis), [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis), [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) **Unique to Codacy (1):** [Application Shielding Software](https://www.g2.com/categories/application-shielding) **Unique to Semgrep (4):** [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast) --- ## Reviewer Demographics ### By Company Size | Segment | Codacy | Semgrep | |---|---|---| | **Small-Business** | 60.7% | 11.1% | | **Mid-Market** | 21.4% | 42.6% | | **Enterprise** | 17.9% | 46.3% | ### By Industry #### Codacy - **Computer Software:** 28.6% - **Information Technology and Services:** 14.3% - **Program Development:** 7.1% - **Financial Services:** 7.1% - **Security and Investigations:** 3.6% - **Retail:** 3.6% - **Logistics and Supply Chain:** 3.6% - **Internet:** 3.6% - **Insurance:** 3.6% - **Higher Education:** 3.6% - **Other:** 21.4% #### Semgrep - **Information Technology and Services:** 24.1% - **Computer Software:** 20.4% - **Financial Services:** 16.7% - **Computer & Network Security:** 5.6% - **Semiconductors:** 5.6% - **Manufacturing:** 5.6% - **Insurance:** 3.7% - **International Affairs:** 1.9% - **Information Services:** 1.9% - **Hospital & Health Care:** 1.9% - **Other:** 13.0% --- ## Alternatives ### Alternatives to Codacy - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (36 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2352 reviews) - [DeepSource](https://www.g2.com/products/deepsource/reviews) — 4.6/5 stars (22 reviews) - [Coverity](https://www.g2.com/products/coverity/reviews) — 4.2/5 stars (55 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (891 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (793 reviews) - [Cloudflare Application Security and Performance](https://www.g2.com/products/cloudflare-application-security-and-performance/reviews) — 4.5/5 stars (601 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (25 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (309 reviews) ### Alternatives to Semgrep - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (132 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2352 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (891 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (793 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [Replit](https://www.g2.com/products/replit/reviews) — 4.5/5 stars (355 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (309 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (301 reviews) - [GitHub Copilot](https://www.g2.com/products/github-copilot/reviews) — 4.5/5 stars (299 reviews) --- ## Top Discussions ### Codacy No discussions available for this product. ### Semgrep No discussions available for this product. --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/codacy-vs-semgrep)