Compare CodeSonar and Semgrep 
Featured Products
At a Glance
Market Segments
Mid-Market (38.5% of reviews)
Enterprise (47.2% of reviews)
Entry-Level Pricing
No pricing available
Starting at $40.00 1 contributor Per Month
CodeSonar
Star Rating
(13)4.3 out of 5
Market Segments
Mid-Market (38.5% of reviews)
Pros & Cons
Not enough data
Entry-Level Pricing
No pricing available
Learn more about CodeSonarSemgrep
Star Rating
(54)4.6 out of 5
Market Segments
Enterprise (47.2% of reviews)
Pros & Cons
Entry-Level Pricing
Starting at $40.00 1 contributor Per Month
Free Trial is available
Learn more about SemgrepCodeSonar vs Semgrep
- Reviewers felt that Semgrep meets the needs of their business better than CodeSonar.
- When comparing quality of ongoing product support, CodeSonar and Semgrep provide similar levels of assistance.
- For feature updates and roadmaps, our reviewers preferred the direction of CodeSonar over Semgrep.
Pricing
Entry-Level Pricing
CodeSonar
No pricing availableSemgrep
Semgrep Code, Supply Chain, and Secrets Detection
Starting at $40.00
1 contributor Per Month
Extensible AppSec for growing teams. Choose from Code (SAST), Supply Chain (SCA), and Secrets Detection to eliminate noise out of the box, streamline developer workflows, and give security teams full visibility.
- Choose from SAST, SCA, and Secrets Detection
- Pro Rules and cross-file analysis
- AI Assistant
Free Trial
CodeSonar
No trial information availableSemgrep
Free Trial is available
Ratings
Meets Requirements
8.3
9
8.8
48
Ease of Use
8.3
9
9.1
49
Ease of Setup
Not enough data
9.4
36
Ease of Admin
Not enough data
9.1
22
Quality of Support
8.8
8
8.8
43
Has the product been a good partner in doing business?
Not enough data
9.6
22
Product Direction (% positive)
10.0
7
9.2
45
Features by Category
Administration
Not enough data
9.0
18
Not enough data
8.2
17
Analysis
Not enough data
8.4
19
Not enough data
9.1
21
Not enough data
9.4
21
Not enough data
9.1
21
Testing
Not enough data
8.7
20
Not enough data
Feature Not Available
Not enough data
Feature Not Available
Not enough data
7.7
17
Not enough data
7.5
18
Not enough data
8.1
19
Not enough data
7.3
21
Agentic AI - Static Application Security Testing (SAST)
Not enough data
7.9
11
Dynamic Application Security Testing (DAST)Hide 13 FeaturesShow 13 Features
Not enough data
Not enough data
Administration
Not enough data
Feature Not Available
Not enough data
Feature Not Available
Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Testing
Not enough data
Feature Not Available
Not enough data
Feature Not Available
Not enough data
Feature Not Available
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Performance
Not enough data
8.2
12
Not enough data
8.0
11
Not enough data
8.0
11
Not enough data
9.0
10
Network
Not enough data
8.5
10
Not enough data
7.8
10
Not enough data
8.0
10
Application
Not enough data
Feature Not Available
Not enough data
8.9
11
Not enough data
8.5
11
Agentic AI - Vulnerability Scanner
Not enough data
6.9
6
Not enough data
7.5
6
Functionality - Software Composition Analysis
Not enough data
8.4
18
Not enough data
8.2
18
Not enough data
8.5
18
Effectiveness - Software Composition Analysis
Not enough data
8.5
18
Not enough data
8.3
18
Not enough data
8.3
18
Documentation
Not enough data
8.9
19
Not enough data
9.3
20
Not enough data
8.2
20
Security
Not enough data
7.4
21
Not enough data
7.9
17
Not enough data
8.9
17
Agentic AI - Static Code Analysis
Not enough data
7.7
10
Not enough data
7.6
9
Not enough data
7.7
10
Performance - AI AppSec Assistants
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Integration - AI AppSec Assistants
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Interactive Application Security Testing (IAST)Hide 1 FeatureShow 1 Feature
Not enough data
Not enough data
Agentic AI - Interactive Application Security Testing (IAST)
Not enough data
Not enough data
Categories
Categories
Shared Categories
CodeSonar and Semgrep are categorized as Static Application Security Testing (SAST), Static Code Analysis, and Secure Code Review
Unique Categories
CodeSonar has no unique categories
Reviews
Reviewers' Company Size
CodeSonar
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Semgrep
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Small-Business
(50 or fewer emp.)
Mid-Market
(51-1000 emp.)
Enterprise
(> 1000 emp.)
Reviewers' Industry
Electrical/Electronic Manufacturing
15.4%
Computer Software
15.4%
Oil & Energy
7.7%
Medical Devices
7.7%
Marketing and Advertising
7.7%
Other
46.2%
Information Technology and Services
24.5%
Computer Software
20.8%
Financial Services
15.1%
Computer & Network Security
5.7%
Semiconductors
5.7%
Other
28.3%
Discussions
What is the easiest way to setup CodeSonar using Azure DevOps
2 Comments
MH
Hi James,
Thanks for your question. Think of CodeSonar as a three layer architecture. There are build, analysis and storage layers. All layers can be...Read more
How does CodeSonar work?
1 Comment
Official Response from CodeSonar
Depends on how detailed you want to be. CodeSonar functions by watching a customer’s build and determining what code might run when a program executes. We...Read more
Is CodeSonar open source?
1 Comment
Official Response from CodeSonar
No. CodeSonar is a proprietary technology, provided under a commercial license.Read more
Semgrep has no discussions with answers
Hunting for software insights?
With over 3 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
