# Semgrep, SonarQube vs OpenText Core Application Security Comparison | | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Star Rating** | 4.6 out of 5 | 4.4 out of 5 | 4.1 out of 5 | | **Total Reviews** | 55 | 141 | 34 | | **Largest Market Segment** | Enterprise (46.3% of reviews) | Enterprise (42.0% of reviews) | Enterprise (41.2% of reviews) | | **Entry Level Price** | Starting at $40.00 1 contributor Per Month | Free | No pricing available | --- ## Top Pros & Cons ### Semgrep Pros: - Ease of Use (16 reviews) - Features (14 reviews) Cons: - Not User-Friendly (7 reviews) - Limited Features (6 reviews) ### SonarQube Pros: - Code Quality (24 reviews) - Features (20 reviews) Cons: - Software Bugs (12 reviews) - Complex Configuration (10 reviews) ### OpenText Core Application Security **Not enough data** --- ## Ratings Comparison | Rating | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Meets Requirements** | 8.8 (49 reviews) | 8.8 (119 reviews) | 8.1 (31 reviews) | | **Ease of Use** | 9.1 (50 reviews) | 8.5 (122 reviews) | 8.2 (31 reviews) | | **Ease of Setup** | 9.4 (37 reviews) | 8.1 (81 reviews) | 8.2 (12 reviews) | | **Ease of Admin** | 9.1 (22 reviews) | 8.5 (67 reviews) | 8.9 (12 reviews) | | **Quality of Support** | 8.8 (44 reviews) | 8.2 (101 reviews) | 7.9 (30 reviews) | | **Has the product been a good partner in doing business?** | 9.6 (22 reviews) | 8.3 (60 reviews) | 9.0 (12 reviews) | | **Product Direction (% positive)** | 9.2 (45 reviews) | 8.6 (115 reviews) | 8.8 (30 reviews) | --- ## Pricing ### Semgrep #### Entry-Level Pricing Plan: Semgrep Code, Supply Chain, and Secrets Detection Price: Starting at $40.00 1 contributor Per Month Description: Extensible AppSec for growing teams. Choose from Code (SAST), Supply Chain (SCA), and Secrets Detection to eliminate noise out of the box, streamline developer workflows, and give security teams full visibility. Key Features: - Choose from SAST, SCA, and Secrets Detection - Pro Rules and cross-file analysis - AI Assistant [Learn more about Semgrep](https://www.g2.com/products/semgrep/reviews) #### Free Trial Yes ### SonarQube #### Entry-Level Pricing Plan: Free Price: Free Description: For developers wanting to try SonarQube. Key Features: - Scan of private projects limited to 50k lines of code - Users limited to max. 5 - Architecture management [Browse all 3 editions](https://www.g2.com/products/sonarqube/pricing) #### Free Trial Yes ### OpenText Core Application Security #### Entry-Level Pricing No pricing available #### Free Trial Yes --- ## Features Comparison By Category ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.4/10 | 22 | | **SonarQube** | 7.3/10 | 25 | | **OpenText Core Application Security** | N/A | N/A | #### Administration | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **API / Integrations** | 9.0 (18 reviews) | 7.9 (20 reviews) | Not enough data | | **Extensibility** | 8.2 (17 reviews) | 6.0 (20 reviews) | Not enough data | #### Analysis | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Reporting and Analytics** | 8.4 (19 reviews) | 7.4 (21 reviews) | Not enough data | | **Issue Tracking** | 9.2 (22 reviews) | 8.0 (20 reviews) | Not enough data | | **Static Code Analysis** | 9.4 (22 reviews) | 9.0 (23 reviews) | Not enough data | | **Code Analysis** | 9.2 (22 reviews) | 9.1 (23 reviews) | Not enough data | #### Testing | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Command-Line Tools** | 8.7 (20 reviews) | 6.6 (18 reviews) | Not enough data | | **Manual Testing** | Feature Not Available | 5.9 (19 reviews) | Not enough data | | **Test Automation** | Feature Not Available | 6.0 (21 reviews) | Not enough data | | **Compliance Testing** | 7.7 (17 reviews) | 6.9 (18 reviews) | Not enough data | | **Black-Box Scanning** | 7.5 (18 reviews) | 6.8 (17 reviews) | Not enough data | | **Detection Rate** | 8.1 (19 reviews) | 8.2 (21 reviews) | Not enough data | | **False Positives** | 7.3 (21 reviews) | 6.7 (23 reviews) | Not enough data | #### Agentic AI - Static Application Security Testing (SAST) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Autonomous Task Execution** | 7.9 (11 reviews) | Not enough data | Not enough data | ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Administration | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **API / Integrations** | Feature Not Available | Not enough data | Not enough data | | **Extensibility** | Feature Not Available | Not enough data | Not enough data | #### Analysis | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Reporting and Analytics** | Not enough data | Not enough data | Not enough data | | **Issue Tracking** | Not enough data | Not enough data | Not enough data | | **Static Code Analysis** | Not enough data | Not enough data | Not enough data | | **Vulnerability Scan** | Not enough data | Not enough data | Not enough data | | **Code Analysis** | Not enough data | Not enough data | Not enough data | #### Testing | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Manual Testing** | Feature Not Available | Not enough data | Not enough data | | **Test Automation** | Feature Not Available | Not enough data | Not enough data | | **Compliance Testing** | Feature Not Available | Not enough data | Not enough data | | **Black-Box Scanning** | Not enough data | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | Not enough data | | **False Positives** | Not enough data | Not enough data | Not enough data | ### Vulnerability Scanner | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.1/10 | 12 | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Performance | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Issue Tracking** | 8.2 (12 reviews) | Not enough data | Not enough data | | **Detection Rate** | 8.0 (11 reviews) | Not enough data | Not enough data | | **False Positives** | 8.0 (11 reviews) | Not enough data | Not enough data | | **Automated Scans** | 9.0 (10 reviews) | Not enough data | Not enough data | #### Network | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Compliance Testing** | 8.5 (10 reviews) | Not enough data | Not enough data | | **Perimeter Scanning** | 7.8 (10 reviews) | Not enough data | Not enough data | | **Configuration Monitoring** | 8.0 (10 reviews) | Not enough data | Not enough data | #### Application | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Manual Application Testing** | Feature Not Available | Not enough data | Not enough data | | **Static Code Analysis** | 8.9 (11 reviews) | Not enough data | Not enough data | | **Black Box Testing** | 8.5 (11 reviews) | Not enough data | Not enough data | #### Agentic AI - Vulnerability Scanner | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Autonomous Task Execution** | 6.9 (6 reviews) | Not enough data | Not enough data | | **Proactive Assistance** | 7.5 (6 reviews) | Not enough data | Not enough data | ### Software Development Analytics Tools | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | 8.0/10 | 35 | | **OpenText Core Application Security** | N/A | N/A | #### Functionality | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Repository Integration** | Not enough data | 8.1 (32 reviews) | Not enough data | | **Analytics and Trends** | Not enough data | 8.5 (31 reviews) | Not enough data | | **Productivity Updates** | Not enough data | 8.2 (29 reviews) | Not enough data | #### Management | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Historical Data Consolidation** | Not enough data | Feature Not Available | Not enough data | | **Data Context** | Not enough data | 7.5 (26 reviews) | Not enough data | | **Testing Integration** | Not enough data | 7.9 (29 reviews) | Not enough data | ### Bug Tracking | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | 8.1/10 | 11 | | **OpenText Core Application Security** | N/A | N/A | #### Bug Reporting | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **User Reports & Feedback** | Not enough data | 7.7 (10 reviews) | Not enough data | | **Tester Reports & Feedback** | Not enough data | 8.0 (10 reviews) | Not enough data | | **Team Reports & Comments** | Not enough data | 8.3 (10 reviews) | Not enough data | #### Bug Monitoring | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Analytics** | Not enough data | 7.8 (10 reviews) | Not enough data | | **Bug History** | Not enough data | 8.2 (10 reviews) | Not enough data | | **Data Retention** | Not enough data | 8.5 (10 reviews) | Not enough data | #### Agentic AI - Bug Tracking | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Adaptive Learning** | Not enough data | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Not enough data | Not enough data | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.4/10 | 18 | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Functionality - Software Composition Analysis | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Language Support** | 8.4 (18 reviews) | Not enough data | Not enough data | | **Integration** | 8.2 (18 reviews) | Not enough data | Not enough data | | **Transparency** | 8.5 (18 reviews) | Not enough data | Not enough data | #### Effectiveness - Software Composition Analysis | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Remediation Suggestions** | 8.5 (18 reviews) | Not enough data | Not enough data | | **Continuous Monitoring** | 8.3 (18 reviews) | Not enough data | Not enough data | | **Thorough Detection** | 8.3 (18 reviews) | Not enough data | Not enough data | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **Semgrep** | 8.4/10 | 21 | | **SonarQube** | 7.5/10 | 45 | | **OpenText Core Application Security** | N/A | N/A | #### Documentation | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Feedback** | 8.9 (19 reviews) | 8.0 (42 reviews) | Not enough data | | **Prioritization** | 9.3 (20 reviews) | 7.6 (37 reviews) | Not enough data | | **Remediation Suggestions** | 8.2 (20 reviews) | 8.3 (38 reviews) | Not enough data | #### Security | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **False Positives** | 7.4 (21 reviews) | 6.7 (37 reviews) | Not enough data | | **Custom Compliance** | 7.9 (17 reviews) | 7.0 (34 reviews) | Not enough data | | **Agility** | 8.9 (17 reviews) | 7.9 (37 reviews) | Not enough data | ### Application Security | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Generative AI | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **AI Text Summarization** | Not enough data | Not enough data | Not enough data | ### Application Security Posture Management (ASPM) | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | 8.5/10 | 7 | | **OpenText Core Application Security** | N/A | N/A | #### Risk management - Application Security Posture Management (ASPM) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Vulnerability Management** | Not enough data | 9.3 (5 reviews) | Not enough data | | **Risk Assessment and Prioritization** | Not enough data | Feature Not Available | Not enough data | | **Compliance Management** | Not enough data | 9.0 (5 reviews) | Not enough data | | **Policy Enforcement** | Not enough data | 8.9 (6 reviews) | Not enough data | #### Integration and efficiency - Application Security Posture Management (ASPM) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Integration with Development Tools** | Not enough data | 7.8 (6 reviews) | Not enough data | | **Automation and Efficiency** | Not enough data | Feature Not Available | Not enough data | #### Reporting and Analytics - Application Security Posture Management (ASPM) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Trend Analysis** | Not enough data | 7.8 (6 reviews) | Not enough data | | **Risk Scoring** | Not enough data | Not enough data | Not enough data | | **Customizable Dashboards** | Not enough data | 8.3 (5 reviews) | Not enough data | #### Agentic AI - Application Security Posture Management (ASPM) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | Not enough data | ### Software Bill of Materials (SBOM) | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Functionality - Software Bill of Materials (SBOM) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Format Support** | Not enough data | Not enough data | Not enough data | | **Annotations** | Not enough data | Not enough data | Not enough data | | **Attestation** | Not enough data | Not enough data | Not enough data | #### Management - Software Bill of Materials (SBOM) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Monitoring** | Not enough data | Not enough data | Not enough data | | **Dashboards** | Not enough data | Not enough data | Not enough data | | **User Provisioning** | Not enough data | Not enough data | Not enough data | ### AI Governance Tools | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### AI Compliance | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Regulatory Reporting** | Not enough data | Not enough data | Not enough data | | **Automated Compliance** | Not enough data | Not enough data | Not enough data | | **Audit Trails** | Not enough data | Feature Not Available | Not enough data | #### Risk Management & Monitoring | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **AI Risk Management** | Not enough data | Feature Not Available | Not enough data | | **Real-time Monitoring** | Not enough data | Not enough data | Not enough data | #### AI Lifecycle Management | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Lifecycle Automation** | Not enough data | Feature Not Available | Not enough data | #### Access Control and Security | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Pole-based Access Control (RBAC)** | Not enough data | Not enough data | Not enough data | #### Collaboration and Communication | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Model Sharing and Reuse** | Not enough data | Feature Not Available | Not enough data | #### Agentic AI - AI Governance Tools | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | Not enough data | | **Cross-system Integration** | Not enough data | Not enough data | Not enough data | | **Adaptive Learning** | Not enough data | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Feature Not Available | Not enough data | | **Decision Making** | Not enough data | Not enough data | Not enough data | ### Runtime Application Self-Protection (RASP) Tools | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Threat Detection & Response - Runtime Application Self-Protection (RASP) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Threat Remediation** | Not enough data | Not enough data | Not enough data | | **Threat Detection** | Not enough data | Not enough data | Not enough data | | **Application Behavior Monitoring** | Not enough data | Not enough data | Not enough data | | **Intelligence and Reporting** | Not enough data | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **Semgrep** | 7.7/10 | 10 | | **SonarQube** | 6.2/10 | 8 | | **OpenText Core Application Security** | N/A | N/A | #### Agentic AI - Static Code Analysis | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Adaptive Learning** | 7.7 (10 reviews) | 6.3 (8 reviews) | Not enough data | | **Natural Language Interaction** | 7.6 (9 reviews) | 5.7 (7 reviews) | Not enough data | | **Proactive Assistance** | 7.7 (10 reviews) | 6.7 (8 reviews) | Not enough data | ### AI AppSec Assistants | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Performance - AI AppSec Assistants | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Remediation** | Not enough data | Not enough data | Not enough data | | **Real-time Vulnerability Detection** | Not enough data | Not enough data | Not enough data | | **Accuracy** | Not enough data | Not enough data | Not enough data | #### Integration - AI AppSec Assistants | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Stack Integration** | Not enough data | Not enough data | Not enough data | | **Workflow Integration** | Not enough data | Not enough data | Not enough data | | **Codebase Contextual Awareness** | Not enough data | Not enough data | Not enough data | ### Cloud Security | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Cloud Visibility | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Data Discovery** | Not enough data | Not enough data | Not enough data | | **Cloud Registry** | Not enough data | Not enough data | Not enough data | | **Cloud Gap Analytics** | Not enough data | Not enough data | Not enough data | #### Security | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Data Security** | Not enough data | Not enough data | Not enough data | | **Data loss Prevention** | Not enough data | Not enough data | Not enough data | | **Security Auditing** | Not enough data | Not enough data | Not enough data | #### Identity | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **SSO** | Not enough data | Not enough data | Not enough data | | **Governance** | Not enough data | Not enough data | Not enough data | | **User Analytics** | Not enough data | Not enough data | Not enough data | ### Interactive Application Security Testing (IAST) | Product | Score | Reviews | |---|---|---| | **Semgrep** | N/A | N/A | | **SonarQube** | N/A | N/A | | **OpenText Core Application Security** | N/A | N/A | #### Agentic AI - Interactive Application Security Testing (IAST) | Feature | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | --- ## Categories **Shared Categories (1):** [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis) **Unique to Semgrep (7):** [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast), [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) **Unique to SonarQube (9):** [Application Security Posture Management (ASPM) Software](https://www.g2.com/categories/application-security-posture-management-aspm), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Software Development Analytics Tools](https://www.g2.com/categories/software-development-analytics-tools), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Bug Tracking Software](https://www.g2.com/categories/bug-tracking), [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis), [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom), [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [ AI Governance Tools](https://www.g2.com/categories/ai-governance-tools) **Unique to OpenText Core Application Security (3):** [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast), [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast), [Runtime Application Self-Protection (RASP) Tools ](https://www.g2.com/categories/runtime-application-self-protection-rasp-tools) --- ## Reviewer Demographics ### By Company Size | Segment | Semgrep | SonarQube | OpenText Core Application Security | |---|---|---|---| | **Small-Business** | 11.1% | 18.1% | 32.4% | | **Mid-Market** | 42.6% | 39.9% | 26.5% | | **Enterprise** | 46.3% | 42.0% | 41.2% | ### By Industry #### Semgrep - **Information Technology and Services:** 24.1% - **Computer Software:** 20.4% - **Financial Services:** 16.7% - **Computer & Network Security:** 5.6% - **Semiconductors:** 5.6% - **Manufacturing:** 5.6% - **Insurance:** 3.7% - **International Affairs:** 1.9% - **Information Services:** 1.9% - **Hospital & Health Care:** 1.9% - **Other:** 13.0% #### SonarQube - **Information Technology and Services:** 26.7% - **Computer Software:** 20.7% - **Financial Services:** 7.4% - **Banking:** 3.7% - **Computer & Network Security:** 3.0% - **Hospital & Health Care:** 3.0% - **Manufacturing:** 2.2% - **Automotive:** 2.2% - **Aviation & Aerospace:** 2.2% - **Telecommunications:** 2.2% - **Other:** 26.7% #### OpenText Core Application Security - **Information Technology and Services:** 26.5% - **Computer & Network Security:** 8.8% - **Computer Software:** 8.8% - **Airlines/Aviation:** 5.9% - **Construction:** 5.9% - **Banking:** 2.9% - **Education Management:** 2.9% - **Financial Services:** 2.9% - **Health, Wellness and Fitness:** 2.9% - **Higher Education:** 2.9% - **Other:** 29.4% --- ## Alternatives ### Alternatives to Semgrep - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (132 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (893 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (795 reviews) - [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) — 4.6/5 stars (377 reviews) - [Replit](https://www.g2.com/products/replit/reviews) — 4.5/5 stars (356 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (310 reviews) - [GitHub Copilot](https://www.g2.com/products/github-copilot/reviews) — 4.5/5 stars (311 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (302 reviews) - [Gearset DevOps](https://www.g2.com/products/gearset-devops/reviews) — 4.7/5 stars (292 reviews) ### Alternatives to SonarQube - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2363 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (893 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (26 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (132 reviews) - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) — 4.6/5 stars (141 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (40 reviews) - [Kiuwan Code Security & Insights](https://www.g2.com/products/kiuwan-code-security-insights/reviews) — 4.5/5 stars (34 reviews) - [Embold](https://www.g2.com/products/embold/reviews) — 4.7/5 stars (18 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (310 reviews) ### Alternatives to OpenText Core Application Security - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (40 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (26 reviews) - [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews) — 4.1/5 stars (76 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (302 reviews) - [Burp Suite](https://www.g2.com/products/burp-suite/reviews) — 4.8/5 stars (129 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (893 reviews) - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) — 4.6/5 stars (69 reviews) - [Dynatrace](https://www.g2.com/products/dynatrace/reviews) — 4.5/5 stars (1363 reviews) - [Coverity](https://www.g2.com/products/coverity/reviews) — 4.2/5 stars (55 reviews) - [Gearset DevOps](https://www.g2.com/products/gearset-devops/reviews) — 4.7/5 stars (292 reviews) --- ## Top Discussions ### Semgrep No discussions available for this product. ### SonarQube No discussions available for this product. ### OpenText Core Application Security No discussions available for this product. --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/semgrep-vs-sonarqube-vs-opentext-core-application-security)