# Best Static Code Analysis Tools

*By [Adam Crivello](https://research.g2.com/insights/author/adam-crivello)*


Static code analysis is the analysis of computer software performed without actually executing the code. Static code analysis tools scan all code in a project and seek out vulnerabilities, validates code against industry best practices, and some software tools validate against company-specific project specifications. Static code analysis tools are used by software development and quality assurance teams to ensure the quality and security of code, and that project requirements are met. Static code analysis is a type of source code management and can integrate with version control systems and through build automation tasks using continuous integration software.

To qualify as a static code analysis tool, a product must:

- Scan code without executing that code
- List security vulnerabilities after scanning
- Validate code against industry best practices
- Provide recommendations on where and how to fix issues






## G2 Grid® for Static Code Analysis Tools
![G2 Grid® for Static Code Analysis Tools plotting products by satisfaction and market presence](https://www.g2.com/categories/static-code-analysis/grids.png?focus%5B%5D=7775&focus%5B%5D=102905&focus%5B%5D=4475&focus%5B%5D=1225549&focus%5B%5D=1225688&focus%5B%5D=1385185&focus%5B%5D=161987&focus%5B%5D=48275)
Highlighted products: SonarQube, Gearset DevOps, Checkmarx, Semgrep, Typo, SoftSpell, CAST Imaging, and ReSharper C++.
Underlying data: [Grid® JSON](https://www.g2.com/categories/static-code-analysis/grids.json?focus%5B%5D=sonarqube&amp;focus%5B%5D=gearset-devops&amp;focus%5B%5D=checkmarx&amp;focus%5B%5D=semgrep&amp;focus%5B%5D=typo&amp;focus%5B%5D=softspell&amp;focus%5B%5D=cast-imaging&amp;focus%5B%5D=resharper-c)


## How Many Static Code Analysis Tools Products Does G2 Track?
**Total Products under this Category:** 130

### Category Stats (Jul 2026)
- **Average Rating**: 4.38/5 The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Checkmarx (+0.67%) - Among all products in this category, Checkmarx recorded the largest rating increase compared to last month
*Last updated: July 16, 2026*


## How Does G2 Rank Static Code Analysis Tools Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 2,100+ Authentic Reviews
- 130+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Static Code Analysis Tools Is Best for Your Use Case?

- **Leader:** [SonarQube](https://www.g2.com/products/sonarqube/reviews)
- **Highest Performer:** [Typo](https://www.g2.com/products/typo/reviews)
- **Easiest to Use:** [OpsPilot](https://www.g2.com/products/opspilot/reviews)
- **Top Trending:** [Semgrep](https://www.g2.com/products/semgrep/reviews)
- **Best Free Software:** [SonarQube](https://www.g2.com/products/sonarqube/reviews)


---

**Sponsored**

### Aikido Security

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=564&amp;secure%5Bchosen_at%5D=2026-07-16T21%3A17%3A47Z&amp;secure%5Bdisplayable_resource_id%5D=2041&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=neighbor_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1520&amp;secure%5Bplacement_resource_ids%5D%5B%5D=2041&amp;secure%5Bplacement_resource_ids%5D%5B%5D=2639&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1259627&amp;secure%5Bresource_id%5D=564&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fstatic-code-analysis&amp;secure%5Btoken%5D=17a25ae3340acd1ea77df70c8a91c92539aabf6e802830c27a76d46224b13a00&amp;secure%5Burl%5D=https%3A%2F%2Fwww.aikido.dev%2Fcode%2Fopen-source-dependency-scanning-sca%3Futm_source%3Dg2%26utm_campaign%3Dg2-promoted-listing-sca%26utm_medium%3Dcpc&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Static Code Analysis Tools Products in 2026?
### 1. [SonarQube](https://www.g2.com/products/sonarqube/reviews)
Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.


**Average Rating:** 4.4/5.0
**Total Reviews:** 152
**How Do G2 Users Rate SonarQube?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.5/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.5/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind SonarQube?**

- **Seller:** [SonarSource Sàrl](https://www.g2.com/sellers/sonarsource-sarl)
- **Company Website:** https://www.sonarsource.com
- **Year Founded:** 2008
- **HQ Location:** Geneva, Switzerland
- **Twitter:** @SonarSource (10,913 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/sonarsource/ (973 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** DevOps Engineer, Software Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 43% Enterprise, 40% Mid-Market


#### What Are SonarQube's Pros and Cons?

**Pros:**

- Code Quality (24 reviews)
- Features (20 reviews)
- Issue Identification (19 reviews)
- Ease of Use (18 reviews)
- Easy Integrations (18 reviews)

**Cons:**

- Software Bugs (12 reviews)
- Complex Configuration (10 reviews)
- False Positives (10 reviews)
- Complexity (8 reviews)
- Complex Setup (8 reviews)


### What Do G2 Reviewers Say About SonarQube?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value SonarQube for its ability to **efficiently flag code quality and security issues** , ensuring a clean and reliable codebase.
- Users appreciate the **flexible issue filtering and prioritization** features of SonarQube, enhancing focus and communication.
- Users value the **issue identification** feature of SonarQube, enhancing focus on high-priority problems and improving development processes.
- Users appreciate the **ease of use** of SonarQube, benefiting from automated quality checks integrated into their development workflows.
- Users appreciate the **easy integrations** with CI/CD tools, enhancing their workflow and overall development process.

**Cons:**

- Users experience **software bugs** including false positives and high RAM usage, complicating usage and requiring advanced knowledge.
- Users find the **configuration process complex** , often requiring extensive knowledge and still resulting in numerous warnings.
- Users report frequent **false positives** that complicate the analysis process, affecting the overall usability of SonarQube.
- Users find SonarQube&#39;s **configuration complexity** and overwhelming warnings to be challenging, affecting their overall experience.
- Users find the **complex setup** of SonarQube challenging, especially for beginners, often leading to frustrating experiences.

#### What Are Recent G2 Reviews of SonarQube?

**"[SonarQube: Easy Integration, Simple UI, and Solid Free Code Quality Scanning](https://www.g2.com/survey_responses/sonarqube-review-12975264)"**

**Rating:** 4.5/5.0 stars
*— Divyarajsinh  C.*

[Read full review](https://www.g2.com/survey_responses/sonarqube-review-12975264)

---

**"[Powerful Tool for Clean and Maintainable Code](https://www.g2.com/survey_responses/sonarqube-review-13115123)"**

**Rating:** 4.0/5.0 stars
*— chaithanya r.*

[Read full review](https://www.g2.com/survey_responses/sonarqube-review-13115123)

---


#### What Are G2 Users Discussing About SonarQube?

- [What is SonarLint used for?](https://www.g2.com/discussions/what-is-sonarlint-used-for)
- [What is SonarQube and how does it work?](https://www.g2.com/discussions/what-is-sonarqube-and-how-does-it-work) - 1 upvote
- [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube)
- [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform)
- [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features)

### 2. [Gearset DevOps](https://www.g2.com/products/gearset-devops/reviews)
Gearset is the global leader in Salesforce DevOps. It’s a DevOps platform that helps organizations manage, automate, and govern the full Salesforce development lifecycle, from planning and deployment to testing, data management, and compliance. The platform is designed for Salesforce teams that need reliable, scalable DevOps processes across complex org environments. Gearset is used by mid-market and enterprise organizations across regulated and non-regulated industries, including healthcare, financial services, insurance, and technology. Typical users include Salesforce administrators, developers, DevOps engineers, release managers, and platform owners responsible for maintaining deployment quality, security, and operational consistency. The platform supports a wide range of Salesforce use cases, including metadata and CPQ deployments, CI/CD automation, code review workflows, sandbox seeding, test automation, and monitoring. As well as deployment automation, Gearset includes tools for Salesforce data protection and long-term data management, such as automated backups, data restore, and archiving. Observability and Org Intelligence features provide insight into org health, deployment risk, and system changes over time. Gearset also includes governance and compliance capabilities designed for enterprise environments. These features help teams maintain audit readiness and enforce access controls while supporting compliance frameworks such as SOX, ISO, HIPAA, and GDPR. The platform is delivered as a managed service and integrates with Salesforce environments without requiring complex local infrastructure. Key features and capabilities include: - Salesforce metadata, CPQ, and data deployments with CI/CD automation and version control integration - Code review, test automation, and release validation to support quality and consistency - Automated Salesforce backups, restore, and data archiving for data protection and retention - Sandbox seeding, observability, and Org Intelligence to support environment management and visibility - Governance features including audit trails, role-based access controls, and compliance support Gearset is a Salesforce Partner and has supported Salesforce teams globally since 2015. The platform is used by organizations managing multiple orgs (across regions), frequent releases, and complex compliance requirements, helping teams reduce deployment risk, improve operational visibility, and maintain control over Salesforce change management processes.


**Average Rating:** 4.7/5.0
**Total Reviews:** 292
**How Do G2 Users Rate Gearset DevOps?**

- **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 8.7/10)
- **Ease of Admin:** 9.3/10 (Category avg: 8.5/10)
- **Ease of Use:** 9.2/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Gearset DevOps?**

- **Seller:** [Gearset](https://www.g2.com/sellers/gearset)
- **Company Website:** https://www.gearset.com
- **Year Founded:** 2015
- **HQ Location:** Cambridge, Cambridgeshire
- **Twitter:** @GearsetHQ (1,182 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10478150/ (366 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Salesforce Developer, Salesforce Administrator
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 37% Mid-Market, 33% Small-Business


#### What Are Gearset DevOps's Pros and Cons?

**Pros:**

- Ease of Use (25 reviews)
- Deployment (21 reviews)
- Easy Deployment (17 reviews)
- Customer Support (16 reviews)
- Deployment Ease (14 reviews)

**Cons:**

- Deployment Issues (6 reviews)
- Expensive (5 reviews)
- Complexity (4 reviews)
- Data Management (4 reviews)
- Missing Features (4 reviews)


### What Do G2 Reviewers Say About Gearset DevOps?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight the **ease of use** of Gearset DevOps, appreciating its intuitive features and smooth setup process.
- Users appreciate Gearset&#39;s **ease and flexibility in deployment** , streamlining processes and reducing the risk of human error.
- Users highlight the **easy deployment** with Gearset DevOps, streamlining complex processes and enhancing efficiency across projects.
- Users praise the **responsive customer support** of Gearset DevOps, noting excellent engagement and helpful conversations with their team.
- Users value the **deployment ease** of Gearset DevOps, facilitating smooth releases and quick setup for efficiency.

**Cons:**

- Users face **deployment issues** with Gearset DevOps, needing to manually activate Flows and avoid unintended metadata changes.
- Users find Gearset DevOps to be **expensive for larger teams** , impacting budget considerations for deployment solutions.
- Users request **simplified processes and automation** in Gearset DevOps due to current complexity hindering efficiency.
- Users experience **limitations in metadata transfer** , making deployment cumbersome and less efficient due to filtering issues.
- Users find the **missing features** in Gearset DevOps, like dependency tracking and mobile support, quite limiting.

#### What Are Recent G2 Reviews of Gearset DevOps?

**"[Powerful Salesforce DevOps That Makes Every Release Easier](https://www.g2.com/survey_responses/gearset-devops-review-13031923)"**

**Rating:** 5.0/5.0 stars
*— Paul B.*

[Read full review](https://www.g2.com/survey_responses/gearset-devops-review-13031923)

---

**"[Straightforward Deployments, Powerful Metadata Tools, and Outstanding Support](https://www.g2.com/survey_responses/gearset-devops-review-12770401)"**

**Rating:** 5.0/5.0 stars
*— Jacklyn J.*

[Read full review](https://www.g2.com/survey_responses/gearset-devops-review-12770401)

---



### 3. [Checkmarx](https://www.g2.com/products/checkmarx/reviews)
Checkmarx is a type of application security solution designed to help organizations safeguard their software development processes while enhancing efficiency and reducing costs. The Checkmarx One platform stands out in the realm of enterprise-grade security, offering comprehensive protection that addresses the complexities of modern software development, including legacy systems and AI-generated code. By scanning trillions of lines of code annually, Checkmarx enables companies to significantly lower their vulnerability density, ensuring a robust defense against potential threats. The platform is particularly beneficial for software development teams, security professionals, and organizations that prioritize secure coding practices. With the increasing reliance on AI technologies and the rapid pace of software development, Checkmarx One provides essential tools to mitigate risks associated with both traditional and emerging programming languages. Its innovative architecture, powered by autonomous security agents and AI-native intelligence, allows organizations to integrate security seamlessly into their development workflows, thereby accelerating development velocity without compromising on safety. Key features of Checkmarx One include Triage Assist, which employs an autonomous AI agent to prioritize vulnerabilities based on real-world exploitability and contextual risk. This feature empowers teams to concentrate their efforts on the most critical issues rather than getting bogged down by static severity scores. Additionally, Remediation Assist generates review-ready fixes for validated vulnerabilities prior to code merges, streamlining the secure delivery process and minimizing the manual overhead typically associated with remediation tasks. Developer Assist is another notable feature, acting as a standalone security agent that identifies risks during the coding process. By providing safe, explainable, and verified fixes directly within the integrated development environment (IDE), it supports developers in maintaining a stable and rapid development pace. Furthermore, the platform includes AI Supply Chain Security, which offers centralized governance and visibility for AI components embedded in applications, ensuring that hidden AI assets are discovered and managed effectively. Lastly, Checkmarx One incorporates advanced analysis engines such as AI SAST and DAST for AI, which enhance security measures across various environments. The AI SAST feature expands detection capabilities to cover emerging and unsupported programming languages, while the DAST for AI strengthens runtime protection in continuous integration and deployment (CI/CD) settings. Together, these features position Checkmarx One as a comprehensive solution for organizations looking to fortify their software development lifecycle against evolving threats.


**Average Rating:** 4.2/5.0
**Total Reviews:** 43
**How Do G2 Users Rate Checkmarx?**

- **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.2/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.5/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Checkmarx?**

- **Seller:** [Checkmarx](https://www.g2.com/sellers/checkmarx)
- **Company Website:** https://www.checkmarx.com
- **Year Founded:** 2006
- **HQ Location:** Paramus, NJ
- **Twitter:** @Checkmarx (7,284 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/checkmarx (1,019 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 57% Enterprise, 21% Mid-Market


#### What Are Checkmarx's Pros and Cons?

**Pros:**

- Implementation Ease (2 reviews)
- User Interface (2 reviews)
- Accuracy of Results (1 reviews)
- Automation Testing (1 reviews)
- Customer Support (1 reviews)

**Cons:**

- False Positives (1 reviews)
- Lacking Features (1 reviews)
- Missing Features (1 reviews)
- Poor Navigation (1 reviews)


### What Do G2 Reviewers Say About Checkmarx?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Checkmarx to offer **easy implementation** into existing repositories, enhancing their security review processes effortlessly.
- Users enjoy the **intuitive user interface** of Checkmarx, making navigation through features straightforward and user-friendly.
- Users value the **accuracy of results** from Checkmarx, appreciating its precise vulnerability descriptions and guidance.
- Users value **automation testing** in Checkmarx for its ease of integration, intuitive UI, and detailed vulnerability guidance.
- Users value the **responsive Customer Support** team at Checkmarx, ensuring help is available when needed.

**Cons:**

- Users experience a significant number of **false positives** in Checkmarx, especially when analyzing Kotlin projects.
- Users report a significant issue with **false positives** in Checkmarx, especially for Kotlin-based projects compared to others.
- Users face **missing features** in Checkmarx, particularly in Kotlin support, leading to numerous false positives.
- Users find the **navigation poor** in Checkmarx, noting the need for better dashboard layout and display enhancements.

#### What Are Recent G2 Reviews of Checkmarx?

**"[Centralized Source Code Security with Seamless CI/CD Integration](https://www.g2.com/survey_responses/checkmarx-review-12980590)"**

**Rating:** 5.0/5.0 stars
*— Aman M.*

[Read full review](https://www.g2.com/survey_responses/checkmarx-review-12980590)

---

**"[Checkmarx: Reliable SAST Solution for Strengthening Application Security](https://www.g2.com/survey_responses/checkmarx-review-13085824)"**

**Rating:** 4.0/5.0 stars
*— Naushad T.*

[Read full review](https://www.g2.com/survey_responses/checkmarx-review-13085824)

---


#### What Are G2 Users Discussing About Checkmarx?

- [What is Checkmarx used for?](https://www.g2.com/discussions/checkmarx-what-is-checkmarx-used-for) - 1 comment, 1 upvote
- [How much does Checkmarx cost?](https://www.g2.com/discussions/how-much-does-checkmarx-cost)
- [Which testing method does Checkmarx support?](https://www.g2.com/discussions/which-testing-method-does-checkmarx-support) - 1 comment
- [Does Checkmarx support DAST?](https://www.g2.com/discussions/does-checkmarx-support-dast) - 1 comment
- [What is Checkmarx used for?](https://www.g2.com/discussions/what-is-checkmarx-used-for) - 2 comments

### 4. [Semgrep](https://www.g2.com/products/semgrep/reviews)
Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments.


**Average Rating:** 4.6/5.0
**Total Reviews:** 56
**How Do G2 Users Rate Semgrep?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 8.7/10)
- **Ease of Admin:** 9.1/10 (Category avg: 8.5/10)
- **Ease of Use:** 9.1/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Semgrep?**

- **Seller:** [Semgrep](https://www.g2.com/sellers/semgrep)
- **Company Website:** https://semgrep.dev
- **Year Founded:** 2017
- **HQ Location:** San Francisco, US
- **Twitter:** @semgrep (4,433 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/returntocorp (262 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 45% Enterprise, 43% Mid-Market


#### What Are Semgrep's Pros and Cons?

**Pros:**

- Ease of Use (16 reviews)
- Features (14 reviews)
- Vulnerability Detection (13 reviews)
- Scanning Efficiency (12 reviews)
- Security (12 reviews)

**Cons:**

- Not User-Friendly (7 reviews)
- Limited Features (6 reviews)
- Difficult Learning (5 reviews)
- Lack of Guidance (5 reviews)
- Learning Curve (5 reviews)


### What Do G2 Reviewers Say About Semgrep?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Semgrep, benefiting from its intuitive syntax and seamless integrations.
- Users appreciate the **intuitive custom rule creation** and fast scanning performance of Semgrep, enhancing their development workflow.
- Users value Semgrep for its **effective vulnerability detection** , facilitating quick identification and resolution of security issues.
- Users appreciate the **scanning efficiency** of Semgrep, enabling rapid scans without hindering developer productivity.
- Users appreciate the **effective identification of security vulnerabilities** provided by Semgrep, enhancing code quality and compliance.

**Cons:**

- Users find Semgrep to be **not user-friendly** , experiencing a steep learning curve and challenges with custom rule management.
- Users note the **limited features** of Semgrep, lacking essential tools for comprehensive security analysis and management.
- Users find the **learning curve difficult** for Semgrep, particularly with custom rule syntax and advanced rule creation.
- Users experience a **lack of guidance** with Semgrep, particularly when mastering custom rule creation and configuration.
- Users find the **learning curve for advanced rule creation** steep, complicating initial setup and usage of Semgrep.

#### What Are Recent G2 Reviews of Semgrep?

**"[Fast, Easy-to-Customize Rules That Catch Security and Code-Quality Issues Early](https://www.g2.com/survey_responses/semgrep-review-13079252)"**

**Rating:** 4.5/5.0 stars
*— Milan K.*

[Read full review](https://www.g2.com/survey_responses/semgrep-review-13079252)

---

**"[Streamlined Code Security with Semgrep](https://www.g2.com/survey_responses/semgrep-review-11971635)"**

**Rating:** 5.0/5.0 stars
*— Shreekanth k.*

[Read full review](https://www.g2.com/survey_responses/semgrep-review-11971635)

---



### 5. [Typo](https://www.g2.com/products/typo/reviews)
Typo is an AI-powered software engineering intelligence platform that gives engineering leaders real-time visibility into what&#39;s actually happening across their SDLC — and what to do about it. From a single platform, engineering teams can track DORA metrics and delivery health, measure the real impact of AI coding tools like Cursor, and Claude Code, run AI code reviews on every pull request, monitor R&amp;D investment allocation, and measure developer experience through anonymous surveys. Typo connects to your existing stack — GitHub, GitLab, Bitbucket, Jira, Linear, and CI/CD tools — in 60 seconds. No complex onboarding. Used by 1,000+ engineering teams globally. 15M+ pull requests processed. Featured in Gartner&#39;s Market Guide for Software Engineering Intelligence Platforms.


**Average Rating:** 4.6/5.0
**Total Reviews:** 150
**How Do G2 Users Rate Typo?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.8/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.9/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 9.8/10 (Category avg: 10/10)

**Who Is the Company Behind Typo?**

- **Seller:** [Typo](https://www.g2.com/sellers/typo)
- **Year Founded:** 2020
- **HQ Location:** Dover, US
- **Twitter:** @Typoapp_ (66 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/typoapp/about/ (76 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 47% Mid-Market, 43% Small-Business


#### What Are Typo's Pros and Cons?

**Pros:**

- Metrics (16 reviews)
- Metrics Analysis (15 reviews)
- Features (14 reviews)
- PR Reviews (13 reviews)
- Insights (11 reviews)

**Cons:**

- Complex Configuration (5 reviews)
- Bug Issues (4 reviews)
- Lack of Customization (4 reviews)
- Limited Features (4 reviews)
- Missing Features (4 reviews)


### What Do G2 Reviewers Say About Typo?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accurate metrics** of Typo, enabling better performance assessment and customized insights for development teams.
- Users value the **clear and accurate metrics** from Typo, enhancing team accountability and performance monitoring seamlessly.
- Users love Typo&#39;s **powerful automation and insightful metrics** , enhancing productivity and identifying development bottlenecks effectively.
- Users value the **automated code reviews** of Typo, which dramatically enhance efficiency and eliminate bugs early in development.
- Users appreciate the **powerful automation and insights** Typo provides, enhancing productivity and code quality.

**Cons:**

- Users note the **complex configuration** that can hinder optimal usage and may result in quality issues.
- Users experience **frequent bugs and glitches** with Typo, though they&#39;re usually resolved quickly by the responsive team.
- Users express concern over the **lack of customization** options, limiting adaptability for unique workflows and complex reporting needs.
- Users express concern over **limited features** like customization options and high-level reports, impacting usability for diverse teams.
- Users find the **missing features** in Typo limiting, particularly lacking customization and mobile accessibility options.

#### What Are Recent G2 Reviews of Typo?

**"[Intuitive Tool with Powerful Analytics and Seamless GitHub Integration](https://www.g2.com/survey_responses/typo-review-12066335)"**

**Rating:** 5.0/5.0 stars
*— Eduardo V.*

[Read full review](https://www.g2.com/survey_responses/typo-review-12066335)

---

**"[Outstanding Metrics and Insights for Code Quality](https://www.g2.com/survey_responses/typo-review-12104366)"**

**Rating:** 4.0/5.0 stars
*— Amarjeet .*

[Read full review](https://www.g2.com/survey_responses/typo-review-12104366)

---



### 6. [SoftSpell](https://www.g2.com/products/softspell/reviews)
SoftSpell is an AI-powered platform that accelerates software delivery and simplifies legacy modernization. It transforms unstructured requirements and existing codebases into structured outputs, enabling faster development with clarity and control. By combining intelligent requirement analysis, context-aware code generation, and automated testing, it ensures end-to-end traceability while reducing manual effort and rework. SoftSpell integrates seamlessly into existing workflows, helping teams deliver high-quality software faster.


**Average Rating:** 4.5/5.0
**Total Reviews:** 36
**How Do G2 Users Rate SoftSpell?**

- **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.3/10 (Category avg: 8.5/10)
- **Ease of Use:** 9.3/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 0/10 (Category avg: 10/10)

**Who Is the Company Behind SoftSpell?**

- **Seller:** [SoftSpell](https://www.g2.com/sellers/softspell)
- **HQ Location:** Oak Brook, Illinois
- **LinkedIn® Page:** https://www.linkedin.com/company/softspell-ai/ (11 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Senior Software Engineer
- **Top Industries:** Computer Software, Program Development
- **Company Size:** 51% Enterprise, 35% Small-Business


#### What Are SoftSpell's Pros and Cons?

**Pros:**

- Time-saving (18 reviews)
- Coding Assistance (17 reviews)
- Automation (15 reviews)
- Quality Improvement (14 reviews)
- Ease of Use (11 reviews)

**Cons:**

- Slow Performance (9 reviews)
- Prompt Issues (7 reviews)
- Limited Multimedia Support (2 reviews)
- UX Improvement (2 reviews)
- Browser Compatibility (1 reviews)


### What Do G2 Reviewers Say About SoftSpell?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **time-saving benefits** of SoftSpell, streamlining coding tasks and enhancing productivity significantly.
- Users appreciate the **coding assistance** offered by CodeSpell, enhancing their coding efficiency and problem-solving capabilities.
- Users value the **automation features** of SoftSpell, significantly enhancing productivity with real-time code suggestions.
- Users find that SoftSpell offers **quality improvement** by streamlining coding tasks and enhancing productivity significantly.
- Users appreciate the **ease of use** of SoftSpell, enabling smoother coding and quicker problem-solving.

**Cons:**

- Users experience **slow performance** with SoftSpell, especially during setup and handling larger code inputs.
- Users report **prompt issues** causing delays and clutter, leading to accidental clicks and unwanted suggestions during editing.
- Users note **limited multimedia support** , expressing hope for future updates to enhance compatibility with tech stacks.
- Users find the **cluttered interface** of SoftSpell frustrating, leading to accidental clicks and a steep learning curve.
- Users face **limitations with tech stack compatibility** in SoftSpell, hoping for improvements in future updates.

#### What Are Recent G2 Reviews of SoftSpell?

**"[SoftSpell Supercharges Coding with AI Automation, Debugging Help, and Smooth VS Code Integration](https://www.g2.com/survey_responses/softspell-review-12770083)"**

**Rating:** 4.5/5.0 stars
*— Rinalon E.*

[Read full review](https://www.g2.com/survey_responses/softspell-review-12770083)

---

**"[SoftSpell Speeds Development with Versatile AI Coding and Robust IDE Integration](https://www.g2.com/survey_responses/softspell-review-12844001)"**

**Rating:** 4.5/5.0 stars
*— Luciana S.*

[Read full review](https://www.g2.com/survey_responses/softspell-review-12844001)

---



### 7. [CAST Imaging](https://www.g2.com/products/cast-imaging/reviews)
CAST Imaging helps software architects and AI agents understand, change, and modernize applications. It automatically reverse-engineers all database structures, code components, and interdependencies in any custom-built applications. CAST Imaging deterministically maps the entire system – architecture, dependencies, data access, and tech debt. It provides interactive and accurate architecture blueprints, zoomable to the tiniest details. as well as data call graphs and end-to-end transaction views. All this in a lightweight web UI with the ability for teams to collaborate by adding their own knowledge and sharing insights. A built-in MCP server streams this precise application architectural context to AI agents which can generate consistent, accurate, and safe code changes. Businesses move faster using CAST technology to understand, improve, and transform their software. Through semantic analysis of source code, CAST produces 3D maps and dashboards to navigate inside individual applications and across entire portfolios. This intelligence empowers executives and technology leaders to steer, speed, and report on initiatives such as technical debt, GenAI, modernization, and cloud. As the pioneer of the software intelligence field, CAST is trusted by the world’s leading companies and governments, their consultancies and cloud providers. See it all at castsoftware.com.


**Average Rating:** 4.6/5.0
**Total Reviews:** 36
**How Do G2 Users Rate CAST Imaging?**

- **Has the product been a good partner in doing business?:** 8.4/10 (Category avg: 8.7/10)
- **Ease of Admin:** 7.5/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.2/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind CAST Imaging?**

- **Seller:** [CAST](https://www.g2.com/sellers/cast)
- **Company Website:** https://www.castsoftware.com
- **Year Founded:** 1990
- **HQ Location:** New York
- **Twitter:** @SW_Intelligence (1,887 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cast/ (1,264 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Financial Services
- **Company Size:** 53% Enterprise, 28% Small-Business



#### What Are Recent G2 Reviews of CAST Imaging?

**"[Engineering Dashboard Boosts Code Quality](https://www.g2.com/survey_responses/cast-imaging-review-13075743)"**

**Rating:** 4.5/5.0 stars
*— Vinsensius Samuel H.*

[Read full review](https://www.g2.com/survey_responses/cast-imaging-review-13075743)

---

**"[CAST Imaging Turns Complex Apps into an Intuitive, High-Performance Visual Map](https://www.g2.com/survey_responses/cast-imaging-review-13101049)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Maritime*

[Read full review](https://www.g2.com/survey_responses/cast-imaging-review-13101049)

---


#### What Are G2 Users Discussing About CAST Imaging?

- [What is CAST Imaging used for?](https://www.g2.com/discussions/what-is-cast-imaging-used-for) - 1 comment, 1 upvote

### 8. [ReSharper C++](https://www.g2.com/products/resharper-c/reviews)
ReSharper C++ is a productivity extension for developing in C and C++ that fully integrates with Microsoft Visual Studio. It helps developers create efficient and correct code in modern C++ by providing safe refactorings, fast navigation, and code analysis for the trickiest aspects of the language. It also offers support for HLSL shaders, the C++/CLI specifications, and Unreal Engine code.


**Average Rating:** 4.6/5.0
**Total Reviews:** 20
**How Do G2 Users Rate ReSharper C++?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.7/10)
- **Ease of Admin:** 7.5/10 (Category avg: 8.5/10)
- **Ease of Use:** 9.6/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 3.3/10 (Category avg: 10/10)

**Who Is the Company Behind ReSharper C++?**

- **Seller:** [JetBrains](https://www.g2.com/sellers/jetbrains)
- **Year Founded:** 2000
- **HQ Location:** Prague
- **Twitter:** @jetbrains (213,126 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/12515/ (2,941 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 55% Small-Business, 35% Enterprise



#### What Are Recent G2 Reviews of ReSharper C++?

**"[Detects Every Syntax Error with Consistent, Proper Indentation](https://www.g2.com/survey_responses/resharper-c-review-13051310)"**

**Rating:** 5.0/5.0 stars
*— Megh D.*

[Read full review](https://www.g2.com/survey_responses/resharper-c-review-13051310)

---

**"[Insightful AI Coding Features Make It Perfect](https://www.g2.com/survey_responses/resharper-c-review-12205837)"**

**Rating:** 5.0/5.0 stars
*— Antawn S.*

[Read full review](https://www.g2.com/survey_responses/resharper-c-review-12205837)

---


#### What Are G2 Users Discussing About ReSharper C++?

- [What is ReSharper C++ used for?](https://www.g2.com/discussions/what-is-resharper-c-used-for)

### 9. [OpenText Static Application Security Testing](https://www.g2.com/products/opentext-static-application-security-testing/reviews)
OpenText™ Static Application Security Testing (SAST) is a comprehensive solution designed to identify and remediate security vulnerabilities within an application&#39;s source code during the early stages of development. By analyzing code from the &quot;inside out,&quot; SAST provides immediate feedback to developers, enabling them to address security issues promptly and effectively. Key Features and Functionality: - Extensive Language Support: Supports over 33 programming languages and more than 1,400 vulnerability categories, ensuring broad applicability across various development environments. - Integration with Development Tools: Seamlessly integrates with popular Integrated Development Environments (IDEs) such as Eclipse, Visual Studio, and JetBrains, as well as Continuous Integration/Continuous Deployment (CI/CD) tools like Jenkins and Bamboo, facilitating a smooth incorporation into existing workflows. - Scalable Deployment Options: Offers flexible deployment models, including on-premises, cloud-based, and Software as a Service (SaaS) solutions, allowing organizations to choose the setup that best fits their needs. - Advanced Analysis Capabilities: Utilizes multiple algorithms and an expansive knowledge base of secure coding rules to perform thorough code analysis, pinpointing the root causes of vulnerabilities and providing detailed remediation guidance. Primary Value and Problem Solved: OpenText SAST empowers organizations to proactively manage application security by detecting and addressing vulnerabilities early in the Software Development Life Cycle (SDLC). This proactive approach reduces the risk of security breaches, minimizes the cost and effort associated with late-stage remediation, and enhances the overall security posture of applications. By integrating security testing into the development process, OpenText SAST helps developers create more secure code, leading to robust and reliable software products.


**Average Rating:** 4.5/5.0
**Total Reviews:** 21
**How Do G2 Users Rate OpenText Static Application Security Testing?**

- **Has the product been a good partner in doing business?:** 8.5/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.1/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.7/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind OpenText Static Application Security Testing?**

- **Seller:** [OpenText](https://www.g2.com/sellers/opentext)
- **Year Founded:** 1991
- **HQ Location:** Waterloo, ON
- **Twitter:** @OpenText (21,565 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2709/ (23,048 employees on LinkedIn®)
- **Ownership:** NASDAQ:OTEX

**Who Uses This Product?**
- **Top Industries:** Banking, Financial Services
- **Company Size:** 50% Enterprise, 29% Small-Business


#### What Are OpenText Static Application Security Testing's Pros and Cons?

**Pros:**

- Easy Integrations (1 reviews)
- Integrations (1 reviews)
- Integration Support (1 reviews)

**Cons:**

- False Positives (1 reviews)


### What Do G2 Reviewers Say About OpenText Static Application Security Testing?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **easy integrations** of OpenText Static Application Security Testing, enhancing compatibility with various third-party tools.
- Users value the **extensive integration capabilities** of OpenText Static Application Security Testing with various third-party tools.
- Users value the **extensive integration support** of OpenText Static Application Security Testing with numerous third-party tools.

**Cons:**

- Users frequently experience **false positives** , which can be managed by utilizing the ignore feature for better scans.

#### What Are Recent G2 Reviews of OpenText Static Application Security Testing?

**"[Fortify Static Code Analyzer (SCA)](https://www.g2.com/survey_responses/opentext-static-application-security-testing-review-10770814)"**

**Rating:** 4.0/5.0 stars
*— Lokesh T.*

[Read full review](https://www.g2.com/survey_responses/opentext-static-application-security-testing-review-10770814)

---

**"[Efficient and easy to use Code Analyzer](https://www.g2.com/survey_responses/opentext-static-application-security-testing-review-7271508)"**

**Rating:** 4.5/5.0 stars
*— Nav N.*

[Read full review](https://www.g2.com/survey_responses/opentext-static-application-security-testing-review-7271508)

---


#### What Are G2 Users Discussing About OpenText Static Application Security Testing?

- [What is Fortify Static Code Analyzer used for?](https://www.g2.com/discussions/what-is-fortify-static-code-analyzer-used-for)
- [What tools does fortify include?](https://www.g2.com/discussions/what-tools-does-fortify-include)
- [What are the main components of Fortify?](https://www.g2.com/discussions/fortify-static-code-analyzer-what-are-the-main-components-of-fortify) - 1 comment
- [What is Fortify software used for?](https://www.g2.com/discussions/fortify-static-code-analyzer-what-is-fortify-software-used-for)
- [What is Micro Focus Fortify static code analyzer?](https://www.g2.com/discussions/what-is-micro-focus-fortify-static-code-analyzer)

### 10. [CodeScene](https://www.g2.com/products/codescene/reviews)
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality. We enable software development teams to make confident, data-driven decisions that fuel performance and developer productivity. CodeScene guides developers and technical leaders to: - Get a holistic overview and evolution of your software system in one single dashboard. - Identify, prioritize, and tackle technical debt based on return on investment. - Maintain a healthy codebase with powerful CodeHealth™ Metrics, spend less time on rework and more time on innovation. - Seamlessly integrate with Pull Requests and editors, get actionable code reviews and refactoring recommendations. - Set Improvement goals and quality gates for teams to work towards while monitoring the progress. - Support retrospectives by identifying areas for improvement. - Benchmark performance against personalized trends. - Understand the social side of the code, measure socio-technical factors like key personnel dependencies, knowledge sharing and inter-team coordination. - Put findings into context based on how your organization and your code evolves. Supporting 28+ programming languages, CodeScene offers an automated integration with GitHub, BitBucket, Azure DevOps or GitLab pull requests to incorporate the analysis results into existing delivery workflows. Get early warnings and recommendations about complex code before merging it to the main branch, set quality gates to trigger in case your code health declines.


**Average Rating:** 4.6/5.0
**Total Reviews:** 39
**How Do G2 Users Rate CodeScene?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.6/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.1/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind CodeScene?**

- **Seller:** [CodeScene AB](https://www.g2.com/sellers/codescene-ab)
- **Company Website:** https://www.codescene.com
- **Year Founded:** 2015
- **HQ Location:** Malmö, SE
- **Twitter:** @codescene (1,239 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/codescene/ (32 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 41% Mid-Market, 36% Small-Business


#### What Are CodeScene's Pros and Cons?

**Pros:**

- Features (8 reviews)
- Issue Identification (7 reviews)
- Code Quality (6 reviews)
- Customer Support (5 reviews)
- Improvement (5 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Difficult Learning (3 reviews)
- Difficulty for Beginners (3 reviews)
- Learning Difficulty (3 reviews)
- Difficult Configuration (2 reviews)


### What Do G2 Reviewers Say About CodeScene?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value CodeScene&#39;s **knowledge base feature** and excellent visualizations, enhancing team understanding and prioritization.
- Users value the **effective issue identification** capabilities of CodeScene, enhancing team knowledge and improving code quality.
- Users commend CodeScene for its ability to provide **actionable insights on code quality** , significantly enhancing maintainability and decision-making.
- Users praise CodeScene&#39;s **fast and helpful customer support** , ensuring quick resolutions and assistance when needed.
- Users value the **actionable insights** from CodeScene, which significantly enhance code health and team decision-making.

**Cons:**

- Users experience **integration issues** with CodeScene, particularly with firewall and proxy settings affecting usability.
- Users find the **difficult learning** curve of CodeScene challenging, especially with advanced features and large codebases.
- Users find the **onboarding experience difficult for beginners** , as advanced features may overwhelm without proper guidance.
- Users note a **steep learning curve** with CodeScene, particularly for those unfamiliar with its advanced features and terminology.
- Users find the **difficult configuration** of CodeScene a hurdle, impacting adoption and daily usage by teams.

#### What Are Recent G2 Reviews of CodeScene?

**"[Impactful code quality mesurements](https://www.g2.com/survey_responses/codescene-review-11656380)"**

**Rating:** 4.5/5.0 stars
*— Yossi Z.*

[Read full review](https://www.g2.com/survey_responses/codescene-review-11656380)

---

**"[CodeScene Delivers Smart, Actionable Insights Beyond Static Analysis](https://www.g2.com/survey_responses/codescene-review-11658139)"**

**Rating:** 4.5/5.0 stars
*— Saravana K.*

[Read full review](https://www.g2.com/survey_responses/codescene-review-11658139)

---



### 11. [Mend.io](https://www.g2.com/products/mend-io/reviews)
Modern risk doesn&#39;t live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster.


**Average Rating:** 4.3/5.0
**Total Reviews:** 109
**How Do G2 Users Rate Mend.io?**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.2/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.3/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Mend.io?**

- **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b)
- **Company Website:** https://mend.io
- **Year Founded:** 2011
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @Mend_io (11,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (257 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Small-Business, 34% Mid-Market


#### What Are Mend.io's Pros and Cons?

**Pros:**

- Scanning Efficiency (8 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (6 reviews)
- Scanning Technology (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Integration Issues (6 reviews)
- Limited Features (3 reviews)
- Missing Features (3 reviews)
- Complex Implementation (2 reviews)
- Confusing Interface (2 reviews)


### What Do G2 Reviewers Say About Mend.io?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **scanning efficiency** of Mend.io, enabling quick and accurate scans across numerous repositories seamlessly.
- Users appreciate the **ease of use** of Mend.io, praising its seamless integration and simple navigation for vulnerability detection.
- Users value the **easy integrations** with CI/CD systems, enabling efficient scanning and streamlined workflows across repositories.
- Users value the **quick and accurate scanning** capabilities of Mend.io, enhancing their development workflow significantly.
- Users appreciate the **automated vulnerability detection** of Mend.io, enhancing early identification and resolution within their CI/CD pipelines.

**Cons:**

- Users find **integration issues** with Mend.io, particularly with on-premise tools like Jira, to be quite challenging.
- Users note the **limited features** of Mend.io, requiring custom tools and workarounds for efficient integration and functionality.
- Users find the **missing features** in Mend.io limit functionality, requiring workarounds for CI/CD integration and scanning.
- Users face **complex implementation** challenges, including many false positives and issues with integration and scanner updates.
- Users find the **interface confusing** , having to navigate between different portals for SAST and SCA products.

#### What Are Recent G2 Reviews of Mend.io?

**"[Great Tool for Managing 3rd party libraries](https://www.g2.com/survey_responses/mend-io-review-6728890)"**

**Rating:** 4.5/5.0 stars
*— Johannes B.*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-6728890)

---

**"[Effortless Integration with Budget-Friendly Scanning](https://www.g2.com/survey_responses/mend-io-review-4261734)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-4261734)

---


#### What Are G2 Users Discussing About Mend.io?

- [What is your experience regarding pricing and costs for Mend.io, and how does it compare to other open-source security solutions?](https://www.g2.com/discussions/what-is-your-experience-regarding-pricing-and-costs-for-mend-io-and-how-does-it-compare-to-other-open-source-security-solutions)
- [What is Mend (formerly WhiteSource) used for?](https://www.g2.com/discussions/what-is-mend-formerly-whitesource-used-for)
- [What is white Source bolt?](https://www.g2.com/discussions/what-is-white-source-bolt)
- [What are SCA tools?](https://www.g2.com/discussions/what-are-sca-tools)
- [What is software composition analysis SCA?](https://www.g2.com/discussions/what-is-software-composition-analysis-sca)

### 12. [Kiuwan Code Security &amp; Insights](https://www.g2.com/products/kiuwan-code-security-insights/reviews)
Fast, Flexible Code Security! Kiuwan is a robust, end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify and remediate vulnerabilities. By integrating seamlessly into your CI/CD pipeline, Kiuwan enables early detection and remediation of security issues. Kiuwan supports strict compliance with industry standards including OWASP, CWE, MISRA, NIST, PCI DSS, and CERT, among others. Top features: ✅ Extensive language support: Over 30 programming languages. ✅ Detailed action plans: Prioritize remediation with tailored action plans. ✅ Code Security: Seamless Static Application Security Testing (SAST) integration. ✅ Insights: On-demand or continuous scanning Software Composition Analysis (SCA) to help reduce third-party threats. ✅ One-click Software Bill of Materials (SBOM) generation. Kiuwan is now part of Sembi - a global portfolio of market-leading software brands focused on software quality, security, and developer productivity. Code Smarter. Secure Faster. Ship Sooner


**Average Rating:** 4.5/5.0
**Total Reviews:** 29
**How Do G2 Users Rate Kiuwan Code Security &amp; Insights?**

- **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.7/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.5/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Kiuwan Code Security &amp; Insights?**

- **Seller:** [Sembi](https://www.g2.com/sellers/sembi)
- **Year Founded:** 2023
- **HQ Location:** Austin, US
- **LinkedIn® Page:** https://www.linkedin.com/company/sembi-inc/ (94 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Banking
- **Company Size:** 41% Enterprise, 35% Mid-Market


#### What Are Kiuwan Code Security &amp; Insights's Pros and Cons?

**Pros:**

- Accuracy (2 reviews)
- Accuracy of Findings (2 reviews)
- Customer Support (2 reviews)
- Ease of Use (2 reviews)
- Automation Testing (1 reviews)



### What Do G2 Reviewers Say About Kiuwan Code Security &amp; Insights?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy** of Kiuwan Code Security &amp; Insights, enhancing confidence in their code analysis results.
- Users value the **accuracy of findings** from Kiuwan, enhancing their confidence in code security assessments.
- Users appreciate the **efficient customer support** from Kiuwan, enhancing their overall satisfaction and confidence in the product.
- Users find Kiuwan Code Security &amp; Insights to have a **user-friendly interface** , making it simple and effective to navigate.
- Users appreciate the **user-friendly interface and robust reporting** of Kiuwan Code Security &amp; Insights, enhancing their coding experience.


#### What Are Recent G2 Reviews of Kiuwan Code Security &amp; Insights?

**"[Elevated our software security to the next level. Improved our code quality.](https://www.g2.com/survey_responses/kiuwan-code-security-insights-review-11651809)"**

**Rating:** 5.0/5.0 stars
*— Abdullah Enes K.*

[Read full review](https://www.g2.com/survey_responses/kiuwan-code-security-insights-review-11651809)

---

**"[Impeccable Security and Code Analysis, with Potential for Improvement in Customization](https://www.g2.com/survey_responses/kiuwan-code-security-insights-review-12676887)"**

**Rating:** 5.0/5.0 stars
*— Abelardo I.*

[Read full review](https://www.g2.com/survey_responses/kiuwan-code-security-insights-review-12676887)

---



### 13. [Codacy](https://www.g2.com/products/codacy/reviews)
Codacy is the code quality and security platform for AI-assisted engineering teams. AI is now embedded through the engineering workflow, which has made teams faster, but also adds risk to everything they ship. Codacy helps AI-assisted teams ship high-quality, secure code across the full software development lifecycle, starting in the agent and editor, through pull requests in Git, and into containers and runtime security. At each stage we check for quality issues, security vulnerabilities and AI coding risk introduced into the codebase, and help devs and agent fix them effortlessly. A team&#39;s standards become automated guardrails that apply across every IDE, AI coding agent, and Pull Request. More than 250,000 developers rely on Codacy to keep quality and security stable as AI changes how software gets built. Add your repo and get your free scan report in minutes: https://codacy.com


**Average Rating:** 4.6/5.0
**Total Reviews:** 29
**How Do G2 Users Rate Codacy?**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.9/10 (Category avg: 8.5/10)
- **Ease of Use:** 9.1/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Codacy?**

- **Seller:** [Codacy](https://www.g2.com/sellers/codacy)
- **Year Founded:** 2012
- **HQ Location:** Lisbon, Lisboa
- **Twitter:** @codacy (5,002 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/3310124/ (69 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 59% Small-Business, 24% Mid-Market


#### What Are Codacy's Pros and Cons?

**Pros:**

- Security (2 reviews)
- Automation (1 reviews)
- Automation Testing (1 reviews)
- Code Quality (1 reviews)
- Customer Support (1 reviews)

**Cons:**

- Expensive (1 reviews)


### What Do G2 Reviewers Say About Codacy?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **robust security dashboard** and automated features of Codacy, enhancing code safety and quality management.
- Users appreciate the **integrated automation** of Codacy, which simplifies and enhances the development process seamlessly.
- Users value the **integrated automation testing** of Codacy, appreciating its ease of use and code quality maintenance.
- Users appreciate the **high code quality** maintained by Codacy through integrated automation and effective static code analysis.
- Users appreciate the **helpful and responsive customer support** of Codacy, enhancing their overall experience with the tool.

**Cons:**

- Users find Codacy **a bit expensive** at $19/month, particularly impacting smaller organizations&#39; budgets.

#### What Are Recent G2 Reviews of Codacy?

**"[Codacy is a security must-have tool in our company](https://www.g2.com/survey_responses/codacy-review-10264506)"**

**Rating:** 5.0/5.0 stars
*— David M.*

[Read full review](https://www.g2.com/survey_responses/codacy-review-10264506)

---

**"[Easy GitHub &amp; CI/CD Integration That Catches Bugs Before Production](https://www.g2.com/survey_responses/codacy-review-12739228)"**

**Rating:** 4.5/5.0 stars
*— Arjun M.*

[Read full review](https://www.g2.com/survey_responses/codacy-review-12739228)

---



### 14. [Coverity](https://www.g2.com/products/coverity/reviews)
Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards.


**Average Rating:** 4.2/5.0
**Total Reviews:** 55
**How Do G2 Users Rate Coverity?**

- **Has the product been a good partner in doing business?:** 8.1/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.2/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.4/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Coverity?**

- **Seller:** [Synopsys](https://www.g2.com/sellers/synopsys-53e76f66-bf39-4c28-b0f2-97178ec8ddfd)
- **Year Founded:** 1986
- **HQ Location:** Mountain View, CA
- **Twitter:** @synopsys (24,435 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2457/ (27,920 employees on LinkedIn®)
- **Ownership:** NASDAQ:SNPS

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 65% Enterprise, 27% Mid-Market



#### What Are Recent G2 Reviews of Coverity?

**"[Optimized code with Coverity tool](https://www.g2.com/survey_responses/coverity-review-5148747)"**

**Rating:** 5.0/5.0 stars
*— Deepti S.*

[Read full review](https://www.g2.com/survey_responses/coverity-review-5148747)

---

**"[Tool which is the best for the static analysis](https://www.g2.com/survey_responses/coverity-review-5051134)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/coverity-review-5051134)

---


#### What Are G2 Users Discussing About Coverity?

- [What is Coverity used for?](https://www.g2.com/discussions/what-is-coverity-used-for)
- [What is coverity connect?](https://www.g2.com/discussions/what-is-coverity-connect)
- [How does Coverity Static Analysis work?](https://www.g2.com/discussions/how-does-coverity-static-analysis-work)
- [What is Coverity report?](https://www.g2.com/discussions/what-is-coverity-report)
- [What is Coverity software?](https://www.g2.com/discussions/what-is-coverity-software)

### 15. [Cyclopt Companion](https://www.g2.com/products/cyclopt-companion/reviews)
Cyclopt Companion is a code quality and security tool that helps developers ship secure, maintainable code with confidence, whether written by humans or AI. Built on the ISO 25010:2023 methodology, Companion analyzes every commit and flags coding violations, security vulnerabilities, code duplication, and maintainability issues in real time. You get instant feedback showing exactly how each commit changes your code quality, down to the precise file and line. Companion meets you where you already work. Connect the MCP Server to your AI coding assistant (Claude Code, GitHub Copilot, Open Code) so your agent can query analyzers and surface findings without leaving your environment. Install the IDE Plugin for VS Code or JetBrains to run analysis inside your editor, see issues inline, jump straight to the flagged line, and generate ready-to-use fix prompts. Optional automation analyzes files on save or immediately after AI edits, so quality and security issues in AI-generated code are caught the moment they occur. With Cyclopt Profile, developers track their growth across eight skill categories, earn badges, and build a shareable profile that reflects real coding ability. Companion integrates with GitHub, GitLab, Bitbucket, and Azure DevOps, as well as Slack, Teams, and Discord. Setup takes under five minutes with no credit card required, making it an ideal fit for developers, freelancers, and engineering teams who want to reduce technical debt and ship reliable software faster.


**Average Rating:** 4.6/5.0
**Total Reviews:** 13
**How Do G2 Users Rate Cyclopt Companion?**

- **Ease of Use:** 8.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Cyclopt Companion?**

- **Seller:** [Cyclopt](https://www.g2.com/sellers/cyclopt)
- **Company Website:** https://www.cyclopt.com/
- **Year Founded:** 2017
- **HQ Location:** Pylaia, GR
- **LinkedIn® Page:** https://www.linkedin.com/company/cyclopt (12 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 100% Small-Business


#### What Are Cyclopt Companion's Pros and Cons?

**Pros:**

- Features (4 reviews)
- Security (4 reviews)
- Code Quality (3 reviews)
- Issue Identification (3 reviews)
- Alert Notifications (2 reviews)

**Cons:**

- Difficult Learning (3 reviews)
- Learning Difficulty (2 reviews)
- Difficult Navigation (1 reviews)
- Difficulty for Beginners (1 reviews)
- Metrics Issues (1 reviews)


### What Do G2 Reviewers Say About Cyclopt Companion?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **intuitive guidance and insightful notifications** of Cyclopt Companion, enhancing their coding experience significantly.
- Users value the **strong focus on security** that Cyclopt Companion provides, enhancing their coding reliability and confidence.
- Users value the **actionable feedback** from Cyclopt Companion, enhancing their code quality effectively with clear metrics.
- Users find **issue identification** in Cyclopt Companion to be intuitive, enhancing code quality awareness and user experience.
- Users love the **real-time alert notifications** from Cyclopt Companion, ensuring they instantly know their commit impacts.

**Cons:**

- Users note a **difficult learning curve** due to complex metrics and software engineering concepts required for effective use.
- Users find the **learning difficulty** of Cyclopt Companion challenging due to its complex software engineering concepts.
- Users find **difficult navigation** due to information being too deeply buried within screens and menus.
- Users find it challenging due to **difficulties for beginners** , requiring them to independently navigate features.
- Users note a **steep learning curve for metrics** , as they require prior knowledge of software engineering principles to use effectively.

#### What Are Recent G2 Reviews of Cyclopt Companion?

**"[A reliable guardrail for code quality and security](https://www.g2.com/survey_responses/cyclopt-companion-review-12314745)"**

**Rating:** 5.0/5.0 stars
*— Matthieu  N.*

[Read full review](https://www.g2.com/survey_responses/cyclopt-companion-review-12314745)

---

**"[The Student/Junior Dev Angle](https://www.g2.com/survey_responses/cyclopt-companion-review-12275784)"**

**Rating:** 4.0/5.0 stars
*— Dimitris T.*

[Read full review](https://www.g2.com/survey_responses/cyclopt-companion-review-12275784)

---



### 16. [ReSharper](https://www.g2.com/products/resharper/reviews)
ReSharper is a renowned productivity tool that turns Microsoft Visual Studio into a much better IDE. Both individual .NET developers and teams rely on ReSharper to write and maintain code in a more manageable and enjoyable way, adopt the best coding practices, and deliver higher quality applications faster.


**Average Rating:** 4.5/5.0
**Total Reviews:** 83
**How Do G2 Users Rate ReSharper?**

- **Has the product been a good partner in doing business?:** 8.5/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.1/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.8/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind ReSharper?**

- **Seller:** [JetBrains](https://www.g2.com/sellers/jetbrains)
- **Year Founded:** 2000
- **HQ Location:** Prague
- **Twitter:** @jetbrains (213,126 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/12515/ (2,941 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Software Developer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 38% Mid-Market, 38% Small-Business



#### What Are Recent G2 Reviews of ReSharper?

**"[Extends your capabilities. Must have tool!](https://www.g2.com/survey_responses/resharper-review-9443303)"**

**Rating:** 4.5/5.0 stars
*— Rajat A.*

[Read full review](https://www.g2.com/survey_responses/resharper-review-9443303)

---

**"[Great Productivity tool for Programming](https://www.g2.com/survey_responses/resharper-review-9335129)"**

**Rating:** 4.0/5.0 stars
*— Dilan P.*

[Read full review](https://www.g2.com/survey_responses/resharper-review-9335129)

---


#### What Are G2 Users Discussing About ReSharper?

- [How has ReSharper impacted your code quality, and what features do you find most valuable?](https://www.g2.com/discussions/how-has-resharper-impacted-your-code-quality-and-what-features-do-you-find-most-valuable)
- [What is ReSharper used for?](https://www.g2.com/discussions/what-is-resharper-used-for)
- [Is ReSharper worth 2019?](https://www.g2.com/discussions/is-resharper-worth-2019)
- [Why is ReSharper so slow?](https://www.g2.com/discussions/why-is-resharper-so-slow)
- [Is there a free version of ReSharper?](https://www.g2.com/discussions/is-there-a-free-version-of-resharper)

### 17. [Closure Compiler](https://www.g2.com/products/closure-compiler/reviews)
The Closure Compiler is a tool for making JavaScript download and run faster. Instead of compiling from a source language to machine code, it compiles from JavaScript to better JavaScript.


**Average Rating:** 3.9/5.0
**Total Reviews:** 13
**How Do G2 Users Rate Closure Compiler?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.7/10)
- **Ease of Admin:** 10.0/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.2/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Closure Compiler?**

- **Seller:** [Google](https://www.g2.com/sellers/google)
- **Year Founded:** 1998
- **HQ Location:** Mountain View, CA
- **Twitter:** @google (31,899,995 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1441/ (341,888 employees on LinkedIn®)
- **Ownership:** NASDAQ:GOOG

**Who Uses This Product?**
- **Company Size:** 46% Small-Business, 38% Mid-Market



#### What Are Recent G2 Reviews of Closure Compiler?

**"[Best Efficent Compiler for JS](https://www.g2.com/survey_responses/closure-compiler-review-4850716)"**

**Rating:** 4.5/5.0 stars
*— Sanjay K.*

[Read full review](https://www.g2.com/survey_responses/closure-compiler-review-4850716)

---

**"[Well designed tool](https://www.g2.com/survey_responses/closure-compiler-review-4908172)"**

**Rating:** 5.0/5.0 stars
*— Nitya M.*

[Read full review](https://www.g2.com/survey_responses/closure-compiler-review-4908172)

---


#### What Are G2 Users Discussing About Closure Compiler?

- [Which of the following are the three compilation levels that can be applied to the JavaScript code to define the degree of compression and optimization required?](https://www.g2.com/discussions/which-of-the-following-are-the-three-compilation-levels-that-can-be-applied-to-the-javascript-code-to-define-the-degree-of-compression-and-optimization-required)
- [What is closure Google what is closure in JavaScript?](https://www.g2.com/discussions/what-is-closure-google-what-is-closure-in-javascript)
- [Who uses Closure Library?](https://www.g2.com/discussions/who-uses-closure-library)
- [How do you run a compiler closure?](https://www.g2.com/discussions/how-do-you-run-a-compiler-closure)

### 18. [ZeroPath](https://www.g2.com/products/zeropath/reviews)
ZeroPath (YC S24) is the first AI-native application security platform that fundamentally reimagines how organizations find and fix vulnerabilities. Unlike deterministic SAST tools that bolt AI onto legacy rule engines, ZeroPath was built from the ground up to combine large language models with advanced program analysis (AST, data flow, taint tracking) by Ex-Tesla Red Team and Google Security engineers. ZeroPath&#39;s core differentiation is detecting critical vulnerabilities that pattern-matching SAST fundamentally cannot find. It catches IDORs, authorization bypasses, race conditions, and authentication bugs by reasoning about application behavior and developer intent. This capability achieved a 92% alert reduction when triaging findings from legacy tools. ZeroPath is best suited for enterprises and startups that want a complete appsec experience with: AI-powered SAST across 16+ languages, SCA with exploitability analysis (90% noise reduction by determining if dependency CVEs are actually reachable in your code), secrets detection with validation, IaC scanning for Terraform/CloudFormation/Kubernetes, and natural language security policies. Context-aware autopatch generation fixes 70% of vulnerabilities automatically with framework-specific patches that match your coding standards. To keep the developer experience seamless, ZeroPath integrates into existing workflows with zero configuration. It provides Sub-60-second PR scans on GitHub, GitLab, Bitbucket, and Azure DevOps to provide instant security feedback without blocking development. Developers receive clear explanations, one-click fixes, and can refine patches using natural language commands directly in PR comments. The platform automatically attributes vulnerabilities to responsible developers and syncs bidirectionally with Jira, Linear, and more. Overall, less noise, along with the breadth of integrations, has already made security teams faster in triaging and finding real vulnerabilities. Having been security engineers ourselves, we also understand how important visibility is for the evaluations. ZeroPath users get executive dashboards with real-time MTTR tracking, automated compliance reporting for SOC2 and ISO27001, and risk-based prioritization using CVSS 4.0 scoring. The platform provides complete visibility across organizational repositories, including security models, authentication patterns, and filtering logic, without manual configuration. Our research team dogfeeds our own technology and has discovered CVE-2025-61928 (critical account takeover in better-auth with 300k+ weekly downloads), identified 170+ verified bugs in curl, found 7 vulnerabilities in django-allauth enabling account impersonation, and discovered 0-days in production systems at Netflix, Hulu, and Salesforce. Currently trusted by 750+ companies running 200k+ scans monthly, ZeroPath delivers what security-conscious engineering teams need: more real vulnerabilities, dramatically less noise, and automated fixes that actually work.


**Average Rating:** 4.5/5.0
**Total Reviews:** 11
**How Do G2 Users Rate ZeroPath?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 8.7/10)
- **Ease of Admin:** 9.4/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.5/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 0/10 (Category avg: 10/10)

**Who Is the Company Behind ZeroPath?**

- **Seller:** [ZeroPath](https://www.g2.com/sellers/zeropath)
- **Company Website:** https://zeropath.com
- **Year Founded:** 2024
- **HQ Location:** San Francisco, US
- **LinkedIn® Page:** https://www.linkedin.com/company/zeropathai/ (12 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 36% Small-Business, 27% Mid-Market


#### What Are ZeroPath's Pros and Cons?

**Pros:**

- Accuracy (6 reviews)
- Accuracy of Findings (6 reviews)
- Security (6 reviews)
- Vulnerability Detection (5 reviews)
- Vulnerability Identification (4 reviews)

**Cons:**

- Bug Issues (2 reviews)
- Bugs (2 reviews)
- Software Bugs (2 reviews)
- Cost Issues (1 reviews)
- Dashboard Issues (1 reviews)


### What Do G2 Reviewers Say About ZeroPath?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend ZeroPath for its **high accuracy** , consistently surfacing relevant issues with minimal false alarms.
- Users commend the **accuracy of findings** with ZeroPath, effectively identifying real security issues and minimizing false positives.
- Users value the **high accuracy and low false positive rate** of ZeroPath, effectively identifying real security issues.
- Users find **vulnerability detection** of ZeroPath to be accurate, effectively surfacing genuine security issues with low false positives.
- Users praise the **effective vulnerability identification** of ZeroPath, noting its accuracy and low false positive rate.

**Cons:**

- Users note **bug issues** in ZeroPath, but appreciate the team&#39;s quick response to resolve them.
- Users report encountering **small bugs** in ZeroPath, though the team addresses them promptly.
- Users experience **software bugs** with ZeroPath, although the team is quick to resolve them.
- Users find the **pricing to be unreasonable** for their organization&#39;s current budget and needs.
- Users report encountering **dashboard issues** due to bugs, though the support team is responsive in addressing them.

#### What Are Recent G2 Reviews of ZeroPath?

**"[ZeroPath: ease of use and results superior to the competition](https://www.g2.com/survey_responses/zeropath-review-12308821)"**

**Rating:** 4.0/5.0 stars
*— Maxime J.*

[Read full review](https://www.g2.com/survey_responses/zeropath-review-12308821)

---

**"[Accurate Source-to-Sink Analysis with Surprisingly Reliable Auto-Patches](https://www.g2.com/survey_responses/zeropath-review-12564698)"**

**Rating:** 5.0/5.0 stars
*— Rohit J.*

[Read full review](https://www.g2.com/survey_responses/zeropath-review-12564698)

---



### 19. [OpsPilot](https://www.g2.com/products/opspilot/reviews)
OpsPilot OpsPilot is an AI-powered observability and autonomous reliability platform with an AI Site Reliability Engineering (SRE) teammate that helps engineering and operations teams detect, understand, and resolve incidents faster — and increasingly prevent them from happening at all. Your 24/7 stack expert Modern production systems — microservices, distributed architectures, cloud and hybrid environments — generate enormous volumes of telemetry. Your existing tools surface that data. But they still leave engineers responsible for interpreting signals, finding root causes, and deciding what to do next. OpsPilot closes that gap. It continuously analyzes telemetry across your applications, infrastructure, and services — then tells your team what is happening, why it is happening, and what to do about it. From dashboards to autonomous reliability OpsPilot goes beyond alerting and visualization. It correlates signals across metrics, logs, traces, and deployment events to identify abnormal behavior, explain root causes, and guide teams toward faster resolution — dramatically reducing time spent on incident investigation and operational troubleshooting. Over time, it evolves from reactive investigation toward proactive and autonomous operations. Your AI SRE teammate OpsPilot acts as an AI SRE teammate — augmenting your operations team by answering the questions engineers face during incidents: What changed? Where is the failure occurring? Which service is responsible? What should we investigate next? Three core capabilities Observability — collects and correlates telemetry across metrics, logs, traces, JVM data, and application-level diagnostics for a complete picture of system behavior. Operational Intelligence — applies AI-driven analysis to surface what changed, what is causing the issue, which components are involved, and what actions may resolve it. Foundational capabilities include anomaly detection, alert reduction, telemetry correlation, and root cause analysis. Action and Automation — supports guided incident response, runbook generation, automated remediation, and continuous operational learning — moving teams progressively toward autonomous reliability. OpenTelemetry-native. No new agents required. OpsPilot ingests telemetry via OTLP over gRPC or HTTP — no proprietary agent required. It works with your existing OpenTelemetry instrumentation across Kubernetes, microservices, cloud services, and serverless platforms. Prometheus-compatible metrics, Loki log ingestion, and Jaeger/Zipkin trace formats are also supported. For teams needing deep JVM or ColdFusion diagnostics, the optional FusionReactor APM agent provides additional application-level telemetry. Built for DevOps, SRE, and platform engineering teams OpsPilot is designed for organizations running modern production systems that require high reliability and operational efficiency — particularly teams moving toward SRE or platform engineering models who need deeper operational insight without increasing headcount. Deployed as SaaS, hybrid, or agentless via OpenTelemetry.


**Average Rating:** 4.8/5.0
**Total Reviews:** 174
**How Do G2 Users Rate OpsPilot?**

- **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 8.7/10)
- **Ease of Admin:** 9.0/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.8/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind OpsPilot?**

- **Seller:** [Intergral](https://www.g2.com/sellers/intergral)
- **Company Website:** https://www.fusion-reactor.com/
- **Year Founded:** 1998
- **HQ Location:** Boeblingen, DE
- **Twitter:** @Fusion_Reactor (9,345 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/showcase/fusionreactor/

**Who Uses This Product?**
- **Who Uses This:** CTO, Developer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 61% Small-Business, 29% Mid-Market


#### What Are OpsPilot's Pros and Cons?

**Pros:**

- Ease of Use (10 reviews)
- Insights (8 reviews)
- Monitoring (8 reviews)
- Real-time Monitoring (7 reviews)
- Customer Support (6 reviews)

**Cons:**

- Learning Curve (4 reviews)
- Difficult Configuration (3 reviews)
- Learning Difficulty (3 reviews)
- Poor UI (3 reviews)
- Poor UI Design (3 reviews)


### What Do G2 Reviewers Say About OpsPilot?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of OpsPilot, enjoying straightforward setup and clear metrics for troubleshooting.
- Users find the **real-time web metrics** in OpsPilot invaluable for troubleshooting and improving app performance.
- Users value the **real-time monitoring** capabilities of OpsPilot, enhancing performance insights and troubleshooting efficiency.
- Users rave about the **real-time monitoring** capabilities of OpsPilot, enabling quick issue identification and enhanced performance optimization.
- Users praise the **responsive customer support** of OpsPilot, highlighting its friendliness and quick assistance during issues.

**Cons:**

- Users find the **learning curve challenging** , with complex configuration and settings that can be confusing at times.
- Users find the **difficult configuration** process challenging, often leading to missed insights or complex setup issues.
- Users face a **learning difficulty** with OpsPilot, finding setup and configuration complex at first but manageable later.
- Users find the **UI confusing** in OpsPilot, which detracts from the overall user experience despite ongoing improvements.
- Users find the **poor UI design** of OpsPilot confusing, impacting their overall user experience and efficiency.

#### What Are Recent G2 Reviews of OpsPilot?

**"[Ein echtes &quot;Must-Have&quot; für jeden Betreiber eines Anwendungsservers.](https://www.g2.com/survey_responses/opspilot-review-11664008)"**

**Rating:** 5.0/5.0 stars
*— René H.*

[Read full review](https://www.g2.com/survey_responses/opspilot-review-11664008)

---

**"[FusionReactor APM: Real-Time Memory Insights and Proactive Crash Protection](https://www.g2.com/survey_responses/opspilot-review-12399926)"**

**Rating:** 5.0/5.0 stars
*— Octavian C.*

[Read full review](https://www.g2.com/survey_responses/opspilot-review-12399926)

---


#### What Are G2 Users Discussing About OpsPilot?

- [What is FusionReactor APM used for?](https://www.g2.com/discussions/what-is-fusionreactor-apm-used-for)

### 20. [Babel](https://www.g2.com/products/babel/reviews)
Babel is a JavaScript compiler. It helps shape the future of the JavaScript language itself.


**Average Rating:** 4.5/5.0
**Total Reviews:** 20
**How Do G2 Users Rate Babel?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.0/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.8/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 3.3/10 (Category avg: 10/10)

**Who Is the Company Behind Babel?**

- **Seller:** [BABEL](https://www.g2.com/sellers/babel)
- **Year Founded:** 2012
- **HQ Location:** Paris, FR
- **LinkedIn® Page:** https://www.linkedin.com/company/3222552/ (127 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 48% Mid-Market, 43% Small-Business



#### What Are Recent G2 Reviews of Babel?

**"[A perfect tool to ensure cross-browser support for javascript scripts](https://www.g2.com/survey_responses/babel-review-5379444)"**

**Rating:** 5.0/5.0 stars
*— Sanket M.*

[Read full review](https://www.g2.com/survey_responses/babel-review-5379444)

---

**"[Use tomorrow&#39;s JavaScript features today](https://www.g2.com/survey_responses/babel-review-4401551)"**

**Rating:** 5.0/5.0 stars
*— Jacob H.*

[Read full review](https://www.g2.com/survey_responses/babel-review-4401551)

---


#### What Are G2 Users Discussing About Babel?

- [What is Babel used for?](https://www.g2.com/discussions/what-is-babel-used-for)

### 21. [OpenText Core Application Security](https://www.g2.com/products/opentext-core-application-security/reviews)
Fortify on Demand (FoD) is a complete Application Security as a Service solution. It offers an easy way to get started with the flexibility to scale. In addition to static and dynamic, Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management. False positives are removed for every test and test results can be manually reviewed by application security experts.


**Average Rating:** 4.1/5.0
**Total Reviews:** 34
**How Do G2 Users Rate OpenText Core Application Security?**

- **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.9/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.2/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind OpenText Core Application Security?**

- **Seller:** [OpenText](https://www.g2.com/sellers/opentext)
- **Year Founded:** 1991
- **HQ Location:** Waterloo, ON
- **Twitter:** @OpenText (21,565 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2709/ (23,048 employees on LinkedIn®)
- **Ownership:** NASDAQ:OTEX

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 41% Enterprise, 32% Small-Business



#### What Are Recent G2 Reviews of OpenText Core Application Security?

**"[Review of MicroFocus Application Defender](https://www.g2.com/survey_responses/opentext-core-application-security-review-8781016)"**

**Rating:** 4.5/5.0 stars
*— sohrab a.*

[Read full review](https://www.g2.com/survey_responses/opentext-core-application-security-review-8781016)

---

**"[Safe and Secured Barrier](https://www.g2.com/survey_responses/opentext-core-application-security-review-8819443)"**

**Rating:** 4.5/5.0 stars
*— Ajinkya M.*

[Read full review](https://www.g2.com/survey_responses/opentext-core-application-security-review-8819443)

---


#### What Are G2 Users Discussing About OpenText Core Application Security?

- [What are the main components of Fortify?](https://www.g2.com/discussions/micro-focus-fortify-on-demand-what-are-the-main-components-of-fortify)
- [How does Fortify on Demand work?](https://www.g2.com/discussions/how-does-fortify-on-demand-work)
- [What is Fortify software used for?](https://www.g2.com/discussions/micro-focus-fortify-on-demand-what-is-fortify-software-used-for)
- [What is Micro Focus Fortify on Demand?](https://www.g2.com/discussions/what-is-micro-focus-fortify-on-demand)

### 22. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews)
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps.


**Average Rating:** 3.8/5.0
**Total Reviews:** 25
**How Do G2 Users Rate Veracode Application Security Platform?**

- **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 8.7/10)
- **Ease of Admin:** 7.4/10 (Category avg: 8.5/10)
- **Ease of Use:** 7.3/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Veracode Application Security Platform?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (502 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 69% Enterprise, 31% Mid-Market


#### What Are Veracode Application Security Platform's Pros and Cons?

**Pros:**

- Security (5 reviews)
- Vulnerability Detection (5 reviews)
- Automated Scanning (3 reviews)
- Detection (3 reviews)
- Ease of Use (3 reviews)

**Cons:**

- Expensive (2 reviews)
- Lack of Information (2 reviews)
- Licensing Issues (2 reviews)
- Poor Customer Support (2 reviews)
- Pricing Issues (2 reviews)


### What Do G2 Reviewers Say About Veracode Application Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **effective security vulnerability identification** in Veracode, enhancing overall application security and adherence to best practices.
- Users value the **effective vulnerability detection** of Veracode, facilitating comprehensive security and streamlined development processes.
- Users value the **automated scanning** features of Veracode for effectively identifying and addressing security vulnerabilities.
- Users value the **robust detection capabilities** of Veracode, efficiently identifying vulnerabilities and enhancing application security.
- Users appreciate the **ease of use** of Veracode, as it streamlines integration and enhances security processes effectively.

**Cons:**

- Users find the platform **expensive** due to increasing costs and a complex licensing model that lacks justification.
- Users face a **lack of information** regarding feature availability and discrepancies between documentation and delivery.
- Users face **licensing issues** with increasing costs, complexity, and pressure from account executives, impacting overall satisfaction.
- Users experience **poor customer support** with Veracode, facing pressure, unmet promises, and complicated processes.
- Users find the **pricing issues** with Veracode challenging, citing increased costs and complex licensing that complicates usage.

#### What Are Recent G2 Reviews of Veracode Application Security Platform?

**"[Streamlined Security, Effortless Integration](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)"**

**Rating:** 5.0/5.0 stars
*— Bhanu Prakash M.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)

---

**"[Clear, Unified View of Application Capabilities](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)"**

**Rating:** 4.5/5.0 stars
*— Christopher S.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)

---


#### What Are G2 Users Discussing About Veracode Application Security Platform?

- [What is difference between veracode and SonarQube?](https://www.g2.com/discussions/what-is-difference-between-veracode-and-sonarqube)
- [What is veracode software composition analysis?](https://www.g2.com/discussions/what-is-veracode-software-composition-analysis)
- [What is veracode used for?](https://www.g2.com/discussions/what-is-veracode-used-for)
- [What is the veracode application security platform?](https://www.g2.com/discussions/what-is-the-veracode-application-security-platform)

### 23. [Klocwork](https://www.g2.com/products/klocwork/reviews)
Perforce Klocwork is an enterprise grade SAST solution for C, C++, C#, Rust, Java, JavaScript, Python, and Kotlin. It helps development teams detect security vulnerabilities, quality issues, and reliability defects early, while supporting compliance with industry and regulatory standards. Klocwork is purpose built to analyze very large, complex codebases and scales to hundreds of millions of lines of code, well beyond the practical limits of many traditional SAST tools. This makes it especially suited for organizations developing long lived, safety critical, or security critical systems. Designed for DevOps and DevSecOps, Klocwork integrates with complex build systems, CI/CD pipelines, cloud and containerized environments, and common developer tools—enabling consistent security and quality enforcement without slowing development. Static Application Security Testing (SAST) Klocwork identifies a wide range of security vulnerabilities, including SQL injection, tainted data flows, buffer overflows, and other insecure coding practices. It also detects bugs and quality issues such as null pointer dereferences, memory and resource leaks, uncaught exceptions, and code smells. The solution supports compliance with internationally recognized standards including CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961. Automated CI/CD integrations make continuous security testing practical even for very large systems. AI Assisted Code Remediation with MCP Klocwork extends static analysis with AI assisted code remediation, designed to help developers resolve findings faster and with greater confidence. Using MCP based capabilities, Klocwork securely exposes rich static analysis context—defect data, rule knowledge, and precise fix guidance—to supported AI code assist tools directly within the IDE. Rather than relying on generic AI suggestions, Klocwork’s remediation feature combines deep static analysis insights with comprehensive documentation and exact fix instructions, enabling AI assistants to propose accurate, context aware corrections for security vulnerabilities, quality defects, and coding standard violations. Fixes are presented as clear diffs and require developer review and approval, making the approach suitable for safety and security critical environments. By integrating remediation into the developer workflow, Klocwork reduces time spent interpreting analysis results, researching fixes, and switching between tools. Developers stay in their IDE, receive guided remediation aligned with secure coding standards and project specific rules, and can immediately re analyze code to validate fixes. This completes the optimal shift left approach—helping teams not only find issues early, but fix them efficiently and consistently. Project Streams and Enterprise Scalability Klocwork’s Project Streams feature simplifies managing shared codebases with multiple variants or branches. A single rule configuration can be applied across streams, issues common to multiple variants stay synchronized, and stream specific findings are clearly identified for reporting and compliance. Developer Focused and Centralized Klocwork integrates directly into popular IDEs to deliver fast, contextual feedback as developers write code. Out of the box compiler support eliminates manual setup, while centralized dashboards provide visibility into trends, risk, and compliance across projects of any size.


**Average Rating:** 4.4/5.0
**Total Reviews:** 22
**How Do G2 Users Rate Klocwork?**

- **Has the product been a good partner in doing business?:** 8.1/10 (Category avg: 8.7/10)
- **Ease of Admin:** 7.3/10 (Category avg: 8.5/10)
- **Ease of Use:** 7.9/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Klocwork?**

- **Seller:** [Perforce](https://www.g2.com/sellers/perforce)
- **Year Founded:** 1995
- **HQ Location:** Minneapolis, MN
- **Twitter:** @perforce (5,090 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/perforce/ (2,034 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 48% Mid-Market, 35% Small-Business



#### What Are Recent G2 Reviews of Klocwork?

**"[Klocwork Review](https://www.g2.com/survey_responses/klocwork-review-5201426)"**

**Rating:** 5.0/5.0 stars
*— April M.*

[Read full review](https://www.g2.com/survey_responses/klocwork-review-5201426)

---

**"[Klocwork is a very mature, robust and helpful static code analysis tool](https://www.g2.com/survey_responses/klocwork-review-5188829)"**

**Rating:** 5.0/5.0 stars
*— Chris W.*

[Read full review](https://www.g2.com/survey_responses/klocwork-review-5188829)

---



### 24. [Semmle](https://www.g2.com/products/semmle/reviews)
Semmle makes the management of software development easier than ever before. By giving you complete visibility \_ for every project, location, team, developer, timeframe and cost \_ Semmle is engineering intelligence at its most advanced.


**Average Rating:** 4.4/5.0
**Total Reviews:** 75
**How Do G2 Users Rate Semmle?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.8/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.6/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind Semmle?**

- **Seller:** [Semmle](https://www.g2.com/sellers/semmle)
- **Year Founded:** 2006
- **HQ Location:** San Francisco, California
- **Twitter:** @SemmleInc (1 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/458015/ (2 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 54% Small-Business, 36% Mid-Market



#### What Are Recent G2 Reviews of Semmle?

**"[Life saving increase in efficiency of software development by Semmle](https://www.g2.com/survey_responses/semmle-review-7020126)"**

**Rating:** 5.0/5.0 stars
*— Raghav A.*

[Read full review](https://www.g2.com/survey_responses/semmle-review-7020126)

---

**"[Semmle is truly a saviour and in all terms, the best dev-sec-ops tool out there!](https://www.g2.com/survey_responses/semmle-review-6982852)"**

**Rating:** 5.0/5.0 stars
*— Punit S.*

[Read full review](https://www.g2.com/survey_responses/semmle-review-6982852)

---



### 25. [CodeScan](https://www.g2.com/products/codescan/reviews)
CodeScan Shield addresses code quality, security, and compliance liabilities with two automated modules: CodeScan and OrgScan. CodeScan provides static code analysis for total visibility into code health from the moment it’s written through production. OrgScan governs organizational policies by enforcing the security and compliance rules mandated for your Salesforce environment. Together, they ensure the code that makes up your Salesforce environment and the way the environment is being utilized will always meet high standards. The result is strengthened data security, streamlined DevSecOps processes, and an assurance of meeting compliance standards—avoiding potentially thousands of dollars in fines and lost opportunities. CodeScan Shield protects your Salesforce org from both the inside and outside. CodeScan provides dashboards and reports for consistent code visibility, while also alerting developers the moment new errors are introduced. OrgScan analyzes Salesforce policies to ensure the organization remains compliant with client-mandated specifications and guidelines. Violations are flagged and recorded in an interactive dashboard. Progress is tracked for policy reviews. Collectively, these features ensure admins maintain governance control within their organization. CodeScan Shield is part of AutoRABIT’s complete DevSecOps platform. Enabling Salesforce DevOps teams with CodeScan Shield’s powerful technology produces high-quality, secure applications and updates at speed.


**Average Rating:** 4.6/5.0
**Total Reviews:** 30
**How Do G2 Users Rate CodeScan?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 8.7/10)
- **Ease of Admin:** 8.8/10 (Category avg: 8.5/10)
- **Ease of Use:** 8.6/10 (Category avg: 8.7/10)
- **What is your organization&#39;s estimated ROI on the product (payback period in months)?:** 10/10 (Category avg: 10/10)

**Who Is the Company Behind CodeScan?**

- **Seller:** [AutoRABIT](https://www.g2.com/sellers/autorabit)
- **Year Founded:** 2015
- **HQ Location:** San Francisco, US
- **Twitter:** @autorabit (1,245 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/6592119/ (283 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 44% Enterprise, 38% Mid-Market



#### What Are Recent G2 Reviews of CodeScan?

**"[CodeScan](https://www.g2.com/survey_responses/codescan-review-6745652)"**

**Rating:** 5.0/5.0 stars
*— Tyronica  O.*

[Read full review](https://www.g2.com/survey_responses/codescan-review-6745652)

---

**"[CodeScan effectively helps mitigating Salesforce metadata risks thanks to its splendid scan engines](https://www.g2.com/survey_responses/codescan-review-7131357)"**

**Rating:** 4.0/5.0 stars
*— Ramkumar N.*

[Read full review](https://www.g2.com/survey_responses/codescan-review-7131357)

---


#### What Are G2 Users Discussing About CodeScan?

- [What is CodeScan used for?](https://www.g2.com/discussions/what-is-codescan-used-for)


## What Is Static Code Analysis Tools?

[DevSecOps Software](https://www.g2.com/categories/devsecops)

## What Software Categories Are Similar to Static Code Analysis Tools?

- [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast)
- [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)
- [Secure Code Review Software](https://www.g2.com/categories/secure-code-review)


---

## How Do You Choose the Right Static Code Analysis Tools?

### What You Should Know About Static Code Analysis Software

### What is Static Code Analysis Software?

Static code analysis is a debugging and quality assurance method that inspects a computer program’s code without executing the program. Static code analysis software scans code to identify security vulnerabilities, catch bugs, and ensure the code adheres to industry standards. These tools help software developers automate the core aspects of program comprehension. Rather than manually combing through lines of code with visual inspection alone, developers and programmers can rely on static code analysis software’s automatic scans and alerts to gain deeper insight into their code. This automation decreases software developers overall workload and frees up resources by streamlining the debugging and quality assurance process.

Static code analysis software serves as an automated standardization check in many different development environments. A common concern among development teams is code readability—if developer A writes a chunk of code which is passed to developer B, that code must be comprehensible and easy to digest. Constantly checking code against the industry standard or even custom best practices, static code analysis software helps software developers keep their code consistent to improve team collaboration.

Ideally, static code analysis software does more than save developers time, it greatly enhances the quality of their debugging processes. Manual code inspection is both time-consuming and subject to human error. Oftentimes, developers don’t find bugs until they manifest themselves post-deployment. Static code analysis software helps find and alert developers to the existence of bugs months before they can manifest in a deployed application. Static code analysis software ensures cleaner, higher-quality releases by minimizing bugs and errors, enhancing cybersecurity, and promoting coding best practices.

Key Benefits of Static Code Analysis Software

- Fewer undetected bugs upon deployment
- Save software developers time and resources
- Minimize human error
- Facilitate best industry or custom practices
- Promote DevOps security by ensuring more secure applications

### Why Use Static Code Analysis Software?

**Reduced workload —** Since static code analysis software runs automated scans, developers are free to spend more time working on new code and less time combing through existing code. Static code analysis automatically hunts down and alerts users to bad code. This means that software developers don’t have to spend time and resources manually combing through lines and lines of code.

**Thorough debugging —** Software developers are all too familiar with bugs that don’t show themselves known until months, or even years after an application’s release. Often, finding bugs via manual code inspection relies on running the code and hoping an error reveals itself during quality assurance testing. However, with static code analysis software, developers can find and resolve bugs that would otherwise have been hidden in the code allowing for cleaner deployments and less issues down the line.

**Standardized best practices —** Beyond debugging, static code analysis software checks code against industry standard benchmarks for best practices. This standardized regulation keeps teams on the same page by ensuring that everyone’s code is clear and optimized. Additionally, some software allows users to customize best practices to fit the specifications of their company or department.

**Better security —** Static code analysis software is often capable of finding and alerting developers of security vulnerabilities in their code. Developers can prioritize cybersecurity thanks to static code analysis.

### What are the Common Features of Static Code Analysis Software?

**Integrated development environment (IDE) integration —** Most static code analysis software integrates with developers’ IDEs to provide a seamless solution within a pre-existing development environment. This integration means developers can continuously scan their code without interrupting their workflow.

**Timely alerts —** Because static code analysis software can scan code for bugs and vulnerabilities in a matter of seconds, developers receive timely alerts that help them enhance work efficiency. These timely alerts also help users react appropriately to bugs early on, saving them time and stress later.

**Recommendations —** Beyond alerting developers to code issues, static code analysis software generates actionable recommendations based on different errors or vulnerabilities that are detected. These suggestions give developer a starting point to resolve various problems, which saves time and mental energy.

Static Code Analysis Tools for Programming Languages and Features: [C#](https://www.g2.com/categories/static-code-analysis/f/c), [C/C++](https://www.g2.com/categories/static-code-analysis/f/c-c), [Java](https://www.g2.com/categories/static-code-analysis/f/java), [.NET](https://www.g2.com/categories/static-code-analysis/f/net), [PHP](https://www.g2.com/categories/static-code-analysis/f/php), [Python](https://www.g2.com/categories/static-code-analysis/f/python), [Ruby](https://www.g2.com/categories/static-code-analysis/f/ruby), [Salesforce](https://www.g2.com/categories/static-code-analysis/f/salesforce)

### Trends Related to Static Code Analysis Software

**DevOps —** DevOps refers to the marriage of development and IT operations management to make unified software development pipelines. Teams have implemented DevOps best practices to build, test, and release software. Static code analysis software’s seamless integration with IDE’s means it fits right in with any DevOps cycle.

**Cybersecurity —** Calls for standardized cybersecurity best practices as part of DevOps philosophy, often referred to as DevSecOps, have shifted the onus of responsibility for secure applications onto developers. Static code analysis software’s vulnerability detection functionality plays a necessary role in establishing secure DevOps practices.

### Software and Services Related to Static Code Analysis Software

[**Vulnerability scanner software**](https://www.g2.com/categories/vulnerability-scanner) **—** Vulnerability scanners constantly monitor applications and networks to identify security vulnerabilities. While static code analysis software often has the functionality to find vulnerabilities at the code level, vulnerability scanners are usually more robust. These tools scan full applications and networks then test them against known vulnerabilities. All of these functions help enhance cybersecurity.

[**Dynamic application security testing (DAST) software**](https://www.g2.com/categories/dynamic-application-security-testing-dast) **—** Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools run applications against simulated attacks and other cybersecurity scenarios using black-box testing, or testing performed outside of an application, as opposed to in-app solutions like static code analysis.

[**Software composition analysis (SCA) software**](https://www.g2.com/categories/software-composition-analysis) **—** Software composition analysis (SCA) software enables users to manage open-source and third-party components of their applications. SCA software scans an application’s components to verify licensing and compliance, assess vulnerabilities, and check for version updates. These tools serve as an essential component for any secure DevOps repertoire in addition to static code analysis software and other cybersecurity solutions.




