Semgrep is one of the best tools I've used for securing applications. Since it was integrated into our DevSecOps workflow, it has been able to identify a large number of issues much earlier in the development process. Semgrep scans for potentially vulnerable packages or outdated software versions within the codebase and accurately identifies the relevant CVEs. It also provides clear information about the impact and suggests the appropriate remediation steps, so developers don't need to search online for solutions.
I've found it particularly effective at detecting hardcoded secrets, even those that other tools like Trufflehog might miss. Semgrep Supply Chain also does an excellent job of pinpointing vulnerable software versions.
Overall, I consider Semgrep essential for securing CI/CD pipelines in today's environment. Review collected by and hosted on G2.com.
Nothing as such. It works out very well with all functionalities. Review collected by and hosted on G2.com.
The reviewer uploaded a screenshot or submitted the review in-app verifying them as current user.
Validated through Google using a business email account
This reviewer was offered a nominal incentive as thanks for completing this review.
Invitation from a seller or affiliate. This reviewer was offered a nominal incentive as thanks for completing this review.
