---
title: Semgrep Reviews
meta_title: 'Semgrep Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 56 reviews by the users' company size, role or industry to
  find out how Semgrep works for a business like yours.
aggregate_rating:
  rating_value: 4.6
  review_count: 56
  scale: '5'
date_modified: '2026-07-17'
parent_category:
  name: "DevSecOps\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t"
  url: https://www.g2.com/categories/devsecops
---

# Semgrep Reviews
**Vendor:** Semgrep  
**Category:** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)  
**Average Rating:** 4.6/5.0  
**Total Reviews:** 56
## About Semgrep
Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments.



## Semgrep Pros & Cons
**What users like:**

- Users value the **ease of use** of Semgrep, praising its intuitive syntax and smooth CI/CD integration. (16 reviews)
- Users appreciate the **intuitive pattern-matching syntax** of Semgrep, enabling effective custom rules for various programming languages. (14 reviews)
- Users appreciate Semgrep&#39;s **effective vulnerability detection** , enabling quick identification of security issues with low false positives. (13 reviews)
- Users value the **scanning efficiency** of Semgrep, benefiting from rapid scans and seamless CI/CD integration. (12 reviews)
- Users appreciate the **robust security features** of Semgrep, enabling effective identification and remediation of vulnerabilities effortlessly. (12 reviews)
- Users value the **fast performance** of Semgrep, allowing quick identification of security issues without slowing down development. (11 reviews)
- Users value the **automated scanning** capabilities of Semgrep, effectively identifying vulnerabilities early in development. (10 reviews)
- Users appreciate the **high accuracy of findings** in Semgrep, noting minimal false positives in analysis results. (9 reviews)
- Users appreciate the **easy customization and fun rule creation** with Semgrep, enhancing development efficiency and accuracy. (9 reviews)
- Easy Integrations (9 reviews)

**What users dislike:**

- Users find Semgrep **not user-friendly** , citing a steep learning curve and challenges in initial setup and customization. (7 reviews)
- Users note the **limited features** of Semgrep, making categorization and comprehensive analysis more challenging. (6 reviews)
- Users find the **difficult learning** curve for custom rules in Semgrep challenging, impacting new user experiences and efficiency. (5 reviews)
- Users face a **lack of guidance** in mastering rule creation and initial setup, impacting effective tool utilization. (5 reviews)
- Users find the **learning curve steep** for rule writing, especially for those new to static analysis tools. (5 reviews)
- Learning Difficulty (5 reviews)
- Users find the **missing features** in Semgrep limiting, requiring supplementary tools for comprehensive security coverage. (5 reviews)
- Users find **code management challenging** due to tricky setups and steep learning curves for custom rules. (4 reviews)
- False Positives (4 reviews)
- Setup Complexity (4 reviews)

## Semgrep Reviews
  ### 1. Effective, efficient and eng friendly scanner

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Insurance | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 14, 2022

**What do you like best about Semgrep?**

It's a super customizable, fast and effective tool to have as an inline scanner on the CI/CD pipeline.

**What do you dislike about Semgrep?**

Nothing really - support is amazing and while they are still early in developing their product suite, they are super receptive to feedback

**What problems is Semgrep solving and how is that benefiting you?**

Shifting security left in an Eng friendly way

  ### 2. Lightning fast SAST

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 08, 2022

**What do you like best about Semgrep?**

It runs super quickly and consistently produces some of the highest-quality and relevant findings I've seen when comparing against other options.

**What do you dislike about Semgrep?**

The web app could use some polish, but they're focused on rapid improvements.

**What problems is Semgrep solving and how is that benefiting you?**

Greater visibility into vulnerabilities in our code.

  ### 3. Extremely easy to setup and use resulting in immediate value.

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.)

**Reviewed Date:** December 08, 2022

**What do you like best about Semgrep?**

Very easy to set up and the time to value is very short.

**What do you dislike about Semgrep?**

I wish the rules had more information on remediation.

**What problems is Semgrep solving and how is that benefiting you?**

Providing static application security analysis with high quality scanning

  ### 4. I got a really great experience using Semgrep to fix most vulnerabilities I had with my repo.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** December 13, 2022

**What do you like best about Semgrep?**

1 - Security inforcment.
2 - Finding common bugs in code.

**What do you dislike about Semgrep?**

It was hard for to set it up with my GitHub repo, so things here can be improved for the future.

**What problems is Semgrep solving and how is that benefiting you?**

- Like mentioned above the ability to scan for bugs and vulnerabilities in my public repo is one of the benefits.
- CI/CD life improvement.
- Improving code security.

  ### 5. Semgrep review

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.)

**Reviewed Date:** December 08, 2022

**What do you like best about Semgrep?**

I love how customizable semgrep is in terms of identifying static as well as prod sec vulnerabilities

**What do you dislike about Semgrep?**

No standard set of error checks for static analysis atleast. Has to be customized

**What problems is Semgrep solving and how is that benefiting you?**

Detecting prod sec vulnerabilities as well as static errors

  ### 6. Semgrep suited us very well

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 09, 2022

**What do you like best about Semgrep?**

Easy integration and custom rules. The CLI makes it very easy to run tests locally.

**What do you dislike about Semgrep?**

The new UI is a little confusing and the filter addition is a little slow

**What problems is Semgrep solving and how is that benefiting you?**

Helped with our SAST program



- [View Semgrep pricing details and edition comparison](https://www.g2.com/products/semgrep/reviews?page=2&section=pricing&secure%5Bexpires_at%5D=2026-07-19+14%3A47%3A24+-0500&secure%5Bsession_id%5D=58b0b143-f935-49a6-96ea-6d5af5cbdcd5&secure%5Btoken%5D=55a32892d465ccc9c08afcea572001543b53e1e1ca3bbeb9d25894bd84e107e2&format=llm_user)
## Semgrep Integrations
  - [Azure DevOps Labs](https://www.g2.com/products/azure-devops-labs/reviews)
  - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews)
  - [Bitbucket](https://www.g2.com/products/bitbucket/reviews)
  - [Cursor](https://www.g2.com/products/cursor/reviews)
  - [Git](https://www.g2.com/products/git/reviews)
  - [GitHub](https://www.g2.com/products/github/reviews)
  - [Jira](https://www.g2.com/products/jira/reviews)
  - [Slack](https://www.g2.com/products/slack/reviews)
  - [Visual Studio Code](https://www.g2.com/products/visual-studio-code/reviews)

## Semgrep Features
**Administration**
- API / Integrations
- Extensibility

**Performance**
- Issue Tracking
- Detection Rate
- False Positives
- Automated Scans

**Functionality - Software Composition Analysis **
- Language Support
- Integration
- Transparency

**Documentation**
- Feedback
- Prioritization
- Remediation Suggestions

**Agentic AI - Static Code Analysis**
- Adaptive Learning
- Natural Language Interaction
- Proactive Assistance

**Performance - AI AppSec Assistants**
- Remediation
- Real-time Vulnerability Detection
- Accuracy

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Code Analysis

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Vulnerability Scan
- Code Analysis

**Network**
- Compliance Testing
- Perimeter Scanning
- Configuration Monitoring

**Effectiveness - Software Composition Analysis**
- Remediation Suggestions
- Continuous Monitoring
- Thorough Detection

**Security**
- False Positives
- Custom Compliance
- Agility

**Integration - AI AppSec Assistants**
- Stack Integration
- Workflow Integration
- Codebase Contextual Awareness

**Testing**
- Command-Line Tools
- Compliance Testing
- Black-Box Scanning
- Detection Rate
- False Positives

**Testing**
- Black-Box Scanning
- Detection Rate
- False Positives

**Application**
- Static Code Analysis
- Black Box Testing

**Agentic AI - Interactive Application Security Testing (IAST)**
- Autonomous Task Execution

**Agentic AI - Vulnerability Scanner**
- Autonomous Task Execution
- Proactive Assistance

**Agentic AI - Static Application Security Testing (SAST)**
- Autonomous Task Execution

## Top Semgrep Alternatives
  - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (152 reviews)
  - [Snyk](https://www.g2.com/products/snyk/reviews) - 4.5/5.0 (135 reviews)
  - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,315 reviews)

