---
title: ZeroPath Reviews
meta_title: 'ZeroPath Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 11 reviews by the users' company size, role or industry to
  find out how ZeroPath works for a business like yours.
aggregate_rating:
  rating_value: 4.5
  review_count: 11
  scale: '5'
date_modified: '2026-06-22'
parent_category:
  name: "DevSecOps\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t"
  url: https://www.g2.com/categories/devsecops
---

# ZeroPath Reviews
**Vendor:** ZeroPath  
**Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast)  
**Average Rating:** 4.5/5.0  
**Total Reviews:** 11
## About ZeroPath
ZeroPath (YC S24) is the first AI-native application security platform that fundamentally reimagines how organizations find and fix vulnerabilities. Unlike deterministic SAST tools that bolt AI onto legacy rule engines, ZeroPath was built from the ground up to combine large language models with advanced program analysis (AST, data flow, taint tracking) by Ex-Tesla Red Team and Google Security engineers. ZeroPath's core differentiation is detecting critical vulnerabilities that pattern-matching SAST fundamentally cannot find. It catches IDORs, authorization bypasses, race conditions, and authentication bugs by reasoning about application behavior and developer intent. This capability achieved a 92% alert reduction when triaging findings from legacy tools. ZeroPath is best suited for enterprises and startups that want a complete appsec experience with: AI-powered SAST across 16+ languages, SCA with exploitability analysis (90% noise reduction by determining if dependency CVEs are actually reachable in your code), secrets detection with validation, IaC scanning for Terraform/CloudFormation/Kubernetes, and natural language security policies. Context-aware autopatch generation fixes 70% of vulnerabilities automatically with framework-specific patches that match your coding standards. To keep the developer experience seamless, ZeroPath integrates into existing workflows with zero configuration. It provides Sub-60-second PR scans on GitHub, GitLab, Bitbucket, and Azure DevOps to provide instant security feedback without blocking development. Developers receive clear explanations, one-click fixes, and can refine patches using natural language commands directly in PR comments. The platform automatically attributes vulnerabilities to responsible developers and syncs bidirectionally with Jira, Linear, and more. Overall, less noise, along with the breadth of integrations, has already made security teams faster in triaging and finding real vulnerabilities. Having been security engineers ourselves, we also understand how important visibility is for the evaluations. ZeroPath users get executive dashboards with real-time MTTR tracking, automated compliance reporting for SOC2 and ISO27001, and risk-based prioritization using CVSS 4.0 scoring. The platform provides complete visibility across organizational repositories, including security models, authentication patterns, and filtering logic, without manual configuration. Our research team dogfeeds our own technology and has discovered CVE-2025-61928 (critical account takeover in better-auth with 300k+ weekly downloads), identified 170+ verified bugs in curl, found 7 vulnerabilities in django-allauth enabling account impersonation, and discovered 0-days in production systems at Netflix, Hulu, and Salesforce. Currently trusted by 750+ companies running 200k+ scans monthly, ZeroPath delivers what security-conscious engineering teams need: more real vulnerabilities, dramatically less noise, and automated fixes that actually work.



## ZeroPath Pros & Cons
**What users like:**

- Users commend ZeroPath for its **high accuracy** , effectively identifying real issues with minimal false alarms compared to competitors. (6 reviews)
- Users commend the **high accuracy of findings** from ZeroPath, effectively surfacing real issues with minimal false positives. (6 reviews)
- Users value the **high accuracy and low false positives** of ZeroPath, effectively identifying real security issues. (6 reviews)
- Users praise ZeroPath for its **high accuracy in vulnerability detection** , effectively surfacing real issues with low false positives. (5 reviews)
- Users praise ZeroPath for its **high accuracy in vulnerability identification** with minimal false alarms, enhancing their security efforts. (4 reviews)
- Customer Support (3 reviews)
- Ease of Use (3 reviews)
- Scanning Efficiency (3 reviews)
- Automated Scanning (2 reviews)
- CI (2 reviews)

**What users dislike:**

- Users notice **ongoing bug issues** in ZeroPath, though the team is responsive in addressing them promptly. (2 reviews)
- Users report experiencing **small bugs** with ZeroPath, though the team's quick fixes help mitigate frustration. (2 reviews)
- Users experience some **software bugs** , but the responsive team quickly addresses these issues as they arise. (2 reviews)
- Users find the **cost issues** of ZeroPath limiting and not viable for their organization's budget. (1 reviews)
- Users have faced **dashboard issues** , but the responsive team helps in quickly resolving these bugs. (1 reviews)
- Expensive (1 reviews)
- False Positives (1 reviews)
- Inaccuracy (1 reviews)
- Inefficient Scanning (1 reviews)
- Pricing Issues (1 reviews)

## ZeroPath Reviews
  ### 1. Accurate Source-to-Sink Analysis with Surprisingly Reliable Auto-Patches

**Rating:** 5.0/5.0 stars

**Reviewed by:** Rohit J. | Vice President of Engineering, Mid-Market (51-1000 emp.)

**Reviewed Date:** March 30, 2026

**What do you like best about ZeroPath?**

What stands out most about ZeroPath is how accurate its source-to-sink analysis is—it makes triaging much quicker. The auto-generated patches are also surprisingly reliable, and we’ve been able to merge most of them with little to no modification.

**What do you dislike about ZeroPath?**

The dashboard has a few rough edges, mostly minor UI issues. That said, the team is responsive and tends to fix things quickly when they’re reported.

**What problems is ZeroPath solving and how is that benefiting you?**

ZeroPath is helping us tackle application security more effectively by covering everything from AI-powered SAST and PR scanning to SCA and IaC in one place. We previously used Semgrep, but have fully switched over—mainly because the findings are more relevant, which saves us time, and the overall cost is lower than what we were paying before.

  ### 2. ZeroPath: ease of use and results superior to the competition

**Rating:** 4.0/5.0 stars

**Reviewed by:** Maxime J. | Ingénieur Cybersécurité, Small-Business (50 or fewer emp.)

**Reviewed Date:** February 04, 2026

**What do you like best about ZeroPath?**

ZeroPath is both very easy to use and demonstrates results far superior to market competitors (Fortify SAST, Checkmarx, Aikido Security, and QINA AI Security (CloudDefense)). ZeroPath includes an API, a CLI, and a web interface that are very easy to use and integrate with the vast majority of professional software.

**What do you dislike about ZeroPath?**

ZeroPath is a startup working on a very innovative subject that is not even mature in research yet, its only flaw is not being able to cover certain very specific cases of vulnerabilities.

**What problems is ZeroPath solving and how is that benefiting you?**

ZeroPath detects vulnerabilities in source code (whether application or operational) thanks to a detection engine powered by LLM. Thanks to this emerging technology, they rise above their competitors.

  ### 3. Precise Source-to-Sink Analysis and Effective Auto-Generated Patches

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Hospital & Health Care | Small-Business (50 or fewer emp.)

**Reviewed Date:** March 20, 2026

**What do you like best about ZeroPath?**

Their source-to-sink analysis is extremely precise, which speeds up triaging significantly. The auto-generated patches are effective as well, unlike those from other tools we've used, and we've been able to merge most of them with very few modifications

**What do you dislike about ZeroPath?**

The dashboard has a few minor UI quirks, but nothing serious. When I report an issue, they usually address it pretty quickly.

**What problems is ZeroPath solving and how is that benefiting you?**

We initially adopted their AI SAST and PR scanning, and later expanded to include SCA, IaC, and other features. We previously used Semgrep but fully transitioned last year. Since making the switch, the results have been more relevant, and the overall cost has been lower than what we were paying before.

  ### 4. High-Quality Findings with Smooth CI/CD Integration

**Rating:** 4.5/5.0 stars

**Reviewed by:** Kshitiz A. | Backend Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** February 11, 2026

**What do you like best about ZeroPath?**

The finding quality is significantly better than what we were getting from Semgrep, Snyk, and Aikido. It actually catches real vulnerabilities, and false positives are pretty low. CI/CD integration was smooth, and when we needed something custom for our stack, their team just built it for us.

**What do you dislike about ZeroPath?**

The product can seem to move fast. New features and changes ship frequently, so the UI/workflow shifts from time to time.

**What problems is ZeroPath solving and how is that benefiting you?**

We use ZeroPath for their SAST and SCA, both of which are significantly accelerating our security and dev team.

  ### 5. Accurate Findings, Seamless CI/CD Setup, and a Responsive Team

**Rating:** 4.0/5.0 stars

**Reviewed by:** Manisha A. | Relationship Manager, Small-Business (50 or fewer emp.)

**Reviewed Date:** February 26, 2026

**What do you like best about ZeroPath?**

Compared to Semgrep, Snyk, and Aikido, the results are far more accurate and actually surface real issues without drowning us in false alarms. The CI/CD setup was seamless, and whenever we needed something specific to our stack, their team quickly made it happen.

**What do you dislike about ZeroPath?**

UI keeps changing very fast since the product is changing rapidly.

**What problems is ZeroPath solving and how is that benefiting you?**

We use ZeroPath for SAST and SCA, and it helps our security and development teams move much faster.

  ### 6. Easy Setup, Powerful Vulnerability Detection, and Lightning-Fast Support

**Rating:** 5.0/5.0 stars

**Reviewed by:** Yaacov T. | CTO, Small-Business (50 or fewer emp.)

**Reviewed Date:** February 10, 2026

**What do you like best about ZeroPath?**

- Finds serious security vulnerabilities including business logic bugs that other scanners miss. 

- Extremely easy to use. Started working in like 4 clicks. Github integration is seamless and easy to set up. 

- Support is really really fast.

**What do you dislike about ZeroPath?**

- They still have quite a few small bugs, but the team fixes them quickly when they come up.

**What problems is ZeroPath solving and how is that benefiting you?**

Security for an 11-person engineering team.

  ### 7. ZeroPath takes care of everything with almost 0 false positives

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Financial Services

**Reviewed Date:** February 11, 2026

**What do you like best about ZeroPath?**

We've trialed a few other SAST tools (Semgrep, Aikido) and ZeroPath found the most critical stuff by a pretty wide margin. The detail it gives you on each finding is solid and the false positive rate has been pretty low for us, which makes a huge difference when trying to get engineers to actually fix these issues.

**What do you dislike about ZeroPath?**

Scan times can run a bit long, but once we figured out the scheduling scanning feature, it became a non-issue

**What problems is ZeroPath solving and how is that benefiting you?**

We're using it for code scanning and SCA, and it's benefiting us with compliance and time saved (less to review/noise)

  ### 8. Software security specialist

**Rating:** 4.5/5.0 stars

**Reviewed by:** Sébastien D. | Software security specialist, Mid-Market (51-1000 emp.)

**Reviewed Date:** February 05, 2026

**What do you like best about ZeroPath?**

Zeropath is surprisingly effective at identifying real security issues and has a much better signal to noise ratio compared to other SAST tools I have tried.

**What do you dislike about ZeroPath?**

The product is new and rapidly changing, we encountered some bugs with the dashboard. The Zeropath team was very responsive in fixing those issues.

**What problems is ZeroPath solving and how is that benefiting you?**

Zeropath helps with reviewing code for security issues. Automatic review on pull requests is beneficial because issues can be addressed while still working on changes which reduces the need for context switching and stops vulnerabilities from making it to production.

  ### 9. ZeroPath is surprisingly good improvement over old-fashioned SAST solutions

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Financial Services

**Reviewed Date:** January 19, 2026

**What do you like best about ZeroPath?**

This solution is particularly interesting as it provides an innovative approach to improving security baselines by overcoming some of the limitations of pure SAST tools. The customer experience is also positive, as they are open to feature requests and see feedback being taken on and addressed.

**What do you dislike about ZeroPath?**

In my opinion, the trade-off of working with a startup is that the product evolves rapidly and may encounter bugs. However, as a startup to startup, I actually take this positively, as it allows for a more seamless integration of the feedbacks.

**What problems is ZeroPath solving and how is that benefiting you?**

To establish an automated security baseline in specific applications, we evaluated various solutions, including traditional Static Application Security Testing (SAST), AI SAST, and a combination of both. Our analysis revealed that ZeroPath provided the most effective outcome, identifying vulnerabilities that were beyond the capabilities of traditional SAST solutions.

  ### 10. Excellent product with space to improve even more

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Retail | Enterprise (> 1000 emp.)

**Reviewed Date:** February 09, 2026

**What do you like best about ZeroPath?**

The scanning results are pretty good on business logic flaws

**What do you dislike about ZeroPath?**

The scanning result consistency - basically every time I did a scan I had diferent results

**What problems is ZeroPath solving and how is that benefiting you?**

Basically they are solving appsec problem when you have to deal with all false positives traditional tools have

  ### 11. Great replacement to traditional SAST & white-box pentests

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Computer & Network Security

**Reviewed Date:** February 10, 2026

**What do you like best about ZeroPath?**

Primarily just the findings. They are mostly legitimate and pretty easy to understand. Would have been difficult to find otherwise.

**What do you dislike about ZeroPath?**

Pricing doesn't make sense for my organization at the moment.

**What problems is ZeroPath solving and how is that benefiting you?**

General problems with normal SAST, hard to manage, too many false positives



- [View ZeroPath pricing details and edition comparison](https://www.g2.com/products/zeropath/reviews?section=pricing&secure%5Bexpires_at%5D=2026-06-22+15%3A30%3A33+-0500&secure%5Bsession_id%5D=68a41bb0-0109-45ab-8a1c-4ed015db3992&secure%5Btoken%5D=fb751d3c7bf44b38c41c95c7a94b4bb15ae0035aed94a9ed46677d04279fe5ca&format=llm_user)
## ZeroPath Integrations
  - [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
  - [Android Studio](https://www.g2.com/products/android-studio/reviews)
  - [Asana](https://www.g2.com/products/asana/reviews)
  - [Azure DevOps Server](https://www.g2.com/products/azure-devops-server/reviews)
  - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews)
  - [Bitbucket](https://www.g2.com/products/bitbucket/reviews)
  - [Cursor](https://www.g2.com/products/cursor/reviews)
  - [Delve](https://www.g2.com/products/delve-delve/reviews)
  - [GitHub](https://www.g2.com/products/github/reviews)
  - [GitLab](https://www.g2.com/products/gitlab/reviews)
  - [IntelliJ IDEA](https://www.g2.com/products/intellij-idea/reviews)
  - [Jira](https://www.g2.com/products/jira/reviews)
  - [Kotlin](https://www.g2.com/products/kotlin/reviews)
  - [Laravel](https://www.g2.com/products/laravel/reviews)
  - [Linear](https://www.g2.com/products/linear/reviews)
  - [Python](https://www.g2.com/products/python/reviews)
  - [Semgrep](https://www.g2.com/products/semgrep/reviews)
  - [Slack](https://www.g2.com/products/slack/reviews)
  - [Snyk](https://www.g2.com/products/snyk/reviews)
  - [SonarQube](https://www.g2.com/products/sonarqube/reviews)
  - [Sprinto](https://www.g2.com/products/sprinto-inc/reviews)
  - [TypeScript](https://www.g2.com/products/typescript/reviews)
  - [Visual Studio](https://www.g2.com/products/visual-studio/reviews)
  - [Visual Studio Code](https://www.g2.com/products/visual-studio-code/reviews)
  - [Windsurf](https://www.g2.com/products/exafunction-windsurf/reviews)

## ZeroPath Features
**Administration**
- API / Integrations
- Extensibility

**Performance**
- Issue Tracking
- Detection Rate
- False Positives
- Automated Scans

**Functionality - Software Composition Analysis **
- Language Support
- Integration
- Transparency

**Documentation**
- Feedback
- Prioritization
- Remediation Suggestions

**Security**
- Tampering
- Malicious Code
- Verification
- Security Risks

**Agentic AI - Static Code Analysis**
- Adaptive Learning
- Natural Language Interaction
- Proactive Assistance

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Code Analysis

**Network**
- Compliance Testing
- Perimeter Scanning
- Configuration Monitoring

**Effectiveness - Software Composition Analysis**
- Remediation Suggestions
- Continuous Monitoring
- Thorough Detection

**Security**
- False Positives
- Custom Compliance
- Agility

**Tracking**
- Bill of Materials
- Audit Trails
- Monitoring

**Testing**
- Command-Line Tools
- Manual Testing
- Test Automation
- Compliance Testing
- Detection Rate
- False Positives

**Application**
- Manual Application Testing
- Static Code Analysis
- Black Box Testing

**Agentic AI - Vulnerability Scanner**
- Autonomous Task Execution
- Proactive Assistance

**Agentic AI - Static Application Security Testing (SAST)**
- Autonomous Task Execution

## Top ZeroPath Alternatives
  - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,301 reviews)
  - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (880 reviews)
  - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (809 reviews)