NEWJoin 2M+ software buyers|Get Weekly Insights, Trends & Expert PicksSubscribe free →

Spotsaas logo

9.2

SpotScore

Semgrep logo

Semgrep Reviews in July 2026: User Ratings, Pros & Cons

Fast open-source SAST tool with 2,000+ rules for finding security vulnerabilities in code

4.6

Add to compare

Starts from Free / free, also offers free forever plan

Try for Free

Semgrep Reviews & Ratings

4.6

Excellent

Based on 310 ratings & 0 reviews

Are you using Semgrep?

Rating Distribution

Excellent

(0)

Very Good

(0)

Good

(0)

Poor

(0)

Terrible

(0)

Spotsaas Editor’s POV

Semgrep has disrupted the SAST market by making static analysis fast, readable, and accessible to developers rather than just security teams. The pattern syntax is genuinely clever — writing `$X.execute($QUERY + $INPUT)` to find SQL injection is intuitive in a way that traditional SAST rule DSLs are not. The 2,000+ Registry rules and free tier make it the first ...Read more

Semgrep pros and cons

  • Custom rule syntax mirrors the code being analyzed — security engineers write rules in minutes rather than learning a proprietary DSL.

  • 2,000+ community rules in the Registry cover OWASP Top 10 and framework-specific patterns across all major languages and frameworks.

  • Runs in CI/CD and posts inline PR comments with finding context — developers see security feedback in their existing workflow without switching tools.

  • Open-source CLI with a genuinely useful free tier covers most small-to-mid teams without enterprise budget.

  • Pattern-based SAST produces false positives on complex data flow cases — findings that look like vulnerabilities in isolation but are safe in context require developer triage.

  • Supply Chain and secrets scanning require the paid Enterprise tier; teams wanting a single tool for all three categories need to budget for enterprise pricing.

Filter results

Sort by :

Relevance
Relevance
Highest-Rated
Lowest-Rated
Least-Recent
Most-Recent

Share this page

Showing 0 - 0 out of 0

No Reviews Found!

Disclaimer: This research has been collated from a variety of authoritative sources. We welcome your feedback at [email protected].