Semgrep

Semgrep is a static analysis tool that helps developers and security teams find bugs and enforce code standards across codebases.

Primary category: security

Visit Semgrep

About this data

This page reflects public online discussion, collected and scored by automated systems and summarized using AI. It is not a statement of fact, not an audit, and not our own opinion of the product. Automated analysis can be incomplete or wrong, and scores carry the limitations described in our methodology. Companies can respond with their own perspective. See how this is calculated.

Updated June 22, 2026

Overall Pulse Score

Pulse Score

+9 over this period

A 0-100 index summarizing the tone of 383 relevant public mentions gathered from public online communities across 12 weeks in the selected period. It measures online sentiment, not a rating of the product's quality.

Weekly Sentiment Trend

Pulse Score by week over the selected period. Each point is one complete week of mentions.

This week in public discussion

Discussion around Semgrep over the recent period was dominated by bug reports and reliability frustrations, which together accounted for the largest share of negative mentions. Commenters frequently flagged path-handling errors in hook integrations, including doubled file paths on Windows and WSL environments causing scans to silently fail. Several mentions also raised dependency constraint concerns, such as the pyjwt version pinning and opam lockfile breakage. Praise themes around features and integrations were present but clearly outnumbered by complaints in this period.

AI-generated summary of public online discussion during this period. It reflects the tone of that discussion, not facts about the product or our views.

Sentiment mix by week

How the tone of public discussion splits each week.

PositiveMixedNeutralNegative

Most-discussed praise

Strong features68

Good integrations42

Compared to rivals20

Security praise11

Feature requests9

Most-discussed complaints

Bugs94

Reliability65

Missing features44

Feature requests23

Lacking integrations8

Themes across the selected period, with mention counts.

Sample public mentions

Showing 5 of 383 analyzed public mentions in this period, with links to the original source. We do not reproduce full threads.

“semgrep scan generates findings for ignored code blocks if the --sarif-output option is specified. **Describe the bug** According to the documentation, an inline comment followed by the nosemgrep word can be used to ignore blocks of code. However, if the --sarif-output option is ...”

githubApr 3, 2026

“Hook binary doubles absolute file_path (no IsAbs check) → open: no such file noise + silent SAST no-op in git worktrees. ## Summary The hook registered for Write|Edit|Bash (Pre/PostToolUse) joins the current working directory onto tool_input.file_path **without checking whether f...”

github5 days ago

“**Semgrep identified an issue in your code:**. **Semgrep identified an issue in your code:** An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an acti...”

githubApr 30, 2026

“Semgrep plugin: hook.sh runs Windows binary on WSL instead of native Linux binary. ## Bug Report **Plugin:** semgrep@claude-plugins-official (v2.0.1) **Platform:** WSL2 on Windows (tested on aarch64) Problem The Semgrep Guardian plugin's hook.sh script checks for WSL_DISTRO_NAME ...”

githubJun 18, 2026

“Mutating conf-* packages deps invalidated opam lock lockfiles. In this commit, a bunch of conf-* packages were mutated to require conf-pkg-config {>= "5"}; this broke lockfiles in e.g https://github.com/semgrep/semgrep/blob/15f510ede866353d84f0193769e854c47e4a0fe9/opam-lockfiles/...”

githubJun 3, 2026

393+ more analyzed mentions, full history, and theme breakdowns are part of Pro.

Get Pro

Deeper analysis

Bug reports and reliability concerns dominated discussion, with path-handling defects on Windows and WSL attracting the most specific and repeated criticism.
Sentiment trended downward as mention volume surged in late May and early June, with the score remaining below the midpoint through the most recent week.
Opinion divided over dependency management and packaging choices, where tone leaned toward resigned frustration rather than outright hostility.
Praise around features and integrations existed but was outweighed by the specificity and volume of complaints in the same period.

Praise theme	Mentions
Strong features	68
Good integrations	42
Compared to rivals	20
Security praise	11
Feature requests	9

Complaint theme	Mentions
Bugs	94
Reliability	65
Missing features	44
Feature requests	23
Lacking integrations	8

Discussion around Semgrep over the past four weeks has been dominated by frustration, with bug reports and reliability concerns accounting for the largest share of complaint-themed mentions by a considerable margin. Commenters repeatedly surfaced a specific class of path-handling defects, particularly around how the hook binary concatenates the working directory onto already-absolute file paths, producing invalid paths and silent scan failures across git worktrees, Windows environments, and WSL setups. Several mentions described the experience as a silent no-op, which appeared to amplify the irritation since the tool gives no visible indication that scanning has stopped working. The reliability theme reinforced this unease, with discussion suggesting that breakages could go undetected for extended periods.

The score trajectory tells a volatile story. An early high point gave way to a sharp drop, followed by a partial recovery through mid-May. The picture darkened again as mention volume surged in late May and early June, with sentiment slipping below the midpoint and remaining there into the most recent window. The correlation between rising mention counts and declining or flat scores suggests that increased visibility brought proportionally more critical voices into the conversation.

Praise was not absent. Commenters offered positive remarks about specific features and integrations, and a handful of mentions drew favorable competitor comparisons. Security-focused praise also appeared, though in smaller numbers. These threads felt overshadowed by the volume and specificity of the complaint side.

Opinion divided most visibly around packaging and dependency management. Mentions around lockfile breakage from mutated conf-* packages and requests for looser dependency pinning carried a tone of resigned inconvenience rather than outrage, suggesting a segment of users who are invested enough to file detailed requests but uncertain whether they will be addressed. How findings from vulnerability scanning should be categorized also surfaced as a point of genuine disagreement, with commenters questioning current bucketing behavior.

AI-generated summary of public online discussion during this period. It reflects the tone of that discussion, not facts about the product or our views.