Companies that use Semgrep

Analyzed and validated by Henley Wing Chiu ยท Updated
All โ€บ application security testing โ€บ Semgrep

Semgrep We detected 262 companies using Semgrep. The most common industry is Software Development (56%) and the most common company size is 1,001-5,000 employees (27%). We find new customers by discovering URLs with known URL patterns through web crawling or modifications to subprocessor lists. Note: We track companies on the Enterprise Plan of Semgrep

โฑ๏ธ Data is delayed by 1 month. To show real-time data, sign up for a free trial or login
Company Employees Industry Country Region Usage Start Date
Google 10,001+ Software Development
United States
North America
DoorDash 10,001+ Software Development
United States
North America
Airbnb 5,001โ€“10,000 Software Development
United States
North America
LSEG 10,001+ Financial Services
United Kingdom
Europe
Instacart 1,001โ€“5,000 Software Development
United States
North America
Intuit 10,001+ Software Development
United States
North America
TransUnion 10,001+ IT Services and IT Consulting
United States
North America
Sage 10,001+ Software Development
United Kingdom
Europe
Pinterest 1,001โ€“5,000 Software Development
United States
North America
Just Eat Takeaway.com 10,001+ Software Development
Netherlands
Europe
Morningstar 10,001+ Financial Services
United States
North America
Agoda 5,001โ€“10,000 Software Development
Singapore
Asia
Splunk 5,001โ€“10,000 Software Development
United States
North America
BMC Software 5,001โ€“10,000 IT Services and IT Consulting
United States
North America
MongoDB 5,001โ€“10,000 Software Development
United States
North America
Roblox 1,001โ€“5,000 Software Development
United States
North America
Toast 1,001โ€“5,000 Software Development
United States
North America
Okta 5,001โ€“10,000 Software Development
United States
North America
Freshworks 1,001โ€“5,000 Software Development
United States
North America
Crypto.com 1,001โ€“5,000 Financial Services
Singapore
Asia
Showing 1-20

Market Insights

๐Ÿข Top Industries

Software Development 145 (56%)
Financial Services 61 (24%)
IT Services and IT Consulting 26 (10%)
Technology, Information and Internet 25 (10%)
Artificial Intelligence 1 (0%)

๐Ÿ“ Company Size Distribution

1,001-5,000 employees 71 (27%)
201-500 employees 63 (24%)
51-200 employees 58 (22%)
501-1,000 employees 36 (14%)
5,001-10,000 employees 14 (5%)

๐Ÿ“Š Who usually uses Semgrep and for what use cases?

Source: Analysis of job postings that mention Semgrep (using the Bloomberry Jobs API)

Job titles that mention Semgrep
i
Job Title
Share
Information Security Engineer
43%
DevOps Engineer (SRE)
16%
Director, Information Security
9%
Security Operations Center (SOC) Analyst
4%
My analysis shows that Semgrep purchases are primarily driven by information security leadership, with 9% of roles being Director-level security positions responsible for buying decisions. These leaders are hiring for strategic priorities including secure SDLC implementation, DevSecOps pipeline integration, and vulnerability management at scale. The remaining leadership roles span VP of Customer Experience, Head of Technical Security, and Director of Engineering positions, all focused on embedding security into software delivery without slowing development velocity.

The day-to-day users are predominantly application security engineers (43%) and DevOps/SRE professionals (16%) who integrate Semgrep into CI/CD pipelines, conduct code reviews, and triage findings. These practitioners use Semgrep for SAST scanning alongside other tools like Snyk, Veracode, and CodeQL. They're responsible for writing custom rules, reducing false positives, and partnering with development teams on remediation. Several postings emphasize hands-on work with GitHub Actions, GitLab, Jenkins, and container security.

The core pain points center on scaling security without friction. Companies want to "shift security left by embedding SAST, DAST, and SCA tools directly into modern CI/CD pipelines, eliminating security bottlenecks." They're seeking to "make it safe to build fast, not to slow things down" and deliver "security that learns as they build." Multiple postings emphasize the need to "reduce false positives" and provide "actionable, high-fidelity results" that developers can actually use, revealing frustration with legacy security tools that interrupt workflows rather than enabling them.

๐Ÿ‘ฅ What types of companies use Semgrep?

Source: Analysis of Linkedin bios of 262 companies that use Semgrep

Company Characteristics
i
Trait
Likelihood
Funding Stage: Series E
1056.8x
Funding Stage: Secondary market
703.1x
Funding Stage: Series C
259.7x
Industry: Software Development
32.5x
Company Size: 1,001-5,000
30.4x
Company Size: 5,001-10,000
26.0x
I noticed that Semgrep users are predominantly technology companies building software platforms and digital infrastructure. They're not just "tech companies" in a vague sense. They're financial services firms processing billions in transactions (Chime, Airwallex, Klarna), digital banks reimagining core banking systems (10x Banking), cryptocurrency exchanges and blockchain platforms (Crypto.com, Fireblocks, Gemini), and SaaS companies delivering everything from project management to healthcare AI. Many are building what they call "platforms" rather than simple products, like Dremio's "Agentic Lakehouse" or Cribl's "AI Platform for Telemetry."

These are primarily growth-stage and mature companies. I see Series C through Series E funding rounds (ClickUp raised $400M Series C, Grafana Labs $270M Series D), public companies listed on NASDAQ and NYSE, and established players with thousands of employees. Many mention serving millions of users or processing billions in transactions. Even the smaller companies by headcount often describe handling massive scale, like Abridge's "300M funding" despite being 200-500 employees.

๐Ÿ”ง What other technologies do Semgrep customers also use?

Source: Analysis of tech stacks from 262 companies that use Semgrep

Commonly Paired Technologies
i
Technology
Likelihood
2319.4x
2187.9x
1965.1x
1131.3x
794.3x
452.1x
I noticed that Semgrep users are predominantly high-growth tech companies with strong engineering cultures and serious security postures. The presence of HackerOne at 2319x the baseline rate tells me these companies run bug bounty programs and treat security as a competitive advantage, not just compliance. The combination with tools like Golinks (internal productivity) and Cursor (AI-powered coding) suggests engineering teams that optimize aggressively for developer velocity while maintaining tight security controls.

The pairing with Statsig is particularly revealing. Companies running feature flags and experimentation platforms alongside Semgrep are shipping code constantly and need automated security checks to keep pace with their release velocity. They can't afford manual security reviews for every deployment. Similarly, Cursor appearing 452x more often shows these teams embrace AI-assisted development, which introduces new code quality risks that static analysis tools like Semgrep help manage. The ZipHQ correlation suggests these are companies focused on automating operations and reducing friction across the board.

These companies are clearly product-led, high-velocity organizations. Slack Enterprise Grid appearing 1131x more often indicates they're past the startup phase with distributed teams requiring enterprise-grade collaboration. They're likely Series B and beyond, scaling fast enough that security and code quality need automation to avoid becoming bottlenecks. The overall stack screams modern engineering practices: ship fast, automate everything, measure constantly, and secure by default.

Alternatives and Competitors to Semgrep

Explore vendors that are alternatives in this category

Chainguard Chainguard DeepSource DeepSource Ethiack Ethiack SonarQube SonarQube Semgrep Semgrep SonarQube Cloud SonarQube Cloud Astra Security Astra Security Checkmarx One Checkmarx One Hackerone Hackerone Detectify Detectify BlackDuck BlackDuck Tinfoil Security Tinfoil Security Github Advanced Security Github Advanced Security F5 Web App Scanner F5 Web App Scanner

Loading data...