Customer Success Story

Policygenius: Shifting left with Semgrep

  • Semgrep scans their entire repository in seconds.

  • With Semgrep, Policygenius has nearly zero false positives per scan.

  • Policygenius’ security team appreciates easy-to-create rulesets.

Policygenius case study

About Policygenius

Policygenius transforms the insurance journey for today’s consumer, providing a one-stop platform where customers can compare options from top insurance carriers, get unbiased expert advice, buy policies, and manage their insurance portfolio, in one seamless, integrated experience. Our proprietary technology platform integrates with the leading life, disability, and home and auto insurance carriers and delivers an exceptional digital experience for both consumers and insurance carriers. Since 2014, our content, digital tools, and experts have served as a resource for millions of people on their insurance journey, and we have sold more than $160 billion in coverage.

Jessica Grider Quote

The software security team at Policygenius is responsible for making sure that their software is as secure as possible without unnecessarily slowing down software developers.

The Policygenius technology stack consists of:

- Languages: Ruby, Java, Golang, Python

- Frameworks: Terraform, Github

As in just about all technology companies, there were more developers than security engineers, which posed the challenge of how to create a not only scalable and effective but also efficient and developer-friendly secure SDLC. Due to this, Jessica Grider, Senior DevSecOps Engineer, wanted to make sure that the security shifts left and the security infrastructure is automated as much as possible. Shifting left is crucial because it detects vulnerabilities before they reach production, thus allowing developers and security teams to be proactive rather than reactive.

With this in mind, Jessica was looking for a security solution that was fast, reliable, and had very few false positives.

The Semgrep App makes policy enforcement easy. Policygenius has been able to add specific rulesets for specific repositories, add new rules, and change rules easily with the Rule Board.

cool vendor 2023 badges


Jessica and her team are highly appreciative of the support from Semgrep to help boost their security posture. Policygenius is excited to utilize the power of Semgrep fully.


Semgrep Logo

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.

Find and fix the issues that matter before build time

Semgrep helps organizations shift left without the developer productivity tax.

Get started in minutesBook a demo