Semgrep MCP Server

Semgrep MCP is a server that enables LLMs and IDEs to scan code for security vulnerabilities using Semgrep via a standardized API.

Tools

1. security_check

Scan code for security vulnerabilities.

2. semgrep_scan

Scan code files for security vulnerabilities with a given config string.

3. semgrep_scan_with_custom_rule

Scan code files using a custom Semgrep rule.

4. get_abstract_syntax_tree

Output the Abstract Syntax Tree (AST) of code.

5. semgrep_findings

Fetch Semgrep findings from the Semgrep AppSec Platform API (login and Semgrep token required).

6. supported_languages

Return the list of languages Semgrep supports.

7. semgrep_rule_schema

Fetches the latest semgrep rule JSON Schema.

8. write_custom_semgrep_rule

Return a prompt to help write a Semgrep rule.

9. semgrep_rule_resource

Access Semgrep rule specification and full rules from the registry (via resources).

JSON Config

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"],
      "env": {
        "SEMGREP_APP_TOKEN": "<token>"
      }
    }
  }
}

Useful Links

GitHub PyPI DeepWiki

Information

Author@semgrep
Published date2025/08/09

More MCP Server

A git MCP server

@modelcontextprotocol/servers/tree/main/src/git

A Model Context Protocol server for Git repository interaction and automation. This server provides tools to read, search, and manipulate Git repositories via Large Language Models.

uvx stdio

A Model Context Protocol server that provides browser automation capabilities using Playwright. This server enables LLMs to interact with web pages, take screenshots, generate test code, web scraps the page and execute JavaScript in a real browser environment.

npx stdio

iterm-mcp

@ferrislucas/iterm-mcp

A Model Context Protocol server that provides access to your iTerm session.