Enterprise DNA
M MCP Servers Developer low

semgrep/mcp

by Various

A MCP server for using Semgrep to scan code for security vulnerabilities.

S

MCP

semgrep/mcp

Added 1 June 2026

#mcp #semgrep

Overview

A Model Context Protocol server that enables AI agents to run Semgrep scans on codebases for security vulnerabilities. It exposes Semgrep's static analysis capabilities through the MCP interface, allowing tools like Claude to request scans and receive results.

Best for

Best for
Developers who want to add automated security scanning to their AI-assisted coding workflows

Use cases

  • Automate security scanning of pull requests via AI coding assistants
  • Integrate vulnerability detection into agentic code review workflows
  • Run targeted Semgrep rules on code snippets during development

How to use

Install

uvx semgrep-mcp # see --help for more options

Tools exposed

  • semgrep_scan

Tested with

Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, ChatGPT

Notes

A Model Context Protocol server that enables AI agents to run Semgrep scans on codebases for security vulnerabilities. It exposes Semgrep’s static analysis capabilities through the MCP interface, allowing tools like Claude to request scans and receive results.

668 stars on GitHub. Last updated 2025-10-28. Licensed MIT.

Use cases

  • Automate security scanning of pull requests via AI coding assistants
  • Integrate vulnerability detection into agentic code review workflows
  • Run targeted Semgrep rules on code snippets during development

Pros

  • Leverages Semgrep’s powerful pattern-based static analysis engine
  • Simple MCP interface makes it easy to plug into existing AI toolchains
  • Open source with active community (668 stars)

Cons

  • Requires Semgrep to be installed and configured separately
  • Limited to the capabilities and rules available in the local Semgrep setup
  • MCP protocol is still evolving, may have compatibility issues with some clients

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Leverages Semgrep's powerful pattern-based static analysis engine
  • Simple MCP interface makes it easy to plug into existing AI toolchains
  • Open source with active community (668 stars)

Cons

  • Requires Semgrep to be installed and configured separately
  • Limited to the capabilities and rules available in the local Semgrep setup
  • MCP protocol is still evolving, may have compatibility issues with some clients
Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks