semgrep/mcp

Overview

A Model Context Protocol server that enables AI agents to run Semgrep scans on codebases for security vulnerabilities. It exposes Semgrep's static analysis capabilities through the MCP interface, allowing tools like Claude to request scans and receive results.

Best for

Best for
Developers who want to add automated security scanning to their AI-assisted coding workflows

Use cases

• Automate security scanning of pull requests via AI coding assistants
• Integrate vulnerability detection into agentic code review workflows
• Run targeted Semgrep rules on code snippets during development

Notes

A Model Context Protocol server that enables AI agents to run Semgrep scans on codebases for security vulnerabilities. It exposes Semgrep’s static analysis capabilities through the MCP interface, allowing tools like Claude to request scans and receive results.

668 stars on GitHub. Last updated 2025-10-28. Licensed MIT.

Use cases

• Automate security scanning of pull requests via AI coding assistants
• Integrate vulnerability detection into agentic code review workflows
• Run targeted Semgrep rules on code snippets during development

Pros

• Leverages Semgrep’s powerful pattern-based static analysis engine
• Simple MCP interface makes it easy to plug into existing AI toolchains
• Open source with active community (668 stars)

Cons

• Requires Semgrep to be installed and configured separately
• Limited to the capabilities and rules available in the local Semgrep setup
• MCP protocol is still evolving, may have compatibility issues with some clients

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.