semgrep/mcp
by Various
A MCP server for using Semgrep to scan code for security vulnerabilities.
MCP
semgrep/mcp
Added 1 June 2026
Overview
A Model Context Protocol server that enables AI agents to run Semgrep scans on codebases for security vulnerabilities. It exposes Semgrep's static analysis capabilities through the MCP interface, allowing tools like Claude to request scans and receive results.
Best for
Best for
Developers who want to add automated security scanning to their AI-assisted coding workflows
Use cases
- Automate security scanning of pull requests via AI coding assistants
- Integrate vulnerability detection into agentic code review workflows
- Run targeted Semgrep rules on code snippets during development
How to use
Install
uvx semgrep-mcp # see --help for more options Tools exposed
semgrep_scan
Tested with
Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, ChatGPT
Notes
A Model Context Protocol server that enables AI agents to run Semgrep scans on codebases for security vulnerabilities. It exposes Semgrep’s static analysis capabilities through the MCP interface, allowing tools like Claude to request scans and receive results.
668 stars on GitHub. Last updated 2025-10-28. Licensed MIT.
Use cases
- Automate security scanning of pull requests via AI coding assistants
- Integrate vulnerability detection into agentic code review workflows
- Run targeted Semgrep rules on code snippets during development
Pros
- Leverages Semgrep’s powerful pattern-based static analysis engine
- Simple MCP interface makes it easy to plug into existing AI toolchains
- Open source with active community (668 stars)
Cons
- Requires Semgrep to be installed and configured separately
- Limited to the capabilities and rules available in the local Semgrep setup
- MCP protocol is still evolving, may have compatibility issues with some clients
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Leverages Semgrep's powerful pattern-based static analysis engine
- Simple MCP interface makes it easy to plug into existing AI toolchains
- Open source with active community (668 stars)
Cons
- Requires Semgrep to be installed and configured separately
- Limited to the capabilities and rules available in the local Semgrep setup
- MCP protocol is still evolving, may have compatibility issues with some clients
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.