Semgrep MCP Server Overview

Title

Semgrep MCP Server – A Model Context Protocol (MCP) server for scanning code with Semgrep to detect security vulnerabilities.

How to Use

• Installation Options:

  • Python Package: Run via uvx semgrep-mcp or install via pipx install semgrep-mcp.
  • Docker: Run as a container with docker run -i --rm ghcr.io/semgrep/mcp -t stdio.
  • Hosted Server: Use the experimental hosted server at https://mcp.semgrep.ai/sse.

• IDE Integration:

  • Cursor: Configure mcp.json to use Semgrep for automated security scanning.
  • VS Code: Install via provided badges for Docker, UV, or semgrep.ai integration.

Key Features

• Security Scanning: Detect vulnerabilities using Semgrep’s 5,000+ rules.
• MCP Compliance: Standardized API for LLMs, IDEs, and tools.
• Multiple Transports: Supports stdio and server-sent events (SSE).
• Tool Integration:
  • security_check – Scan code for vulnerabilities.
  • get_abstract_syntax_tree – Output code AST.
  • supported_languages – List Semgrep-supported languages.
• Prompt Templates: Predefined prompts for writing custom Semgrep rules.

Use Cases

• Automated Security Checks: Scan generated or modified code in real-time.
• IDE/LLM Integration: Enhance coding assistants (Cursor, VS Code, Claude, OpenAI) with security insights.
• Custom Rule Development: Generate and test Semgrep rules dynamically.
• Educational & Debugging: Inspect code structure via AST extraction.

Note: This is a beta project—feedback and contributions are welcome! Join the #mcp channel in the Semgrep Slack. 🚀