Semgrep MCP Server

Securitystdiossev0.4.0
Repository

Official Semgrep MCP server for static application security testing. Lets AI agents scan code for security vulnerabilities and bugs, run custom rules, and return findings with severity and remediation guidance, embedding SAST into AI-powered development workflows.

Connect

Add this configuration to .claude/mcp.json

Transport:
{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": [
        "semgrep-mcp"
      ],
      "env": {
        "SEMGREP_APP_TOKEN": "<YOUR_SEMGREP_APP_TOKEN>"
      }
    }
  }
}

Tools (2)

semgrep_scan

Scan code or a directory with Semgrep and return security findings.

{
  "type": "object",
  "required": [
    "path"
  ],
  "properties": {
    "path": {
      "type": "string",
      "description": "File or directory path to scan"
    },
    "config": {
      "type": "string",
      "description": "Ruleset to use (for example \"auto\" or a registry ruleset)"
    }
  }
}

security_check

Run a fast security-focused scan and summarize high-severity findings.

{
  "type": "object",
  "required": [
    "code"
  ],
  "properties": {
    "code": {
      "type": "string",
      "description": "Code snippet to analyze"
    }
  }
}

Resources

This server does not expose any resources.

Prompts

This server does not expose any prompts.

Server Information

Author
Semgrep (@semgrep)
Repository
https://github.com/semgrep/mcp
License
MIT
Version
0.4.0
Stars
512
Last Updated
July 9, 2026