Semgrep MCP Server
Securitystdiossev0.4.0
Official Semgrep MCP server for static application security testing. Lets AI agents scan code for security vulnerabilities and bugs, run custom rules, and return findings with severity and remediation guidance, embedding SAST into AI-powered development workflows.
Connect
Add this configuration to .claude/mcp.json
Transport:
{
"mcpServers": {
"semgrep": {
"command": "uvx",
"args": [
"semgrep-mcp"
],
"env": {
"SEMGREP_APP_TOKEN": "<YOUR_SEMGREP_APP_TOKEN>"
}
}
}
}Tools (2)
semgrep_scan
Scan code or a directory with Semgrep and return security findings.
{
"type": "object",
"required": [
"path"
],
"properties": {
"path": {
"type": "string",
"description": "File or directory path to scan"
},
"config": {
"type": "string",
"description": "Ruleset to use (for example \"auto\" or a registry ruleset)"
}
}
}security_check
Run a fast security-focused scan and summarize high-severity findings.
{
"type": "object",
"required": [
"code"
],
"properties": {
"code": {
"type": "string",
"description": "Code snippet to analyze"
}
}
}Resources
This server does not expose any resources.
Prompts
This server does not expose any prompts.
Server Information
- Author
- Semgrep (@semgrep)
- Repository
- https://github.com/semgrep/mcp
- License
- MIT
- Version
- 0.4.0
- Stars
- 512
- Last Updated
- July 9, 2026