Semgrep MCP
by Semgrep
Enable AI agents to secure code with Semgrep SAST scanning and pattern matching
security Python Intermediate Self-hostable Verified
β 200 stars π
Updated: 1mo ago
Description
Official Semgrep MCP server that lets AI agents run static analysis security testing directly on your code. Powered by Semgrep's pattern-matching engine, it enables code scanning for vulnerabilities, bug patterns, and style enforcement using Semgrep's extensive rule library with 3,000+ community and pro rules. AI assistants can scan code, retrieve findings with contextual explanations, search for specific patterns, and help fix issues β all without leaving the conversation. Supports custom rules alongside the Semgrep Registry, making it adaptable to team-specific coding standards and security policies.
β Best for
Development teams wanting AI-assisted security scanning integrated into their coding workflow
βοΈ Skip if
You need deep data-flow analysis or already use a different SAST tool you prefer
π‘ Use cases
- Scanning code for security vulnerabilities and bug patterns during AI-assisted development
- Finding specific code patterns using Semgrep's pattern syntax via natural language
- Getting AI-generated explanations and fix suggestions for security findings
- Enforcing coding standards and security policies through automated scanning
π Pros
- β Official Semgrep project with access to 3,000+ security and code quality rules
- β Fast pattern-matching engine that works across 30+ programming languages
- β Supports custom rules for team-specific standards alongside the Semgrep Registry
- β AI provides contextual explanations and fix suggestions for each finding
π Cons
- β Requires a Semgrep token for full rule access (free tier available)
- β Pattern-based analysis may miss complex vulnerabilities requiring data flow tracking
- β Scanning large codebases may take significant time depending on rule set
π§ Exposed tools (4 tools)
| Tool | Category | Description |
|---|---|---|
| scan_code | analysis | Run Semgrep scan on code files or directories |
| list_rules | configuration | List available Semgrep rules and rulesets |
| get_findings | results | Retrieve scan findings with code context and severity |
| search_patterns | search | Search for specific code patterns using Semgrep pattern syntax |
β‘ Installation
Prerequisites:
- β’ python v3.10+
- β’ Semgrep token (from semgrep.dev)
- β’ API key required
Check Claude Code documentation to configure this MCP server.
π‘ Tips & tricks
Start with Semgrep's default ruleset (p/default) for broad coverage. Ask the AI to scan specific files or directories rather than the entire repo for faster results.
π Alternatives
Quick info
- Author
- Semgrep
- License
- MIT
- Runtime
- Python 3.10+
- Transport
- stdio
- Category
- security
- Difficulty
- Intermediate
- Self-hostable
- β
- Auth
- β
- Docker
- β
- Version
- latest
- Updated
- Feb 12, 2026
Client compatibility
- β Claude Code
- β Cursor
- β VS Code Copilot
- β Gemini CLI
- β Windsurf
- β Cline
- β JetBrains AI
- β Warp
Platforms
π macOS π§ Linux πͺ Windows