Semgrep

MCP Server Semgrep is a [Model Context Protocol](https://modelcontextprotocol.io) compliant server that integrates the powerful Semgrep static analysis tool with AI assistants like Anthropic Claude. It enables advanced code analysis, security vulnerability detection, and code quality improvements directly through a conversational interface.
  • javascript

25

GitHub Stars

javascript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "vetcoders-mcp-server-semgrep": {
      "command": "node",
      "args": [
        "/your_path/mcp-server-semgrep/build/index.js"
      ],
      "env": {
        "SEMGREP_APP_TOKEN": "YOUR_TOKEN"
      }
    }
  }
}

MCP Server Semgrep combines the Model Context Protocol with Semgrep’s static analysis to provide code analysis, security checks, and quality improvements through a conversational interface. It helps you analyze whole projects, detect vulnerabilities and stylistic issues, and learn secure coding practices as you interact with AI assistants.

How to use

You use MCP Server Semgrep with an MCP client to scan code, run custom Semgrep rules, and review results through natural conversations. You can start a scan of a project directory, list available Semgrep rules and languages, analyze the results, and iteratively improve your code by creating or updating rules. You can filter results to focus on security issues, compare pre- and post-change scans, and export findings for reporting or integration into your workflow.

How to install

Prerequisites you need before installing are: Node.js v18 or newer and TypeScript if you plan to contribute or develop.

Option 2: Install from NPM Registry (recommended for straightforward setup)

# Using npm
npm install -g mcp-server-semgrep

# Using pnpm
pnpm add -g mcp-server-semgrep

# Using yarn
yarn global add mcp-server-semgrep

Option 3: Install from GitHub

Option 4: Local development setup lets you work with the code locally and build before use.

Available tools

scan_directory

Scan a directory of source code to identify potential issues using Semgrep rules and MPC integration.

list_rules

List available Semgrep rules and languages supported by the server.

analyze_results

Provide a detailed analysis of scan results, highlighting findings, severity, and suggested fixes.

create_rule

Create custom Semgrep rules tailored to your project’s needs, including language and pattern specifications.

filter_results

Filter scan results by criteria such as severity, language, or rule.

export_results

Export scan findings to formats suitable for reporting or CI integration.

compare_results

Compare two sets of results to evaluate fixes or changes over time.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational