Semgrep MCP Server
by Semgrep
Semgrep MCP Server is a Model Context Protocol (MCP) server that allows using Semgrep to scan code for security vulnerabilities. It provides a standardized API for LLMs, Agents, and IDEs to get specialized help and context by harnessing the power of Semgrep's static analysis capabilities.
Last updated: N/A
What is Semgrep MCP Server?
Semgrep MCP Server is a server that implements the Model Context Protocol (MCP) to integrate Semgrep, a static analysis tool, with LLMs, agents, and IDEs. It enables these tools to leverage Semgrep's ability to scan code for security vulnerabilities and understand code structure.
How to use Semgrep MCP Server?
The server can be run as a Python package using uvx semgrep-mcp or as a Docker container using docker run -i --rm ghcr.io/semgrep/mcp -t stdio. It supports both stdio and SSE transports. Configuration involves setting up the server URL or command in the client's MCP configuration file (e.g., mcp.json for Cursor, VS Code settings).
Key features of Semgrep MCP Server
Security vulnerability scanning using Semgrep
Integration with LLMs, agents, and IDEs via MCP
Support for stdio and SSE transports
Tools for scanning code with custom Semgrep rules
Tools for understanding code, such as AST generation
Use cases of Semgrep MCP Server
Automated security checks in IDEs like Cursor and VS Code
Code analysis and vulnerability detection within LLM-powered workflows
Integration with custom clients and agents for specialized code analysis tasks
Writing custom semgrep rules with the help of LLMs
FAQ from Semgrep MCP Server
What is Model Context Protocol (MCP)?
What is Model Context Protocol (MCP)?
MCP is a standardized API for LLMs, Agents, and IDEs to get specialized help, get context, and harness the power of tools.
How do I install Semgrep MCP Server?
How do I install Semgrep MCP Server?
You can install it as a Python package using uvx semgrep-mcp or as a Docker container using docker run -i --rm ghcr.io/semgrep/mcp -t stdio.
How do I configure Semgrep MCP Server with Cursor?
How do I configure Semgrep MCP Server with Cursor?
Add the provided JSON block to your ~/.cursor/mcp.json global or .cursor/mcp.json project-specific configuration file.
How do I connect to Semgrep AppSec Platform?
How do I connect to Semgrep AppSec Platform?
Generate a token from Settings and add the token to your environment variables.
What transport protocols are supported?
What transport protocols are supported?
The server supports both Standard Input/Output (stdio) and Server-Sent Events (SSE).