
Mcp Semgrep Scanner
@archimedes-market
About Mcp Semgrep Scanner
Curated by Archimedes Market. Static security analysis exposed as MCP tools. OWASP top 10, secrets detection, custom rule packs. Baseline scanning focuses on newly-introduced findings. Built for production-grade security review. → archimedes.market/assets/21c4a8ab-80dc-4a69-8444-
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"semgrep-scanner": {
"command": "mcp-semgrep-scanner",
"args": [
"serve"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Mcp Semgrep Scanner?
Mcp Semgrep Scanner enables AI agents to run Semgrep static analysis on code. It surfaces OWASP top-10 findings, secrets, supply-chain issues, and custom rule packs, with baseline scanning that filters output to newly-introduced findings to reduce noise.
How to use Mcp Semgrep Scanner?
Configure the server in your MCP client to run Semgrep scanning commands. The server handles baseline scanning to focus results on new findings.
Key features of Mcp Semgrep Scanner
- Run Semgrep static analysis from an AI agent.
- Surface OWASP top-10 findings.
- Detect secrets and supply-chain issues.
- Apply custom rule packs.
- Baseline scanning reduces noise on new findings.
Use cases of Mcp Semgrep Scanner
- AI-assisted code review for OWASP vulnerabilities.
- Automated secret detection during development.
- Supply-chain risk analysis in CI/CD pipelines.
- Custom rule enforcement via AI agents.
- New-code baseline scanning to filter pre-existing issues.
FAQ from Mcp Semgrep Scanner
What does Mcp Semgrep Scanner do?
It runs Semgrep static analysis from an AI agent, surfacing OWASP top-10 findings, secrets, supply-chain issues, and custom rule packs.
What is baseline scanning?
Baseline scanning focuses output on newly-introduced findings so the noise floor stays low.
What is the license for Mcp Semgrep Scanner?
The server is licensed under MIT.
More Developer Tools MCP servers
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
Golf
golf-mcpProduction-Ready MCP Server Framework • Build, deploy & scale secure AI agent infrastructure • Includes Auth, Observability, Debugger, Telemetry & Runtime • Run real-world MCPs powering AI Agents
Stakpak Agent CLI
stakpakShip your code, on autopilot. An open source agent that lives on your machines 24/7 and keeps your apps running. 🦀
Smithery CLI
smithery-aiInstall, manage and develop MCP servers and skills for agents
FastAPI-MCP
tadata-orgExpose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!
Comments