MCP.so
Sign In

MCP Server Semgrep

@Szowesgad

About MCP Server Semgrep

MCP Server Semgrep is a [Model Context Protocol](https://modelcontextprotocol.io) compliant server that integrates the powerful Semgrep static analysis tool with AI assistants like Anthropic Claude. It enables advanced code analysis, security vulnerability detection, and code qua

Basic information

Category

Developer Tools

License

MIT

Runtime

node

Transports

stdio

Publisher

Szowesgad

Submitted by

'mah-chey' | /ˈmɑː.tʃeɪ/ | /ˈmat͡ɕɛj/

Config

No standard config provided

This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.

Repository

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is MCP Server Semgrep?

MCP Server Semgrep is a Model Context Protocol (MCP) compliant server that integrates the Semgrep static analysis tool with AI assistants like Claude. It enables advanced code analysis, security vulnerability detection, and code quality improvements through a conversational interface.

How to use MCP Server Semgrep?

Install via Smithery.ai (recommended), npm global install (npm install -g mcp-server-semgrep), or from GitHub. For Claude Desktop, add the server to claude_desktop_config.json with the path to the built index.js and optional SEMGREP_APP_TOKEN and MCP_SERVER_SEMGREP_ALLOWED_ROOTS environment variables. The server provides tools such as scan_directory, list_rules, analyze_results, create_rule, filter_results, export_results, and compare_results.

Key features of MCP Server Semgrep

  • Direct integration with the official MCP SDK
  • Simplified architecture with consolidated handlers
  • Clean ES Modules implementation
  • Efficient error handling and path validation
  • Cross-platform compatibility (Windows, macOS, Linux)
  • Flexible Semgrep installation detection and management

Use cases of MCP Server Semgrep

  • Code security analysis before deployment
  • Detection of common programming errors
  • Enforcing coding standards within a team
  • Refactoring and improving quality of existing code
  • Identifying style inconsistencies (e.g., CSS z-index organization)

FAQ from MCP Server Semgrep

What makes this server different from other Semgrep MCP servers?

It uses the official MCP SDK directly, features a simplified architecture with consolidated handlers, is implemented as clean ES Modules, and includes comprehensive cross-platform support and extensive documentation in English and Polish.

What are the runtime requirements?

Node.js v18+ is required. Semgrep CLI must be installed (can be installed via npm, pip, Homebrew, or native package managers).

How does authentication work?

The server does not implement its own authentication; it shells out to the installed semgrep CLI and relies on its normal authentication. Use SEMGREP_APP_TOKEN for deterministic behavior in managed environments, or an existing semgrep login session for local runs.

Where does the server read and write files?

Only inside explicitly allowed workspace roots. By default, the allowed root is process.cwd(). Set MCP_SERVER_SEMGREP_ALLOWED_ROOTS to one or more absolute directories (colon-separated on macOS/Linux, semicolon on Windows) to permit additional roots.

What tools does the server provide?

Seven tools: scan_directory (scan code for issues), list_rules (list available rules and languages), analyze_results (detailed analysis), create_rule (create custom Semgrep rules), filter_results (filter results by criteria), export_results (export in various formats), and compare_results (compare two result sets).

Comments

More Developer Tools MCP servers