Overview
What is Semgrep Server?
Semgrep Server is a Model Context Protocol (MCP) server that integrates Semgrep static code analysis into the development environment. It enables direct execution of scans and management of Semgrep rules via the MCP protocol.
How to use Semgrep Server?
Clone the repository, install dependencies with npm install, and build the server with npm run build. Start in production mode with npm start or in development mode with npm run dev. The server exposes MCP tools that can be invoked by an MCP client.
Key features of Semgrep Server
- Run a Semgrep scan on a directory with
scan_directory - List available Semgrep rules with
list_rules - Analyze scan results with
analyze_results - Create a new Semgrep rule with
create_rule - Filter scan results by various criteria with
filter_results - Export scan results to different formats with
export_results - Compare two scan results with
compare_results
Use cases of Semgrep Server
- Scan a codebase for security vulnerabilities or code quality issues
- Create and manage custom Semgrep rules during development
- Export analysis results for reporting or CI/CD integration
- Compare scan results across different code versions or rule sets
- Filter and analyze specific findings from large code scans
FAQ from Semgrep Server
How do I install Semgrep Server?
Clone the repository, run npm install to install dependencies, then npm run build to compile the TypeScript code.
How do I start Semgrep Server?
Use npm start for production mode or npm run dev for development mode.
What tools does Semgrep Server provide?
It provides seven tools: scan_directory, list_rules, analyze_results, create_rule, filter_results, export_results, and compare_results.
What are the dependencies of Semgrep Server?
Node.js & npm, TypeScript, the MCP SDK, and Axios for HTTP requests.
What license is Semgrep Server under?
It is licensed under the ISC license.