MCP.so
登录

MCP Server Semgrep

@Szowesgad

关于 MCP Server Semgrep

MCP Server Semgrep is a [Model Context Protocol](https://modelcontextprotocol.io) compliant server that integrates the powerful Semgrep static analysis tool with AI assistants like Anthropic Claude. It enables advanced code analysis, security vulnerability detection, and code qua

基本信息

分类

开发工具

许可证

MIT

运行时

node

传输方式

stdio

发布者

Szowesgad

提交者

'mah-chey' | /ˈmɑː.tʃeɪ/ | /ˈmat͡ɕɛj/

配置

暂无标准配置

该服务器的 README 中没有可解析的 MCP 配置块,请前往代码仓库查看安装说明。

代码仓库

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP Server Semgrep?

MCP Server Semgrep is a Model Context Protocol (MCP) compliant server that integrates the Semgrep static analysis tool with AI assistants like Claude. It enables advanced code analysis, security vulnerability detection, and code quality improvements through a conversational interface.

How to use MCP Server Semgrep?

Install via Smithery.ai (recommended), npm global install (npm install -g mcp-server-semgrep), or from GitHub. For Claude Desktop, add the server to claude_desktop_config.json with the path to the built index.js and optional SEMGREP_APP_TOKEN and MCP_SERVER_SEMGREP_ALLOWED_ROOTS environment variables. The server provides tools such as scan_directory, list_rules, analyze_results, create_rule, filter_results, export_results, and compare_results.

Key features of MCP Server Semgrep

  • Direct integration with the official MCP SDK
  • Simplified architecture with consolidated handlers
  • Clean ES Modules implementation
  • Efficient error handling and path validation
  • Cross-platform compatibility (Windows, macOS, Linux)
  • Flexible Semgrep installation detection and management

Use cases of MCP Server Semgrep

  • Code security analysis before deployment
  • Detection of common programming errors
  • Enforcing coding standards within a team
  • Refactoring and improving quality of existing code
  • Identifying style inconsistencies (e.g., CSS z-index organization)

FAQ from MCP Server Semgrep

What makes this server different from other Semgrep MCP servers?

It uses the official MCP SDK directly, features a simplified architecture with consolidated handlers, is implemented as clean ES Modules, and includes comprehensive cross-platform support and extensive documentation in English and Polish.

What are the runtime requirements?

Node.js v18+ is required. Semgrep CLI must be installed (can be installed via npm, pip, Homebrew, or native package managers).

How does authentication work?

The server does not implement its own authentication; it shells out to the installed semgrep CLI and relies on its normal authentication. Use SEMGREP_APP_TOKEN for deterministic behavior in managed environments, or an existing semgrep login session for local runs.

Where does the server read and write files?

Only inside explicitly allowed workspace roots. By default, the allowed root is process.cwd(). Set MCP_SERVER_SEMGREP_ALLOWED_ROOTS to one or more absolute directories (colon-separated on macOS/Linux, semicolon on Windows) to permit additional roots.

What tools does the server provide?

Seven tools: scan_directory (scan code for issues), list_rules (list available rules and languages), analyze_results (detailed analysis), create_rule (create custom Semgrep rules), filter_results (filter results by criteria), export_results (export in various formats), and compare_results (compare two result sets).

评论

开发工具 分类下的更多 MCP 服务器