Glama
Sign In

Semgrep MCP Server

Official
by semgrep
GitHub
Python
MIT License
3
  • Linux
  • Apple
RedditDiscord
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

Integrations

  • Provides instructions for running the MCP server in a containerized environment using Docker.

  • Includes integration references for accessing repositories and issue tracking functionality.

  • Provides a Python client interface for interacting with the MCP server and executing Semgrep scans programmatically.

[beta] Semgrep MCP Server

MCP Server for using Semgrep to scan code

MCP is like LSP or unix pipes but for LLMs and AI Agents and coding tools such as Cursor.

Features

This MCP Server provides a comprehensive interface to Semgrep through the Model Context Protocol, offering the following tools:

Scanning Code

  • semgrep_scan: Scan code snippets for security vulnerabilities
  • scan_directory: Perform Semgrep scan on a directory

Customization

  • list_rules: List available Semgrep rules with optional language filtering
  • create_rule: Create custom Semgrep rules

Results

  • analyze_results: Analyze scan results including severity counts and top affected files
  • filter_results: Filter scan results by severity, rule ID, file path, etc.
  • export_results: Export scan results in various formats (JSON, SARIF, text)
  • compare_results: Compare two scan results to identify new and fixed issues

Installation

  1. Install uv using their installation instructions
  2. Ensure you have Python 3.13+ installed
  3. Clone this repository
  4. Install Semgrep (additional methods):
    pip install semgrep

Docker

docker build -t mcp-server .

Usage

Docker

docker run -p 8000:8000 mcp-server

CLI

uv run mcp run server.py

Additional info on the python mcp sdk

Creating your own client

from mcp.client import Client client = Client() client.connect("localhost:8000") # Scan code for security issues results = client.call_tool("semgrep_scan", { "code": "def get_user(user_id):\n return User.objects.get(id=user_id)", "language": "python" })

Cursor Plugin

  1. Go to Cursor > Settings > Cursor Settings
  2. Choose the MCP tab
  3. Click "Add new MCP server"
  4. Name: Semgrep, Type: sse, Server URL: http://127.0.0.1:8000/sse
  5. Ensure the MCP server is enabled

You can also set it up by adding this to ~/.cursor/mcp.json

{ "mcpServers": { "Semgrep": { "url": "http://localhost:8000/sse" } } }

Advanced Usage

The server supports advanced Semgrep functionality:

# Scan an entire directory results = client.call_tool("scan_directory", { "path": "/path/to/code", "config": "p/security-audit" }) # Filter results by severity filtered = client.call_tool("filter_results", { "results_file": "/path/to/results.json", "severity": "ERROR" })

Developlment

Running the Development Server

Start the MCP server in development mode:

uv run mcp dev server.py

By default, the server runs on http://localhost:3000 with the inspector server on http://localhost:5173.

Note: When opening the inspector sever, add query parameters to the url to increase the default timeout of the server from 10s

http://localhost:5173/?timeout=300000

This project builds upon and is inspired by several awesome community projects:

Core Technologies 🛠️

Similar Tools 🔍

Community Projects 🌟

You must be authenticated.

A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

An MCP server that provides a comprehensive interface to Semgrep, enabling users to scan code for security vulnerabilities, create custom rules, and analyze scan results through the Model Context Protocol.

  1. Features
    1. Installation
      1. Docker
    2. Usage
      1. Docker
      2. CLI
      3. Creating your own client
    3. Cursor Plugin
      1. Advanced Usage
        1. Developlment
          1. Running the Development Server
        2. Community & Related Projects
          1. Core Technologies 🛠️
          2. Similar Tools 🔍
          3. Community Projects 🌟

        Related Resources