local-only server

The server can only run on the client’s local machine because it depends on local resources.

Integrations

Enables cloning repositories for code analysis and scanning with Semgrep.
Supports working with Semgrep rules defined in YAML format, allowing for rule creation and management.

Semgrep Server

A Model Context Protocol (MCP) server for integrating Semgrep into the development environment. This server enables static code analysis and the management of Semgrep rules directly via the MCP protocol.

installation

# Repository klonen
git clone [repository-url]
cd semgrep-server

# Abhängigkeiten installieren
npm install

# Server bauen
npm run build

use

The server can be started in the following way:

# Produktionsmodus
npm start

# Entwicklungsmodus
npm run dev

Available tools

The server provides the following MCP tools:

scan_directory : Runs a Semgrep scan in a directory
list_rules : Lists available Semgrep rules
analyze_results : Analyzes the scan results
create_rule : Creates a new Semgrep rule
filter_results : Filters scan results according to various criteria
export_results : Exports scan results in various formats
compare_results : Compares two scan results

Development

The project is written in TypeScript and uses the MCP SDK for the server implementation.

Project structure

semgrep-server/
├── src/           # Quellcode
├── build/         # Kompilierte JavaScript-Dateien
├── test.js        # Testdateien
└── test-rule.yaml # Beispiel Semgrep-Regel

Dependencies

Node.js & npm
TypeScript
MCP SDK
Axios for HTTP requests

License

This project is licensed under the ISC License. See the LICENSE file for details.

This server cannot be installed

-

security - not tested

A

license - permissive license

-

quality - not tested

Enables integration of Semgrep in development environments via the MCP protocol, supporting static code analysis, rule management, and scan result operations.

Related Resources

Reddit Discussion about this server

Semgrep MCP Server