[beta] Semgrep MCP Server
MCP Server for using Semgrep to scan code.
Demo
MCP is like LSP or Unix pipes for LLMs, AI Agents, and coding tools such as Cursor.
Features
This MCP Server provides a comprehensive interface to Semgrep through the Model Context Protocol, offering the following tools:
Scanning Code
semgrep_scan: Scan code snippets for security vulnerabilitiesscan_directory: Perform Semgrep scan on a directory
Customization
list_rules: List available Semgrep rules with optional language filteringcreate_rule: Create custom Semgrep rules
Results
analyze_results: Analyze scan results including severity counts and top affected filesfilter_results: Filter scan results by severity, rule ID, file path, etc.export_results: Export scan results in various formats (JSON, SARIF, text)compare_results: Compare two scan results to identify new and fixed issues
Installation
CLI
-
Install
uvusing their installation instructions -
Ensure you have Python 3.13+ installed
-
Clone this repository
-
Install Semgrep (additional methods):
1pip install semgrep
Docker
1docker build -t mcp-server .
Usage
CLI
1uv run mcp run server.py -t sse
Additional info on the python mcp sdk
Docker
1docker run -p 8000:8000 mcp-server
Also published to ghcr.io/semgrep/mcp.
1docker run -p 8000:8000 ghcr.io/semgrep/mcp:latest
Creating your own client
1from mcp.client import Client 2 3client = Client() 4client.connect("localhost:8000") 5 6# Scan code for security issues 7results = client.call_tool("semgrep_scan", { 8 "code": "def get_user(user_id):\n return User.objects.get(id=user_id)", 9 "language": "python" 10})
Cursor Plugin
- Go to Cursor > Settings > Cursor Settings
- Choose the
MCPtab - Click "Add new MCP server"
- Name:
Semgrep, Type:sse, Server URL:http://127.0.0.1:8000/sse - Ensure the MCP server is enabled
You can also set it up by adding this to ~/.cursor/mcp.json
1{ 2 "mcpServers": { 3 "Semgrep": { 4 "url": "http://localhost:8000/sse" 5 } 6 } 7}
Advanced Usage
The server supports advanced Semgrep functionality:
1# Scan an entire directory 2results = client.call_tool("scan_directory", { 3 "path": "/path/to/code", 4 "config": "p/security-audit" 5}) 6 7# Filter results by severity 8filtered = client.call_tool("filter_results", { 9 "results_file": "/path/to/results.json", 10 "severity": "ERROR" 11})
Developlment
Running the Development Server
Start the MCP server in development mode:
1uv run mcp dev server.py
By default, the server runs on http://localhost:3000 with the inspector server on http://localhost:5173.
Note: When opening the inspector sever, add query parameters to the url to increase the default timeout of the server from 10s
http://localhost:5173/?timeout=300000
Community & Related Projects
This project builds upon and is inspired by several awesome community projects:
Core Technologies ๐ ๏ธ
- Semgrep - The underlying static analysis engine that powers this project
- Model Context Protocol (MCP) - The protocol that enables AI agent communication
Similar Tools ๐
- semgrep-vscode - Official VSCode extension for Semgrep
- semgrep-intellij - IntelliJ plugin for Semgrep
Community Projects ๐
- semgrep-rules - The official collection of Semgrep rules
- mcp-server-semgrep - Original inspiration written by Szowesgad and stefanskiasan