Semgrep

Exposes Semgrep's static analysis engine through the Model Context Protocol (MCP), allowing AI agents and IDEs to invoke security vulnerability detection via a standardized tool interface. The SemgrepMCPServer class orchestrates FastMCP framework bindings to translate MCP tool calls into Semgrep CLI invocations, returning structured vulnerability findings with file paths, line numbers, and severity metadata. This bridges Semgrep's native CLI with AI-native tool-calling conventions.

Provides an MCP Prompt resource that guides AI models through the process of writing custom Semgrep rules in YAML format. The server exposes a structured prompt template (write_custom_semgrep_rule) that contextualizes rule authoring with schema documentation and examples, allowing AI agents to generate domain-specific security rules without manual YAML syntax learning. The prompt integrates with the semgrep://rule/schema resource to provide real-time schema validation context.

The Semgrep MCP Server is distributed via PyPI as the semgrep-mcp package, supporting installation via pip, pipx (isolated environments), and uv (fast Python package manager). This enables lightweight local installation without containerization, suitable for CLI tools, IDE plugins, and development environments. The package includes all necessary dependencies and Semgrep CLI bindings.

Semgrep provides a hosted MCP service at mcp.semgrep.ai that eliminates the need for users to self-host the MCP server. Web-based AI platforms (e.g., Claude web interface) can directly connect to this hosted service without configuration, enabling seamless Semgrep integration for non-technical users. The hosted service handles authentication, scaling, and infrastructure management.

The Semgrep MCP Server implements security measures to prevent path traversal attacks, restricting file access to authorized directories and preventing directory traversal via relative paths (e.g., ../../../etc/passwd). The server validates all file paths before passing them to Semgrep CLI, ensuring that scans are confined to intended code directories. This protects against malicious or accidental access to sensitive files outside the scan scope.

Exposes Semgrep's AST parsing capabilities through the get_abstract_syntax_tree MCP tool, allowing clients to request parsed syntax trees for code snippets in supported languages. The server invokes Semgrep's language-specific parsers (tree-sitter based) to generate structured AST representations, enabling AI agents to reason about code structure for pattern matching, refactoring, or security analysis without implementing language-specific parsers.

Exposes two MCP Resources that provide rule schema documentation: semgrep://rule/schema (YAML syntax schema for rule authoring) and semgrep://rule/{rule_id}/yaml (specific rule YAML content). These resources allow clients to query rule structure, syntax requirements, and example rules without external documentation, enabling AI agents and developers to understand rule authoring constraints and inspect existing rule implementations for reference.

The supported_languages MCP tool returns a list of all programming languages that Semgrep can analyze, including language identifiers and parser capabilities. This enables clients to dynamically discover which languages are supported before attempting analysis, allowing AI agents to gracefully handle unsupported languages or inform users of available analysis targets.

The semgrep_scan MCP tool accepts a file path and optional configuration parameter, allowing clients to scan code with specific Semgrep configurations (e.g., custom rule files, severity filters, or predefined rulesets). The server translates MCP parameters into Semgrep CLI arguments, enabling flexible scanning workflows without requiring clients to understand Semgrep CLI syntax. Configuration can reference local rule files, registry rules, or inline rule definitions.

The semgrep_scan_with_custom_rule MCP tool accepts code and an inline Semgrep rule definition (YAML), allowing clients to scan code against a custom rule without requiring a separate rule file. The server parses the inline rule, validates it against the Semgrep rule schema, and executes a scan, returning findings that match the custom rule. This enables dynamic rule creation and testing workflows where rules are generated or modified at runtime.

The semgrep_rule_schema MCP tool returns the JSON schema definition for Semgrep rules, allowing clients to programmatically validate rule definitions, generate rule templates, or provide schema-aware IDE autocomplete. The schema describes all valid rule fields, their types, constraints, and required properties, enabling clients to build rule authoring tools with schema validation.

The Semgrep MCP Server supports three transport protocols (stdio, streamable-http, SSE) through FastMCP framework integration, allowing clients to connect via different communication channels based on their architecture. Stdio is default for local CLI and IDE integrations, streamable-http for web-based clients, and SSE for backwards compatibility. The server automatically handles protocol negotiation and message serialization, abstracting transport complexity from tool implementations.

The Semgrep MCP Server is distributed as Docker images supporting multi-architecture builds (linux/amd64, linux/arm64) via ghcr.io/semgrep/mcp, with built-in security attestations (SBOM and provenance). The Docker images include all dependencies and Semgrep CLI, enabling zero-configuration containerized deployment. Images are signed and include software bill of materials (SBOM) for supply chain security verification.