💻

Semgrep MCP Server

Updated June 2026✓ Official

The Semgrep MCP server, built by Semgrep, provides the official Semgrep MCP server lets an AI assistant run Semgrep — a fast, deterministic static analysis engine that semantically understands 30+ languages and ships over 5,000 security rules — directly against the code it is writing or reviewing, so you can "secure your vibe coding" without leaving Claude, Cursor, VS Code, or Windsurf. It is officially maintained and best for Coding & Dev.

by Semgrep

About

The official Semgrep MCP server lets an AI assistant run Semgrep — a fast, deterministic static analysis engine that semantically understands 30+ languages and ships over 5,000 security rules — directly against the code it is writing or reviewing, so you can "secure your vibe coding" without leaving Claude, Cursor, VS Code, or Windsurf. It exposes a focused tool surface: `security_check` scans code for vulnerabilities, `semgrep_scan` runs a scan with a given rule config, `semgrep_scan_with_custom_rule` applies a custom Semgrep rule you supply inline, `get_abstract_syntax_tree` returns the AST of a snippet so an agent can reason about code structure, `supported_languages` lists the languages Semgrep can parse, and `semgrep_rule_schema` fetches the latest rule JSON Schema for writing new rules. With a Semgrep AppSec Platform login and token, `semgrep_findings` pulls findings from your organization's cloud account. The server runs three ways — as a Python package via `uvx semgrep-mcp` (PyPI: semgrep-mcp), as a Docker container `ghcr.io/semgrep/mcp`, or against Semgrep's hosted endpoint at mcp.semgrep.ai — and supports stdio, Streamable HTTP, and SSE transports. Note: the standalone semgrep/mcp repository is now deprecated, with ongoing development folded into the main `semgrep` binary (semgrep/semgrep, under cli/src/semgrep/mcp), so future updates ship through the official Semgrep CLI itself.

Installation

pip
uvx semgrep-mcp

Frequently Asked Questions

What is Semgrep MCP Server?
Semgrep is an MCP server built by Semgrep. The official Semgrep MCP server lets an AI assistant run Semgrep — a fast, deterministic static analysis engine that semantically understands 30+ languages and ships over 5,000 security rules — directly against the code it is writing or reviewing, so you can "secure your vibe coding" without leaving Claude, Cursor, VS Code, or Windsurf. It exposes a focused tool surface: `security_check` scans code for vulnerabilities, `semgrep_scan` runs a scan with a given rule config, `semgrep_scan_with_custom_rule` applies a custom Semgrep rule you supply inline, `get_abstract_syntax_tree` returns the AST of a snippet so an agent can reason about code structure, `supported_languages` lists the languages Semgrep can parse, and `semgrep_rule_schema` fetches the latest rule JSON Schema for writing new rules. With a Semgrep AppSec Platform login and token, `semgrep_findings` pulls findings from your organization's cloud account. The server runs three ways — as a Python package via `uvx semgrep-mcp` (PyPI: semgrep-mcp), as a Docker container `ghcr.io/semgrep/mcp`, or against Semgrep's hosted endpoint at mcp.semgrep.ai — and supports stdio, Streamable HTTP, and SSE transports. Note: the standalone semgrep/mcp repository is now deprecated, with ongoing development folded into the main `semgrep` binary (semgrep/semgrep, under cli/src/semgrep/mcp), so future updates ship through the official Semgrep CLI itself.
Who built Semgrep MCP Server?
Semgrep MCP Server was built by Semgrep.
Is Semgrep MCP Server free?
Yes, Semgrep MCP Server has a free option. The MCP server is free and open-source. Semgrep: Free and open-source for CLI. Semgrep Cloud: Free tier. Team: from $40/contributor/mo. Enterprise: Custom.
How do I install Semgrep MCP Server?
Install Semgrep MCP Server with pip: uvx semgrep-mcp
What does Semgrep MCP Server integrate with?
Semgrep MCP Server integrates with Claude Desktop, Cursor, VS Code, Windsurf, Cline.

Live Status

Auth requiredChecked 7d ago
Latency
173 ms

OAuth-gated (HTTP 401): Streamable HTTP error: Error POSTing to endpoint: {"error": "invalid_token", "error_description": "Authentication required"}

Uptime 0% over the last 6 checksRecent uptime

Quick Info

Install Type
pip
Author
Semgrep
Categories
2
Integrations
5

Related Servers

💻

Everything

Reference/test server with prompts, resources, and tools. Perfect for testing MCP implementations.

Local
💻

Git

Tools to read, search, and manipulate Git repositories. Full Git operations support.

Local
🤖

Sequential Thinking

Dynamic and reflective problem-solving through thought sequences.

Local
💻

21st.dev Magic

Create crafted UI components inspired by the best 21st.dev design engineers.

Local
💻

GitHub MCP Server

The GitHub MCP server is GitHub's official Model Context Protocol integration, giving AI assistants like Claude and Cursor direct, authenticated access to the GitHub platform and its full developer surface. With this MCP server, you can ask your AI to read and write repository files, create and merge branches, open and review pull requests, comment on and close issues, trigger GitHub Actions workflows, search across code repositories with GitHub's code search, and inspect commit history — all through natural-language prompts in your AI interface. Developers use it to supercharge code review workflows, automate issue triage, generate PR descriptions from diffs, bulk-update repository settings, and wire AI agents into CI/CD pipelines. The GitHub MCP server connects via a GITHUB_PERSONAL_ACCESS_TOKEN environment variable with scopes for the operations you need, keeping authentication clean and auditable. Install with Docker: `docker run -e GITHUB_PERSONAL_ACCESS_TOKEN=<token> ghcr.io/github/github-mcp-server` — or configure it as a remote MCP server in Claude Desktop, Cursor, VS Code, Windsurf, and Cline. With over 8,000 GitHub stars, it is the most widely deployed official code-platform MCP server and the reference implementation for AI-native GitHub automation.

Auth required

Sponsored

Better Stack

Free Plan

Get alerted when your APIs, browser tests, payment pipelines, or MCP server dependencies go down. Used by 100K+ developers.

Start monitoring free →