semgrep

Official
15
GitHub Repo

Overview

Scan code for security vulnerabilities using Semgrep with 5,000+ semantic analysis rules

Transport

stdio

Tools

  • get_abstract_syntax_tree
  • get_supported_languages
  • semgrep_findings
  • semgrep_rule_schema
  • semgrep_scan
  • semgrep_scan_supply_chain
  • semgrep_scan_with_custom_rule

Key Capabilities

  • Static security analysis with 5,000+ semantic rules for vulnerability detection
  • Code scanning with AST (abstract syntax tree) analysis across multiple languages
  • Supply chain security scanning with dedicated tooling
  • Custom rule creation and execution for project-specific security needs

How It Works

The MCP server provides access to Semgrep’s code security scanning capabilities through:

  1. Security vulnerability scanning with semantic analysis using 5,000+ rules
  2. Abstract syntax tree (AST) generation and language support queries
  3. Supply chain security scanning for dependencies and third-party code
  4. Custom security rule creation and validation with schema support