About
A Model Context Protocol server for using Semgrep to scan code for security vulnerabilities. Semgrep is a fast, deterministic static analysis tool that semantically understands many languages and comes with over 5,000 rules.
Note: This repository has been deprecated. Further updates are now in the main semgrep repository.
Features
Security Scanning
- Scan code for security vulnerabilities using Semgrep's extensive rule library
- Create and use custom Semgrep rules
- Get Abstract Syntax Tree (AST) output for code analysis
Cloud Platform Integration
Optionally connect to Semgrep AppSec Platform to:
- Fetch findings from the Semgrep AppSec Platform API
- Leverage cloud-based scanning capabilities
Language Support
- Supports many programming languages
- Query supported languages via the
supported_languagestool
Tools
security_check- Scan code for security vulnerabilitiessemgrep_scan- Scan code files with a given config stringsemgrep_scan_with_custom_rule- Scan using custom Semgrep rulesget_abstract_syntax_tree- Output the AST of codesemgrep_findings- Fetch findings from Semgrep AppSec Platform (requires token)supported_languages- List languages Semgrep supportssemgrep_rule_schema- Fetch the latest Semgrep rule JSON Schema
Resources
semgrep://rule/schema- Semgrep rule YAML syntax JSON schemasemgrep://rule/{rule_id}/yaml- Full Semgrep rule in YAML format from registry
Prompts
write_custom_semgrep_rule- Help write a Semgrep rule
This server runs through your single 1Server connection. No extra config required.
0Installs
669Stars
Categories
DevelopmentDevOpsDebug
Links
Tags
Official