Semgrep Mcp 伺服器

概覽

什麼是 MCP？

MCP，或多元組件平台，是一個伺服器，旨在利用 Semgrep 進行代碼掃描，以識別安全漏洞。它是開發人員和安全專業人員的強大工具，使他們能夠通過在開發過程中及早檢測潛在的安全問題來確保其代碼庫的完整性和安全性。

MCP 的特點

安全掃描：MCP 利用 Semgrep 的能力掃描代碼中的各種安全漏洞，幫助團隊維持安全的編碼實踐。
用戶友好的界面：該平台提供直觀的界面，簡化了掃描過程，使所有技能水平的用戶都能輕鬆使用。
與 CI/CD 集成：MCP 可以集成到持續集成和持續部署（CI/CD）管道中，允許在開發工作流程中自動進行安全檢查。
可自定義規則：用戶可以定義符合其特定安全需求的自定義規則，增強掃描過程的有效性。
實時反饋：該平台提供有關代碼漏洞的即時反饋，使開發人員能夠及時解決問題。

如何使用 MCP

設置您的環境：首先在您的伺服器或本地機器上安裝 MCP。按照文檔中提供的安裝說明進行操作。
配置您的項目：在 MCP 中創建一個新項目並配置必要的設置，包括您使用的編程語言和框架。
定義掃描規則：利用內置規則或創建反映您組織安全政策的自定義規則。
執行掃描：對您的代碼庫啟動掃描。MCP 將分析代碼並根據定義的規則識別任何漏洞。
審查結果：掃描完成後，查看結果以了解檢測到的漏洞。該平台將提供有關每個問題的詳細信息。
修復漏洞：解決代碼中識別的漏洞。利用 MCP 提供的反饋來指導您的修復工作。
集成到 CI/CD：為了持續的安全保障，將 MCP 集成到您的 CI/CD 管道中，以便在每次代碼更改時自動掃描。

常見問題

MCP 支持哪些編程語言？

MCP 支持多種編程語言，包括但不限於 Python、JavaScript、Java 和 Go。請查看文檔以獲取完整的支持語言列表。

MCP 是開源的嗎？

是的，MCP 是一個開源項目，允許用戶為其開發做出貢獻並根據需要進行自定義。

我該如何報告在 MCP 中發現的漏洞？

如果您在 MCP 本身中發現漏洞，請通過 GitHub 上的項目問題跟踪器報告。提供詳細信息以幫助維護者及時解決問題。

我可以將 MCP 用於商業項目嗎？

當然可以！MCP 設計用於個人和商業用途，使其成為開發人員和組織的多功能工具。

我可以在哪裡找到有關 MCP 的更多信息？

有關更多信息，請訪問官方 MCP 網站 mcp.semgrep.ai 或查看 GitHub 存儲庫以獲取文檔和更新。

詳細

Semgrep MCP Server

A Model Context Protocol (MCP) server for using Semgrep to scan code for security vulnerabilities. Secure your vibe coding! 😅

Model Context Protocol (MCP) is a standardized API for LLMs, Agents, and IDEs like Cursor, VS Code, Windsurf, or anything that supports MCP, to get specialized help, get context, and harness the power of tools. Semgrep is a fast, deterministic static analysis tool that semantically understands many languages and comes with over 5,000 rules. 🛠️

[!NOTE] This beta project is under active development. We would love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

Semgrep MCP Server

Getting started

Run the Python package as a CLI command using uv:

uvx semgrep-mcp # see --help for more options

Or, run as a Docker container:

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

Cursor

Example mcp.json

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"],
      "env": {
        "SEMGREP_APP_TOKEN": "<token>"
      }
    }
  }
}

Add an instruction to your .cursor/rules to use automatically:

Always scan code generated using Semgrep for security vulnerabilities

ChatGPT

Go to the Connector Settings page (direct link)
Name the connection Semgrep
Set MCP Server URL to https://mcp.semgrep.ai/sse
Set Authentication to No authentication
Check the I trust this application checkbox
Click Create

See more details at the official docs.

Hosted Server

[!WARNING] mcp.semgrep.ai is an experimental server that may break unexpectedly. It will rapidly gain new functionality.🚀

Cursor

Cmd + Shift + J to open Cursor Settings
Select MCP Tools
Click New MCP Server.

{
  "mcpServers": {
    "semgrep": {
      "type": "streamable-http",
      "url": "https://mcp.semgrep.ai/mcp"
    }
  }
}

Demo

API

Tools

Enable LLMs to perform actions, make deterministic computations, and interact with external services.

Scan Code

security_check: Scan code for security vulnerabilities
semgrep_scan: Scan code files for security vulnerabilities with a given config string
semgrep_scan_with_custom_rule: Scan code files using a custom Semgrep rule

Understand Code

get_abstract_syntax_tree: Output the Abstract Syntax Tree (AST) of code

Cloud Platform (login and Semgrep token required)

semgrep_findings: Fetch Semgrep findings from the Semgrep AppSec Platform API

Prompts

Reusable prompts to standardize common LLM interactions.

write_custom_semgrep_rule: Return a prompt to help write a Semgrep rule

Resources

Expose data and content to LLMs

semgrep://rule/schema: Specification of the Semgrep rule YAML syntax using JSON schema
semgrep://rule/{rule_id}/yaml: Full Semgrep rule in YAML format from the Semgrep registry

Usage

This Python package is published to PyPI as semgrep-mcp and can be installed and run with pip, pipx, uv, poetry, or any Python package manager.

$ pipx install semgrep-mcp
$ semgrep-mcp --help

Usage: semgrep-mcp [OPTIONS]

  Entry point for the MCP server

  Supports both stdio and sse transports. For stdio, it will read from stdin
  and write to stdout. For sse, it will start an HTTP server on port 8000.

Options:
  -v, --version                Show version and exit.
  -t, --transport [stdio|sse]  Transport protocol to use (stdio or sse)
  -h, --help                   Show this message and exit.

Standard Input/Output (stdio)

The stdio transport enables communication through standard input and output streams. This is particularly useful for local integrations and command-line tools. See the spec for more details.

Python

semgrep-mcp

By default, the Python package will run in stdio mode. Because it's using the standard input and output streams, it will look like the tool is hanging without any output, but this is expected.

Docker

This server is published to Github's Container Registry (ghcr.io/semgrep/mcp)

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

By default, the Docker container is in SSE mode, so you will have to include -t stdio after the image name and run with -i to run in interactive mode.

Streamable HTTP

Streamable HTTP enables streaming responses over JSON RPC via HTTP POST requests. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/mcp for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t streamable-http

By default, the Python package will run in stdio mode, so you will have to include -t streamable-http.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp

Server-sent events (SSE)

[!WARNING] The MCP communiity considers this a legacy transport portcol and is really intended for backwards compatibility. Streamable HTTP is the recommended replacement.

SSE transport enables server-to-client streaming with Server-Send Events for client-to-server and server-to-client communication. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/sse for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t sse

By default, the Python package will run in stdio mode, so you will have to include -t sse.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp -t sse

Semgrep AppSec Platform

Optionally, to connect to Semgrep AppSec Platform:

Login or sign up
Generate a token from Settings
Add the token to your environment variables:
- CLI (export SEMGREP_APP_TOKEN=<token>)
- Docker (docker run -e SEMGREP_APP_TOKEN=<token>)
- MCP config JSON

    "env": {
      "SEMGREP_APP_TOKEN": "<token>"
    }

[!TIP] Please reach out for support if needed. ☎️

Integrations

Cursor IDE

Add the following JSON block to your ~/.cursor/mcp.json global or .cursor/mcp.json project-specific configuration file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

cursor MCP settings

See cursor docs for more info.

VS Code / Copilot

Click the install buttons at the top of this README for the quickest installation.

Manual Configuration

Add the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P and typing Preferences: Open User Settings (JSON).

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "uvx",
        "args": ["semgrep-mcp"]
      }
    }
  }
}

Optionally, you can add it to a file called .vscode/mcp.json in your workspace:

{
  "servers": {
    "semgrep": {
      "command": "uvx",
        "args": ["semgrep-mcp"]
    }
  }
}

Using Docker

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "ghcr.io/semgrep/mcp",
          "-t",
          "stdio"
        ]
      }
    }
  }
}

See VS Code docs for more info.

Windsurf

Add the following JSON block to your ~/.codeium/windsurf/mcp_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Windsurf docs for more info.

Claude Desktop

Here is a short video showing Claude Desktop using this server to write a custom rule.

Add the following JSON block to your claude_desktop_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Anthropic docs for more info.

Claude Code

claude mcp add semgrep uvx semgrep-mcp

See Claude Code docs for more info.

OpenAI

See the offical docs:

Agents SDK

async with MCPServerStdio(
    params={
        "command": "uvx",
        "args": ["semgrep-mcp"],
    }
) as server:
    tools = await server.list_tools()

See OpenAI Agents SDK docs for more info.

Custom clients

Example Python SSE client

See a full example in examples/sse_client.py

from mcp.client.session import ClientSession
from mcp.client.sse import sse_client


async def main():
    async with sse_client("http://localhost:8000/sse") as (read_stream, write_stream):
        async with ClientSession(read_stream, write_stream) as session:
            await session.initialize()
            results = await session.call_tool(
                "semgrep_scan",
                {
                    "code_files": [
                        {
                            "filename": "hello_world.py",
                            "content": "def hello(): print('Hello, World!')",
                        }
                    ]
                },
            )
            print(results)

[!TIP] Some client libraries want the URL: http://localhost:8000/sse and others only want the HOST: localhost:8000. Try out the URL in a web browser to confirm the server is running, and there are no network issues.

See official SDK docs for more info.

Contributing, community, and running from source

[!NOTE] We love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

See CONTRIBUTING.md for more info and details on how to run from the MCP server from source code.

Similar tools 🔍

semgrep-vscode - Official VS Code extension
semgrep-intellij - IntelliJ plugin

Community projects 🌟

semgrep-rules - The official collection of Semgrep rules
mcp-server-semgrep - Original inspiration written by Szowesgad and stefanskiasan

MCP server registries

Glama

MCP.so

Made with ❤️ by the Semgrep Team

{ "mcpServers": { "mcp": { "command": "docker", "args": [ "run", "-i", "--rm", "ghcr.io/metorial/mcp-container--semgrep--mcp--mcp", "semgrep-mcp" ], "env": { "SEMGREP_APP_TOKEN": "semgrep-app-token" } } } }

概覽

什麼是 MCP？

MCP 的特點

安全掃描：MCP 利用 Semgrep 的能力掃描代碼中的各種安全漏洞，幫助團隊維持安全的編碼實踐。
用戶友好的界面：該平台提供直觀的界面，簡化了掃描過程，使所有技能水平的用戶都能輕鬆使用。
與 CI/CD 集成：MCP 可以集成到持續集成和持續部署（CI/CD）管道中，允許在開發工作流程中自動進行安全檢查。
可自定義規則：用戶可以定義符合其特定安全需求的自定義規則，增強掃描過程的有效性。
實時反饋：該平台提供有關代碼漏洞的即時反饋，使開發人員能夠及時解決問題。

如何使用 MCP

設置您的環境：首先在您的伺服器或本地機器上安裝 MCP。按照文檔中提供的安裝說明進行操作。
配置您的項目：在 MCP 中創建一個新項目並配置必要的設置，包括您使用的編程語言和框架。
定義掃描規則：利用內置規則或創建反映您組織安全政策的自定義規則。
執行掃描：對您的代碼庫啟動掃描。MCP 將分析代碼並根據定義的規則識別任何漏洞。
審查結果：掃描完成後，查看結果以了解檢測到的漏洞。該平台將提供有關每個問題的詳細信息。
修復漏洞：解決代碼中識別的漏洞。利用 MCP 提供的反饋來指導您的修復工作。
集成到 CI/CD：為了持續的安全保障，將 MCP 集成到您的 CI/CD 管道中，以便在每次代碼更改時自動掃描。

常見問題

MCP 支持哪些編程語言？

MCP 支持多種編程語言，包括但不限於 Python、JavaScript、Java 和 Go。請查看文檔以獲取完整的支持語言列表。

MCP 是開源的嗎？

是的，MCP 是一個開源項目，允許用戶為其開發做出貢獻並根據需要進行自定義。

我該如何報告在 MCP 中發現的漏洞？

如果您在 MCP 本身中發現漏洞，請通過 GitHub 上的項目問題跟踪器報告。提供詳細信息以幫助維護者及時解決問題。

我可以將 MCP 用於商業項目嗎？

當然可以！MCP 設計用於個人和商業用途，使其成為開發人員和組織的多功能工具。

我可以在哪裡找到有關 MCP 的更多信息？

有關更多信息，請訪問官方 MCP 網站 mcp.semgrep.ai 或查看 GitHub 存儲庫以獲取文檔和更新。

詳細

Semgrep MCP Server

A Model Context Protocol (MCP) server for using Semgrep to scan code for security vulnerabilities. Secure your vibe coding! 😅

[!NOTE] This beta project is under active development. We would love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

Semgrep MCP Server

Getting started

Run the Python package as a CLI command using uv:

uvx semgrep-mcp # see --help for more options

Or, run as a Docker container:

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

Cursor

Example mcp.json

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"],
      "env": {
        "SEMGREP_APP_TOKEN": "<token>"
      }
    }
  }
}

Add an instruction to your .cursor/rules to use automatically:

Always scan code generated using Semgrep for security vulnerabilities

ChatGPT

Go to the Connector Settings page (direct link)
Name the connection Semgrep
Set MCP Server URL to https://mcp.semgrep.ai/sse
Set Authentication to No authentication
Check the I trust this application checkbox
Click Create

See more details at the official docs.

Hosted Server

[!WARNING] mcp.semgrep.ai is an experimental server that may break unexpectedly. It will rapidly gain new functionality.🚀

Cursor

Cmd + Shift + J to open Cursor Settings
Select MCP Tools
Click New MCP Server.

{
  "mcpServers": {
    "semgrep": {
      "type": "streamable-http",
      "url": "https://mcp.semgrep.ai/mcp"
    }
  }
}

Demo

API

Tools

Enable LLMs to perform actions, make deterministic computations, and interact with external services.

Scan Code

security_check: Scan code for security vulnerabilities
semgrep_scan: Scan code files for security vulnerabilities with a given config string
semgrep_scan_with_custom_rule: Scan code files using a custom Semgrep rule

Understand Code

get_abstract_syntax_tree: Output the Abstract Syntax Tree (AST) of code

Cloud Platform (login and Semgrep token required)

semgrep_findings: Fetch Semgrep findings from the Semgrep AppSec Platform API

Prompts

Reusable prompts to standardize common LLM interactions.

write_custom_semgrep_rule: Return a prompt to help write a Semgrep rule

Resources

Expose data and content to LLMs

semgrep://rule/schema: Specification of the Semgrep rule YAML syntax using JSON schema
semgrep://rule/{rule_id}/yaml: Full Semgrep rule in YAML format from the Semgrep registry

Usage

This Python package is published to PyPI as semgrep-mcp and can be installed and run with pip, pipx, uv, poetry, or any Python package manager.

$ pipx install semgrep-mcp
$ semgrep-mcp --help

Usage: semgrep-mcp [OPTIONS]

  Entry point for the MCP server

  Supports both stdio and sse transports. For stdio, it will read from stdin
  and write to stdout. For sse, it will start an HTTP server on port 8000.

Options:
  -v, --version                Show version and exit.
  -t, --transport [stdio|sse]  Transport protocol to use (stdio or sse)
  -h, --help                   Show this message and exit.

Standard Input/Output (stdio)

The stdio transport enables communication through standard input and output streams. This is particularly useful for local integrations and command-line tools. See the spec for more details.

Python

semgrep-mcp

By default, the Python package will run in stdio mode. Because it's using the standard input and output streams, it will look like the tool is hanging without any output, but this is expected.

Docker

This server is published to Github's Container Registry (ghcr.io/semgrep/mcp)

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

By default, the Docker container is in SSE mode, so you will have to include -t stdio after the image name and run with -i to run in interactive mode.

Streamable HTTP

Streamable HTTP enables streaming responses over JSON RPC via HTTP POST requests. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/mcp for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t streamable-http

By default, the Python package will run in stdio mode, so you will have to include -t streamable-http.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp

Server-sent events (SSE)

[!WARNING] The MCP communiity considers this a legacy transport portcol and is really intended for backwards compatibility. Streamable HTTP is the recommended replacement.

SSE transport enables server-to-client streaming with Server-Send Events for client-to-server and server-to-client communication. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/sse for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t sse

By default, the Python package will run in stdio mode, so you will have to include -t sse.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp -t sse

Semgrep AppSec Platform

Optionally, to connect to Semgrep AppSec Platform:

Login or sign up
Generate a token from Settings
Add the token to your environment variables:
- CLI (export SEMGREP_APP_TOKEN=<token>)
- Docker (docker run -e SEMGREP_APP_TOKEN=<token>)
- MCP config JSON

    "env": {
      "SEMGREP_APP_TOKEN": "<token>"
    }

[!TIP] Please reach out for support if needed. ☎️

Integrations

Cursor IDE

Add the following JSON block to your ~/.cursor/mcp.json global or .cursor/mcp.json project-specific configuration file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

cursor MCP settings

See cursor docs for more info.

VS Code / Copilot

Click the install buttons at the top of this README for the quickest installation.

Manual Configuration

Add the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P and typing Preferences: Open User Settings (JSON).

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "uvx",
        "args": ["semgrep-mcp"]
      }
    }
  }
}

Optionally, you can add it to a file called .vscode/mcp.json in your workspace:

{
  "servers": {
    "semgrep": {
      "command": "uvx",
        "args": ["semgrep-mcp"]
    }
  }
}

Using Docker

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "ghcr.io/semgrep/mcp",
          "-t",
          "stdio"
        ]
      }
    }
  }
}

See VS Code docs for more info.

Windsurf

Add the following JSON block to your ~/.codeium/windsurf/mcp_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Windsurf docs for more info.

Claude Desktop

Here is a short video showing Claude Desktop using this server to write a custom rule.

Add the following JSON block to your claude_desktop_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Anthropic docs for more info.

Claude Code

claude mcp add semgrep uvx semgrep-mcp

See Claude Code docs for more info.

OpenAI

See the offical docs:

Agents SDK

async with MCPServerStdio(
    params={
        "command": "uvx",
        "args": ["semgrep-mcp"],
    }
) as server:
    tools = await server.list_tools()

See OpenAI Agents SDK docs for more info.

Custom clients

Example Python SSE client

See a full example in examples/sse_client.py

from mcp.client.session import ClientSession
from mcp.client.sse import sse_client


async def main():
    async with sse_client("http://localhost:8000/sse") as (read_stream, write_stream):
        async with ClientSession(read_stream, write_stream) as session:
            await session.initialize()
            results = await session.call_tool(
                "semgrep_scan",
                {
                    "code_files": [
                        {
                            "filename": "hello_world.py",
                            "content": "def hello(): print('Hello, World!')",
                        }
                    ]
                },
            )
            print(results)

[!TIP] Some client libraries want the URL: http://localhost:8000/sse and others only want the HOST: localhost:8000. Try out the URL in a web browser to confirm the server is running, and there are no network issues.

See official SDK docs for more info.

Contributing, community, and running from source

[!NOTE] We love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

See CONTRIBUTING.md for more info and details on how to run from the MCP server from source code.

Similar tools 🔍

semgrep-vscode - Official VS Code extension
semgrep-intellij - IntelliJ plugin

Community projects 🌟

semgrep-rules - The official collection of Semgrep rules
mcp-server-semgrep - Original inspiration written by Szowesgad and stefanskiasan

MCP server registries

Glama

MCP.so

Made with ❤️ by the Semgrep Team

概覽

什麼是 MCP？

MCP 的特點

如何使用 MCP

常見問題

MCP 支持哪些編程語言？

MCP 是開源的嗎？

我該如何報告在 MCP 中發現的漏洞？

我可以將 MCP 用於商業項目嗎？

我可以在哪裡找到有關 MCP 的更多信息？

詳細

Semgrep MCP Server

Contents

Getting started

Cursor

ChatGPT

Hosted Server

Cursor

Demo

API

Tools

Scan Code

Understand Code

Cloud Platform (login and Semgrep token required)

Meta

Prompts

Resources

Usage

Standard Input/Output (stdio)

Python

Docker

Streamable HTTP

Python

Docker

Server-sent events (SSE)

Python

Docker

Semgrep AppSec Platform

Integrations

Cursor IDE

VS Code / Copilot

Manual Configuration

Using Docker

Windsurf

Claude Desktop

Claude Code

OpenAI

Agents SDK

Custom clients

Example Python SSE client

Contributing, community, and running from source

Similar tools 🔍

Community projects 🌟

MCP server registries

伺服器配置

專案資訊

Semgrep Mcp 伺服器

概覽

什麼是 MCP？

MCP 的特點

如何使用 MCP

常見問題

MCP 支持哪些編程語言？

MCP 是開源的嗎？

我該如何報告在 MCP 中發現的漏洞？

我可以將 MCP 用於商業項目嗎？

我可以在哪裡找到有關 MCP 的更多信息？

詳細

Semgrep MCP Server

Contents

Getting started

Cursor

ChatGPT

Hosted Server

Cursor

Demo

API

Tools

Scan Code