Semgrep Mcp 服务器

概览

什么是 MCP？

MCP，或多组件平台，是一个旨在利用 Semgrep 扫描代码以识别安全漏洞的服务器。它为开发人员和安全专业人士提供了一个强大的工具，使他们能够通过在开发过程中及早检测潜在的安全问题来确保代码库的完整性和安全性。

MCP 的特点

安全扫描：MCP 利用 Semgrep 的能力扫描代码中的各种安全漏洞，帮助团队保持安全编码实践。
用户友好的界面：该平台提供直观的界面，简化了扫描过程，使所有技能水平的用户都能轻松使用。
与 CI/CD 集成：MCP 可以集成到持续集成和持续部署（CI/CD）管道中，允许在开发工作流程中自动进行安全检查。
可定制规则：用户可以定义符合其特定安全要求的自定义规则，从而增强扫描过程的有效性。
实时反馈：该平台提供关于代码漏洞的即时反馈，使开发人员能够及时解决问题。

如何使用 MCP

设置环境：首先在您的服务器或本地机器上安装 MCP。按照文档中提供的安装说明进行操作。
配置项目：在 MCP 中创建一个新项目，并配置必要的设置，包括您使用的编程语言和框架。
定义扫描规则：利用内置规则或创建反映您组织安全政策的自定义规则。
运行扫描：对您的代码库发起扫描。MCP 将分析代码并根据定义的规则识别任何漏洞。
审查结果：扫描完成后，审查结果以了解检测到的漏洞。该平台将提供有关每个问题的详细信息。
修复漏洞：解决代码中识别出的漏洞。使用 MCP 提供的反馈指导您的修复工作。
集成到 CI/CD：为了持续的安全保障，将 MCP 集成到您的 CI/CD 管道中，以便在每次代码更改时自动进行扫描。

常见问题解答

MCP 支持哪些编程语言？

MCP 支持多种编程语言，包括但不限于 Python、JavaScript、Java 和 Go。请查看文档以获取支持语言的完整列表。

MCP 是开源的吗？

是的，MCP 是一个开源项目，允许用户为其开发做出贡献，并根据自己的需求进行定制。

我该如何报告在 MCP 中发现的漏洞？

如果您发现 MCP 本身的漏洞，请通过 GitHub 上的项目问题跟踪器报告。提供详细信息以帮助维护者及时解决问题。

我可以将 MCP 用于商业项目吗？

当然可以！MCP 旨在用于个人和商业用途，是开发人员和组织的多功能工具。

我在哪里可以找到有关 MCP 的更多信息？

有关更多信息，请访问官方 MCP 网站 mcp.semgrep.ai 或查看 GitHub 仓库以获取文档和更新。

详情

Semgrep MCP Server

A Model Context Protocol (MCP) server for using Semgrep to scan code for security vulnerabilities. Secure your vibe coding! 😅

Model Context Protocol (MCP) is a standardized API for LLMs, Agents, and IDEs like Cursor, VS Code, Windsurf, or anything that supports MCP, to get specialized help, get context, and harness the power of tools. Semgrep is a fast, deterministic static analysis tool that semantically understands many languages and comes with over 5,000 rules. 🛠️

[!NOTE] This beta project is under active development. We would love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

Semgrep MCP Server

Getting started

Run the Python package as a CLI command using uv:

uvx semgrep-mcp # see --help for more options

Or, run as a Docker container:

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

Cursor

Example mcp.json

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"],
      "env": {
        "SEMGREP_APP_TOKEN": "<token>"
      }
    }
  }
}

Add an instruction to your .cursor/rules to use automatically:

Always scan code generated using Semgrep for security vulnerabilities

ChatGPT

Go to the Connector Settings page (direct link)
Name the connection Semgrep
Set MCP Server URL to https://mcp.semgrep.ai/sse
Set Authentication to No authentication
Check the I trust this application checkbox
Click Create

See more details at the official docs.

Hosted Server

[!WARNING] mcp.semgrep.ai is an experimental server that may break unexpectedly. It will rapidly gain new functionality.🚀

Cursor

Cmd + Shift + J to open Cursor Settings
Select MCP Tools
Click New MCP Server.

{
  "mcpServers": {
    "semgrep": {
      "type": "streamable-http",
      "url": "https://mcp.semgrep.ai/mcp"
    }
  }
}

Demo

API

Tools

Enable LLMs to perform actions, make deterministic computations, and interact with external services.

Scan Code

security_check: Scan code for security vulnerabilities
semgrep_scan: Scan code files for security vulnerabilities with a given config string
semgrep_scan_with_custom_rule: Scan code files using a custom Semgrep rule

Understand Code

get_abstract_syntax_tree: Output the Abstract Syntax Tree (AST) of code

Cloud Platform (login and Semgrep token required)

semgrep_findings: Fetch Semgrep findings from the Semgrep AppSec Platform API

Prompts

Reusable prompts to standardize common LLM interactions.

write_custom_semgrep_rule: Return a prompt to help write a Semgrep rule

Resources

Expose data and content to LLMs

semgrep://rule/schema: Specification of the Semgrep rule YAML syntax using JSON schema
semgrep://rule/{rule_id}/yaml: Full Semgrep rule in YAML format from the Semgrep registry

Usage

This Python package is published to PyPI as semgrep-mcp and can be installed and run with pip, pipx, uv, poetry, or any Python package manager.

$ pipx install semgrep-mcp
$ semgrep-mcp --help

Usage: semgrep-mcp [OPTIONS]

  Entry point for the MCP server

  Supports both stdio and sse transports. For stdio, it will read from stdin
  and write to stdout. For sse, it will start an HTTP server on port 8000.

Options:
  -v, --version                Show version and exit.
  -t, --transport [stdio|sse]  Transport protocol to use (stdio or sse)
  -h, --help                   Show this message and exit.

Standard Input/Output (stdio)

The stdio transport enables communication through standard input and output streams. This is particularly useful for local integrations and command-line tools. See the spec for more details.

Python

semgrep-mcp

By default, the Python package will run in stdio mode. Because it's using the standard input and output streams, it will look like the tool is hanging without any output, but this is expected.

Docker

This server is published to Github's Container Registry (ghcr.io/semgrep/mcp)

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

By default, the Docker container is in SSE mode, so you will have to include -t stdio after the image name and run with -i to run in interactive mode.

Streamable HTTP

Streamable HTTP enables streaming responses over JSON RPC via HTTP POST requests. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/mcp for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t streamable-http

By default, the Python package will run in stdio mode, so you will have to include -t streamable-http.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp

Server-sent events (SSE)

[!WARNING] The MCP communiity considers this a legacy transport portcol and is really intended for backwards compatibility. Streamable HTTP is the recommended replacement.

SSE transport enables server-to-client streaming with Server-Send Events for client-to-server and server-to-client communication. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/sse for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t sse

By default, the Python package will run in stdio mode, so you will have to include -t sse.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp -t sse

Semgrep AppSec Platform

Optionally, to connect to Semgrep AppSec Platform:

Login or sign up
Generate a token from Settings
Add the token to your environment variables:
- CLI (export SEMGREP_APP_TOKEN=<token>)
- Docker (docker run -e SEMGREP_APP_TOKEN=<token>)
- MCP config JSON

    "env": {
      "SEMGREP_APP_TOKEN": "<token>"
    }

[!TIP] Please reach out for support if needed. ☎️

Integrations

Cursor IDE

Add the following JSON block to your ~/.cursor/mcp.json global or .cursor/mcp.json project-specific configuration file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

cursor MCP settings

See cursor docs for more info.

VS Code / Copilot

Click the install buttons at the top of this README for the quickest installation.

Manual Configuration

Add the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P and typing Preferences: Open User Settings (JSON).

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "uvx",
        "args": ["semgrep-mcp"]
      }
    }
  }
}

Optionally, you can add it to a file called .vscode/mcp.json in your workspace:

{
  "servers": {
    "semgrep": {
      "command": "uvx",
        "args": ["semgrep-mcp"]
    }
  }
}

Using Docker

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "ghcr.io/semgrep/mcp",
          "-t",
          "stdio"
        ]
      }
    }
  }
}

See VS Code docs for more info.

Windsurf

Add the following JSON block to your ~/.codeium/windsurf/mcp_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Windsurf docs for more info.

Claude Desktop

Here is a short video showing Claude Desktop using this server to write a custom rule.

Add the following JSON block to your claude_desktop_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Anthropic docs for more info.

Claude Code

claude mcp add semgrep uvx semgrep-mcp

See Claude Code docs for more info.

OpenAI

See the offical docs:

Agents SDK

async with MCPServerStdio(
    params={
        "command": "uvx",
        "args": ["semgrep-mcp"],
    }
) as server:
    tools = await server.list_tools()

See OpenAI Agents SDK docs for more info.

Custom clients

Example Python SSE client

See a full example in examples/sse_client.py

from mcp.client.session import ClientSession
from mcp.client.sse import sse_client


async def main():
    async with sse_client("http://localhost:8000/sse") as (read_stream, write_stream):
        async with ClientSession(read_stream, write_stream) as session:
            await session.initialize()
            results = await session.call_tool(
                "semgrep_scan",
                {
                    "code_files": [
                        {
                            "filename": "hello_world.py",
                            "content": "def hello(): print('Hello, World!')",
                        }
                    ]
                },
            )
            print(results)

[!TIP] Some client libraries want the URL: http://localhost:8000/sse and others only want the HOST: localhost:8000. Try out the URL in a web browser to confirm the server is running, and there are no network issues.

See official SDK docs for more info.

Contributing, community, and running from source

[!NOTE] We love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

See CONTRIBUTING.md for more info and details on how to run from the MCP server from source code.

Similar tools 🔍

semgrep-vscode - Official VS Code extension
semgrep-intellij - IntelliJ plugin

Community projects 🌟

semgrep-rules - The official collection of Semgrep rules
mcp-server-semgrep - Original inspiration written by Szowesgad and stefanskiasan

MCP server registries

Glama

MCP.so

Made with ❤️ by the Semgrep Team

{ "mcpServers": { "mcp": { "command": "docker", "args": [ "run", "-i", "--rm", "ghcr.io/metorial/mcp-container--semgrep--mcp--mcp", "semgrep-mcp" ], "env": { "SEMGREP_APP_TOKEN": "semgrep-app-token" } } } }

概览

什么是 MCP？

MCP 的特点

安全扫描：MCP 利用 Semgrep 的能力扫描代码中的各种安全漏洞，帮助团队保持安全编码实践。
用户友好的界面：该平台提供直观的界面，简化了扫描过程，使所有技能水平的用户都能轻松使用。
与 CI/CD 集成：MCP 可以集成到持续集成和持续部署（CI/CD）管道中，允许在开发工作流程中自动进行安全检查。
可定制规则：用户可以定义符合其特定安全要求的自定义规则，从而增强扫描过程的有效性。
实时反馈：该平台提供关于代码漏洞的即时反馈，使开发人员能够及时解决问题。

如何使用 MCP

设置环境：首先在您的服务器或本地机器上安装 MCP。按照文档中提供的安装说明进行操作。
配置项目：在 MCP 中创建一个新项目，并配置必要的设置，包括您使用的编程语言和框架。
定义扫描规则：利用内置规则或创建反映您组织安全政策的自定义规则。
运行扫描：对您的代码库发起扫描。MCP 将分析代码并根据定义的规则识别任何漏洞。
审查结果：扫描完成后，审查结果以了解检测到的漏洞。该平台将提供有关每个问题的详细信息。
修复漏洞：解决代码中识别出的漏洞。使用 MCP 提供的反馈指导您的修复工作。
集成到 CI/CD：为了持续的安全保障，将 MCP 集成到您的 CI/CD 管道中，以便在每次代码更改时自动进行扫描。

常见问题解答

MCP 支持哪些编程语言？

MCP 支持多种编程语言，包括但不限于 Python、JavaScript、Java 和 Go。请查看文档以获取支持语言的完整列表。

MCP 是开源的吗？

是的，MCP 是一个开源项目，允许用户为其开发做出贡献，并根据自己的需求进行定制。

我该如何报告在 MCP 中发现的漏洞？

如果您发现 MCP 本身的漏洞，请通过 GitHub 上的项目问题跟踪器报告。提供详细信息以帮助维护者及时解决问题。

我可以将 MCP 用于商业项目吗？

当然可以！MCP 旨在用于个人和商业用途，是开发人员和组织的多功能工具。

我在哪里可以找到有关 MCP 的更多信息？

有关更多信息，请访问官方 MCP 网站 mcp.semgrep.ai 或查看 GitHub 仓库以获取文档和更新。

详情

Semgrep MCP Server

A Model Context Protocol (MCP) server for using Semgrep to scan code for security vulnerabilities. Secure your vibe coding! 😅

[!NOTE] This beta project is under active development. We would love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

Semgrep MCP Server

Getting started

Run the Python package as a CLI command using uv:

uvx semgrep-mcp # see --help for more options

Or, run as a Docker container:

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

Cursor

Example mcp.json

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"],
      "env": {
        "SEMGREP_APP_TOKEN": "<token>"
      }
    }
  }
}

Add an instruction to your .cursor/rules to use automatically:

Always scan code generated using Semgrep for security vulnerabilities

ChatGPT

Go to the Connector Settings page (direct link)
Name the connection Semgrep
Set MCP Server URL to https://mcp.semgrep.ai/sse
Set Authentication to No authentication
Check the I trust this application checkbox
Click Create

See more details at the official docs.

Hosted Server

[!WARNING] mcp.semgrep.ai is an experimental server that may break unexpectedly. It will rapidly gain new functionality.🚀

Cursor

Cmd + Shift + J to open Cursor Settings
Select MCP Tools
Click New MCP Server.

{
  "mcpServers": {
    "semgrep": {
      "type": "streamable-http",
      "url": "https://mcp.semgrep.ai/mcp"
    }
  }
}

Demo

API

Tools

Enable LLMs to perform actions, make deterministic computations, and interact with external services.

Scan Code

security_check: Scan code for security vulnerabilities
semgrep_scan: Scan code files for security vulnerabilities with a given config string
semgrep_scan_with_custom_rule: Scan code files using a custom Semgrep rule

Understand Code

get_abstract_syntax_tree: Output the Abstract Syntax Tree (AST) of code

Cloud Platform (login and Semgrep token required)

semgrep_findings: Fetch Semgrep findings from the Semgrep AppSec Platform API

Prompts

Reusable prompts to standardize common LLM interactions.

write_custom_semgrep_rule: Return a prompt to help write a Semgrep rule

Resources

Expose data and content to LLMs

semgrep://rule/schema: Specification of the Semgrep rule YAML syntax using JSON schema
semgrep://rule/{rule_id}/yaml: Full Semgrep rule in YAML format from the Semgrep registry

Usage

This Python package is published to PyPI as semgrep-mcp and can be installed and run with pip, pipx, uv, poetry, or any Python package manager.

$ pipx install semgrep-mcp
$ semgrep-mcp --help

Usage: semgrep-mcp [OPTIONS]

  Entry point for the MCP server

  Supports both stdio and sse transports. For stdio, it will read from stdin
  and write to stdout. For sse, it will start an HTTP server on port 8000.

Options:
  -v, --version                Show version and exit.
  -t, --transport [stdio|sse]  Transport protocol to use (stdio or sse)
  -h, --help                   Show this message and exit.

Standard Input/Output (stdio)

The stdio transport enables communication through standard input and output streams. This is particularly useful for local integrations and command-line tools. See the spec for more details.

Python

semgrep-mcp

By default, the Python package will run in stdio mode. Because it's using the standard input and output streams, it will look like the tool is hanging without any output, but this is expected.

Docker

This server is published to Github's Container Registry (ghcr.io/semgrep/mcp)

docker run -i --rm ghcr.io/semgrep/mcp -t stdio

By default, the Docker container is in SSE mode, so you will have to include -t stdio after the image name and run with -i to run in interactive mode.

Streamable HTTP

Streamable HTTP enables streaming responses over JSON RPC via HTTP POST requests. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/mcp for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t streamable-http

By default, the Python package will run in stdio mode, so you will have to include -t streamable-http.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp

Server-sent events (SSE)

[!WARNING] The MCP communiity considers this a legacy transport portcol and is really intended for backwards compatibility. Streamable HTTP is the recommended replacement.

SSE transport enables server-to-client streaming with Server-Send Events for client-to-server and server-to-client communication. See the spec for more details.

By default, the server listens on 127.0.0.1:8000/sse for client connections. To change any of this, set FASTMCP_* environment variables. The server must be running for clients to connect to it.

Python

semgrep-mcp -t sse

By default, the Python package will run in stdio mode, so you will have to include -t sse.

Docker

docker run -p 8000:0000 ghcr.io/semgrep/mcp -t sse

Semgrep AppSec Platform

Optionally, to connect to Semgrep AppSec Platform:

Login or sign up
Generate a token from Settings
Add the token to your environment variables:
- CLI (export SEMGREP_APP_TOKEN=<token>)
- Docker (docker run -e SEMGREP_APP_TOKEN=<token>)
- MCP config JSON

    "env": {
      "SEMGREP_APP_TOKEN": "<token>"
    }

[!TIP] Please reach out for support if needed. ☎️

Integrations

Cursor IDE

Add the following JSON block to your ~/.cursor/mcp.json global or .cursor/mcp.json project-specific configuration file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

cursor MCP settings

See cursor docs for more info.

VS Code / Copilot

Click the install buttons at the top of this README for the quickest installation.

Manual Configuration

Add the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P and typing Preferences: Open User Settings (JSON).

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "uvx",
        "args": ["semgrep-mcp"]
      }
    }
  }
}

Optionally, you can add it to a file called .vscode/mcp.json in your workspace:

{
  "servers": {
    "semgrep": {
      "command": "uvx",
        "args": ["semgrep-mcp"]
    }
  }
}

Using Docker

{
  "mcp": {
    "servers": {
      "semgrep": {
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "ghcr.io/semgrep/mcp",
          "-t",
          "stdio"
        ]
      }
    }
  }
}

See VS Code docs for more info.

Windsurf

Add the following JSON block to your ~/.codeium/windsurf/mcp_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Windsurf docs for more info.

Claude Desktop

Here is a short video showing Claude Desktop using this server to write a custom rule.

Add the following JSON block to your claude_desktop_config.json file:

{
  "mcpServers": {
    "semgrep": {
      "command": "uvx",
      "args": ["semgrep-mcp"]
    }
  }
}

See Anthropic docs for more info.

Claude Code

claude mcp add semgrep uvx semgrep-mcp

See Claude Code docs for more info.

OpenAI

See the offical docs:

Agents SDK

async with MCPServerStdio(
    params={
        "command": "uvx",
        "args": ["semgrep-mcp"],
    }
) as server:
    tools = await server.list_tools()

See OpenAI Agents SDK docs for more info.

Custom clients

Example Python SSE client

See a full example in examples/sse_client.py

from mcp.client.session import ClientSession
from mcp.client.sse import sse_client


async def main():
    async with sse_client("http://localhost:8000/sse") as (read_stream, write_stream):
        async with ClientSession(read_stream, write_stream) as session:
            await session.initialize()
            results = await session.call_tool(
                "semgrep_scan",
                {
                    "code_files": [
                        {
                            "filename": "hello_world.py",
                            "content": "def hello(): print('Hello, World!')",
                        }
                    ]
                },
            )
            print(results)

[!TIP] Some client libraries want the URL: http://localhost:8000/sse and others only want the HOST: localhost:8000. Try out the URL in a web browser to confirm the server is running, and there are no network issues.

See official SDK docs for more info.

Contributing, community, and running from source

[!NOTE] We love your feedback, bug reports, feature requests, and code. Join the #mcp community Slack channel!

See CONTRIBUTING.md for more info and details on how to run from the MCP server from source code.

Similar tools 🔍

semgrep-vscode - Official VS Code extension
semgrep-intellij - IntelliJ plugin

Community projects 🌟

semgrep-rules - The official collection of Semgrep rules
mcp-server-semgrep - Original inspiration written by Szowesgad and stefanskiasan

MCP server registries

Glama

MCP.so

Made with ❤️ by the Semgrep Team

概览

什么是 MCP？

MCP 的特点

如何使用 MCP

常见问题解答

MCP 支持哪些编程语言？

MCP 是开源的吗？

我该如何报告在 MCP 中发现的漏洞？

我可以将 MCP 用于商业项目吗？

我在哪里可以找到有关 MCP 的更多信息？

详情

Semgrep MCP Server

Contents

Getting started

Cursor

ChatGPT

Hosted Server

Cursor

Demo

API

Tools

Scan Code

Understand Code

Cloud Platform (login and Semgrep token required)

Meta

Prompts

Resources

Usage

Standard Input/Output (stdio)

Python

Docker

Streamable HTTP

Python

Docker

Server-sent events (SSE)

Python

Docker

Semgrep AppSec Platform

Integrations

Cursor IDE

VS Code / Copilot

Manual Configuration

Using Docker

Windsurf

Claude Desktop

Claude Code

OpenAI

Agents SDK

Custom clients

Example Python SSE client

Contributing, community, and running from source

Similar tools 🔍

Community projects 🌟

MCP server registries

Server配置

项目信息

Semgrep Mcp 服务器

概览

什么是 MCP？

MCP 的特点

如何使用 MCP

常见问题解答

MCP 支持哪些编程语言？

MCP 是开源的吗？

我该如何报告在 MCP 中发现的漏洞？

我可以将 MCP 用于商业项目吗？

我在哪里可以找到有关 MCP 的更多信息？

详情

Semgrep MCP Server

Contents

Getting started

Cursor

ChatGPT

Hosted Server

Cursor

Demo

API

Tools

Scan Code