Major-vendorstdio● online
Semgrep MCP
by Semgrep · Security
Run Semgrep SAST scans, query findings, and manage rulesets and policies.
Works with:Claude CodeCursorWindsurfOpenCode
sastfindingsrulesetsscanread
Install
Run this command in your terminal:
claude mcp add --transport stdio mcp-semgrep -- npx -y semgrep-mcp
Before running, set: SEMGREP_APP_TOKEN
Authentication
API key
Required environment variables:
- SEMGREP_APP_TOKEN
See the setup guide for step-by-step instructions on obtaining these credentials.
Official Semgrep MCP.
Skills that use this MCP
Semgrep Plugin
This plugin is the Claude Code interface for running Semgrep SAST scans via MCP.
static-analysis
Semgrep MCP runs the actual SAST scans that the static-analysis skill orchestrates.
security-audit (PHP/OWASP)
Semgrep MCP runs OWASP pattern scans that supplement the manual audit workflow.
claude-code-security-audit
Security audit skill runs Semgrep MCP scans as part of the audit workflow.