Connects AI coding agents to Semgrep static analysis rules and findings so security reviews can start from actual scan results. Agents can look up rule definitions, triage findings, and verify fixes without pasting SARIF outputs. Integrates with CI/CD pipelines.
Use cases
- Security engineer triages findings by understanding rule logic and severity
- Developer looks up why Semgrep flagged a pattern and how to fix it
- DevOps compares scan results between branches to catch regressions
- Auditor reviews historical findings to assess security posture over time
- Architect evaluates which Semgrep rules to enable for a new project
Key features
- Claude Code
- Cursor
- VS Code
Frequently Asked Questions
- What Semgrep products does the MCP support?
- The MCP supports Semgrep Code (SAST), Semgrep Supply Chain (dependency scanning), and Semgrep Secrets (secret detection). Each requires appropriate API access.
- Can agents run new scans or only view existing findings?
- The MCP can trigger new scans via the Semgrep API if you have CI/CD integration configured. It primarily provides read access to findings and rule metadata.
- Do agents need Semgrep Cloud or self-hosted access?
- Semgrep Cloud (app.semgrep.dev) is the primary integration point. Self-managed Semgrep deployments may work but features vary. Check docs for self-hosted setup.
Related
Related
3 Indexed items
GitHub MCP
Provides GitHub API access for repositories, issues, pull requests, reviews, and code search. Agents can summarize PR diffs, draft code reviews, manage issues, and navigate large organizations using OAuth-authenticated API calls. Supports both github.com and GitHub Enterprise deployments.
Cloudflare MCP
Bridges AI agents to Cloudflare Workers, KV storage, R2 object storage, and D1 databases for edge deployment inspection and management. Agents can check Workers status, inspect KV namespaces, query D1 databases, and monitor R2 buckets directly from the coding environment.
Azure MCP
Connects AI agents to Azure resources including App Service, Cosmos DB, Key Vault, and Logic Apps for configuration inspection and diagnostic retrieval. Developers can query Azure settings and logs without Azure Portal. Uses Azure CLI credentials for authentication.