mcp -semgrep

MCP Server Semgrep exposes Semgrep-powered code analysis through the MCP (Model Context Protocol) interface, enabling AI assistants and clients to run semantic scans, retrieve rule sets, and analyze results within a conversational workflow. Core tools exposed by the server include scan_directory for scanning whole project trees, list_rules to display available Semgrep rules and supported languages, analyze_results to interpret scan outputs, create_rule to author custom Semgrep rules, filter_results to narrow results by criteria, export_results to export data in multiple formats, and compare_results to juxtapose different scans (e.g., before/after changes). This combination lets teams perform security checks, code quality analysis, and style enforcement directly from MCP-enabled assistants like Claude Desktop. To use it, configure the MCP client to point at the semgrep server and invoke the tools via natural language prompts that map to these functions. The pack integrates Semgrep’s static analysis capabilities with AI-driven explanations and remediation guidance for faster security and quality improvements.

Prerequisites:

• Node.js v18+ (for runtime) and npm/yarn/pnpm as desired
• Semgrep installation availability (the installer will verify and prompt if needed)

Install from npm (recommended):

npm install -g mcp-server-semgrep

Alternative installation methods mentioned in the project README:

• Install from Smithery.ai (preferred for Claude Desktop integration): follow the on-site instructions to add the server to MCP-compatible clients
• Install from GitHub (global install):

# npm
npm install -g git+https://github.com/Szowesgad/mcp-server-semgrep.git
# pnpm
pnpm add -g git+https://github.com/Szowesgad/mcp-server-semgrep.git
# yarn
yarn global add git+https://github.com/Szowesgad/mcp-server-semgrep.git

Local development setup (if you are contributing):

git clone https://github.com/Szowesgad/mcp-server-semgrep.git
cd mcp-server-semgrep

# Install dependencies (choose your package manager)
pnpm install   # npm
pnpm install    # pnpm
yarn install    # yarn

# Build the project
pnpm run build  # or npm run build or yarn build

Semgrep installation options (to be available in the environment):

# Global manager options
pnpm add -g semgrep
npm install -g semgrep
yarn global add semgrep

Other installation methods (Semgrep itself):

• Python pip: pip install semgrep
• Homebrew (macOS): brew install semgrep
• Linux: curl -sSL https://install.semgrep.dev | sh
• Windows: pip install semgrep

After installation, ensure the MCP server can start via the configured entrypoint (build/index.js) and that Semgrep is available in the environment.

Tips and notes:

• The MCP server is Node-based; ensure your environment provides Node.js v18+.
• When configuring clients like Claude Desktop, you may need to supply an SEMGREP_APP_TOKEN for authenticated access to your Semgrep actions.
• If Semgrep is not detected during setup, follow the Semgrep installation steps in the README to install it globally or locally.
• The server supports multiple operations (scan, rules listing, analysis, rule creation, filtering, exporting, comparing) enabling flexible workflows.
• If integrating with Claude Desktop manually, you can reference the example configuration that points the client to the built index.js and includes the SEMGREP_APP_TOKEN env var.
• Be mindful of language and rule compatibility when creating custom rules (the example rules use languages like css, scss).
• For large codebases, consider running scans incrementally or in a CI environment to monitor regressions and security issues over time.