BestMCPTools.org
S

Semgrep MCP

AI-powered static code analysis and security scanning via MCP

Developer ToolsfreemiumClaudeClaude CodeCursorWindsurfmoderate✓ Verified
4.5
Own Semgrep MCP? Boost it to the top.✦ Upgrade to Featured

How to Install Semgrep MCP

$npx -y mcp-server-semgrep

Requires Claude Desktop, Cursor, Windsurf, or another MCP-compatible client.

About Semgrep MCP

The Semgrep MCP server integrates Semgrep's industry-standard static analysis engine with AI assistants like Claude, enabling on-demand code security scanning, vulnerability detection, and code quality checks directly through conversation. It supports hundreds of pre-built security rules across dozens of languages.

Semgrep MCP is a Developer Tools MCP server designed for professional engineers and engineering teams. It enables wiring AI assistants into the inner loop of writing and shipping code by exposing Git, package, build, and CLI operations as MCP tools. Key capabilities include git and github operations (status, blame, prs), package and dependency inspection, build and test runner integration, and structured tool calls that work cleanly inside an LLM context. It integrates with Git, GitHub, GitLab, npm, pnpm, Docker, and common build systems, and is best suited for professional engineers and engineering teams who need reviewing diffs and opening prs from chat.

Key Features

  • security
  • static-analysis
  • code-quality
  • devops
  • Git and GitHub operations (status, blame, PRs)
  • Package and dependency inspection

Pricing

Free
  • Core MCP server
  • Community support
  • Works with any MCP client
Pro
Free (paid plans from $40/month)
  • Everything in Free
  • Higher usage limits
  • Priority support
Business
Custom
  • Everything in Pro
  • SLA & SSO
  • Dedicated support

Tier details are indicative — visit the Semgrep MCP website for current pricing.

Pros & Cons

Pros

  • Acts more like a pair programmer with real tools
  • Tight scoping (one repo, dry-run) limits blast radius
  • Keeps flow inside the editor

Cons

  • Write operations require explicit guardrails
  • Quality of output depends on repo hygiene
  • Larger monorepos may need extra filtering

Best For

  • Reviewing diffs and opening PRs from chat
  • Triaging CI failures
  • Scaffolding new packages or modules
  • Repo-wide refactors with verification

Screenshots

Screenshots coming soon —

Submit yours →

Our Take on Semgrep MCP

A must-have for security-conscious teams — Semgrep MCP lets AI assistants scan code for vulnerabilities without leaving the chat, making security review part of every coding conversation.

4.5

Frequently Asked Questions

Tags