Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Semgrep Scanner

FreeNot checked

Run Semgrep static analysis from an AI agent. OWASP top 10, secrets detection, custom rule packs, baseline scanning. Curated by Archimedes Market with a verifie

GitHubEmbed

About

Run Semgrep static analysis from an AI agent. OWASP top 10, secrets detection, custom rule packs, baseline scanning. Curated by Archimedes Market with a verified Trust Report.

README

Archimedes Trust Report — VERIFIED 92/100

Verified asset on Archimedes Market. View the full 4-dimension Trust Report (security · quality · license · complexity) and the curated catalog on the asset page.


MCP Semgrep Scanner

Run Semgrep static analysis from an AI agent. Lets an agent scan a repo with prebuilt rulesets (OWASP top 10, secrets, language-specific packs), surface findings with severity scoring, and run baseline diffs to focus only on newly-introduced issues.

Tools

  • scan — run a default scan (p/security-audit + p/secrets) and return findings sorted by severity
  • scan_with_ruleset — scan with one or more named rulesets (p/owasp-top-ten, p/python, etc.)
  • list_rulesets — built-in rulesets available without a Semgrep account
  • get_finding_details — full rule metadata + remediation hint for a finding ID
  • baseline_scan — scan only files modified since a git ref (HEAD~1, main, custom SHA)

What gets returned

Each finding includes:

  • rule_id — the Semgrep rule that matched
  • severityERROR | WARNING | INFO
  • cwe — CWE classification if available
  • owasp — OWASP category mapping
  • file + line_start + line_end
  • message — human-readable explanation
  • fix — suggested patch if available

Quick start

pip install mcp-semgrep-scanner
# Optional: Semgrep account token for Pro rules
export SEMGREP_APP_TOKEN="..."
mcp-semgrep-scanner serve

Typical agent workflow

Agent: "Are there any security issues in this PR?"
↓
1. baseline_scan(repo="/path/to/repo", base_ref="origin/main")
   → returns only findings introduced by the PR's diff
2. get_finding_details(finding_id=...) for the ERROR-severity ones
3. Agent suggests fixes inline in PR review

License

MIT.

from github.com/archimedes-market/mcp-semgrep-scanner

Install Semgrep Scanner in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install mcp-semgrep-scanner

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add mcp-semgrep-scanner -- uvx --from git+https://github.com/archimedes-market/mcp-semgrep-scanner mcp-semgrep-scanner

FAQ

Is Semgrep Scanner MCP free?

Yes, Semgrep Scanner MCP is free — one-click install via Unyly at no cost.

Does Semgrep Scanner need an API key?

No, Semgrep Scanner runs without API keys or environment variables.

Is Semgrep Scanner hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install Semgrep Scanner in Claude Desktop, Claude Code or Cursor?

Open Semgrep Scanner on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Semgrep Scanner with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All ai MCPs