semgrep

Runs Semgrep SAST (Static Application Security Testing) locally to scan source code for security vulnerabilities and enforce coding standards. No API key required.

security

code-quality

Add to Your Project

Copy this JSON into your .mcp.json to enable this server

Add to your .mcp.json:

{
  "mcpServers": {
    "semgrep": {
      "command": "npx",
      "args": [
        "-y",
        "@returntocorp/semgrep-mcp"
      ]
    }
  }
}

Security Considerations

Review these signals before enabling this server

External connections

This server connects to external services. Review the URLs it accesses before enabling.

Details

Server configuration and connection parameters

Commandnpx

Arguments

Command-line arguments passed to the server process

-y@returntocorp/semgrep-mcp

Stats

LanguagePython

Stars45

Forks8

MaintenanceExcellent

Last CommitMay 23, 2026

Actions

Stats

Actions