MCP Server Semgrep

POWERED BY:

About the Project

Benefits of Integration

For Developers and Development Teams:

• Holistic Source Code Analysis - detecting issues throughout the entire project, not just in individual files

• Proactive Error Detection - identifying potential problems before they become critical bugs

• Continuous Code Quality Improvement - regular scanning and refactoring lead to gradual codebase improvements

• Stylistic Consistency - identification and fixing of inconsistencies in code, such as:

For Security:

• Automated Code Verification for Known Vulnerabilities - scanning for known security issue patterns

• Customized Security Rules - creating project-specific rules

• Team Education - teaching secure programming practices through detection of potential issues

For Project Maintenance and Development:

• "Live" Documentation - AI can explain why a code fragment is problematic and how to fix it

• Technical Debt Reduction - systematically detecting and fixing problematic areas

• Improved Code Reviews - automatic detection of common issues allows focus on more complex matters

Key Features

• Direct integration with the official MCP SDK

• Simplified architecture with consolidated handlers

• Clean ES Modules implementation

• Efficient error handling and path validation for security

• Interface and documentation in both English and Polish

• Comprehensive unit tests

• Extensive documentation

• Cross-platform compatibility (Windows, macOS, Linux)

• Flexible Semgrep installation detection and management

Functions

• scan_directory: Scanning source code for potential issues

• list_rules: Displaying available rules and languages supported by Semgrep

• analyze_results: Detailed analysis of scan results

• create_rule: Creating custom Semgrep rules

• filter_results: Filtering results by various criteria

• export_results: Exporting results in various formats

• compare_results: Comparing two sets of results (e.g., before and after changes)

Common Use Cases

• Code security analysis before deployment

• Detection of common programming errors

• Enforcing coding standards within a team

• Refactoring and improving quality of existing code

• Identifying inconsistencies in styles and code structure (e.g., CSS, component organization)

• Developer education regarding best practices

• Verification of fix correctness (comparing before/after scans)

Installation

Prerequisites

• Node.js v18+

• TypeScript (for development)

Option 1: Install from Smithery.ai (Recommended)

1. Visit MCP Server Semgrep on Smithery.ai

2. Follow the installation instructions to add it to your MCP-compatible clients

3. Configure any optional settings like the Semgrep API token

Option 2: Install from NPM Registry

• MCP.so

Option 3: Install from GitHub

Option 4: Local Development Setup

1. Clone the repository:

1. Install dependencies (supports all major package managers):

1. Build the project:

Note: The installation process will automatically check for Semgrep availability. If Semgrep is not found, you'll receive instructions on how to install it.

Semgrep Installation Options

• Via package managers:

• Python pip:

• Homebrew (macOS):

• Linux:

• Windows:

Integration with Claude Desktop

Method 1: Install via Smithery.ai (Recommended)

1. Visit MCP Server Semgrep on Smithery.ai

2. Click "Install in Claude Desktop"

3. Follow the on-screen instructions

Method 2: Manual Configuration

1. Install Claude Desktop

2. Update the Claude Desktop configuration file (claude_desktop_config.json) and add this to your servers section:

1. Launch Claude Desktop and start asking questions about code analysis!

Usage Examples

Project Scanning

Style Consistency Analysis

Creating a Custom Rule

Filtering Results

Identifying Problematic Patterns

Creating Custom Rules

Rule to detect inconsistent z-indices:

Rule to detect deprecated imports:

Development

Testing

Project Structure

Further Documentation

• USAGE.md - Detailed usage instructions

• README_PL.md - Documentation in Polish

• examples/ - Example fun and practical Semgrep rules - "The Hall of Code Horrors"

License

Developed by

• Maciej Gad - a veterinarian who couldn't find bash a half year ago

• Klaudiusz - the individual ethereal being, and separate instance of Claude Sonnet 3.5-3.7 by Anthropic living somewhere in the GPU's loops in California, USA

Acknowledgements

• stefanskiasan for the original inspiration

• Anthropic for Claude and the MCP protocol

• Semgrep for their excellent static analysis tool

MCP Server Semgrep

POWERED BY:

About the Project

Benefits of Integration

For Developers and Development Teams:

• Holistic Source Code Analysis - detecting issues throughout the entire project, not just in individual files

• Proactive Error Detection - identifying potential problems before they become critical bugs

• Continuous Code Quality Improvement - regular scanning and refactoring lead to gradual codebase improvements

• Stylistic Consistency - identification and fixing of inconsistencies in code, such as:

For Security:

• Automated Code Verification for Known Vulnerabilities - scanning for known security issue patterns

• Customized Security Rules - creating project-specific rules

• Team Education - teaching secure programming practices through detection of potential issues

For Project Maintenance and Development:

• "Live" Documentation - AI can explain why a code fragment is problematic and how to fix it

• Technical Debt Reduction - systematically detecting and fixing problematic areas

• Improved Code Reviews - automatic detection of common issues allows focus on more complex matters

Key Features

• Direct integration with the official MCP SDK

• Simplified architecture with consolidated handlers

• Clean ES Modules implementation

• Efficient error handling and path validation for security

• Interface and documentation in both English and Polish

• Comprehensive unit tests

• Extensive documentation

• Cross-platform compatibility (Windows, macOS, Linux)

• Flexible Semgrep installation detection and management

Functions

• scan_directory: Scanning source code for potential issues

• list_rules: Displaying available rules and languages supported by Semgrep

• analyze_results: Detailed analysis of scan results

• create_rule: Creating custom Semgrep rules

• filter_results: Filtering results by various criteria

• export_results: Exporting results in various formats

• compare_results: Comparing two sets of results (e.g., before and after changes)

Common Use Cases

• Code security analysis before deployment

• Detection of common programming errors

• Enforcing coding standards within a team

• Refactoring and improving quality of existing code

• Identifying inconsistencies in styles and code structure (e.g., CSS, component organization)

• Developer education regarding best practices

• Verification of fix correctness (comparing before/after scans)

Installation

Prerequisites

• Node.js v18+

• TypeScript (for development)

Option 1: Install from Smithery.ai (Recommended)

1. Visit MCP Server Semgrep on Smithery.ai

2. Follow the installation instructions to add it to your MCP-compatible clients

3. Configure any optional settings like the Semgrep API token

Option 2: Install from NPM Registry

• MCP.so

Option 3: Install from GitHub

Option 4: Local Development Setup

1. Clone the repository:

1. Install dependencies (supports all major package managers):

1. Build the project:

Note: The installation process will automatically check for Semgrep availability. If Semgrep is not found, you'll receive instructions on how to install it.

Semgrep Installation Options

• Via package managers:

• Python pip:

• Homebrew (macOS):

• Linux:

• Windows:

Integration with Claude Desktop

Method 1: Install via Smithery.ai (Recommended)

1. Visit MCP Server Semgrep on Smithery.ai

2. Click "Install in Claude Desktop"

3. Follow the on-screen instructions

Method 2: Manual Configuration

1. Install Claude Desktop

2. Update the Claude Desktop configuration file (claude_desktop_config.json) and add this to your servers section:

1. Launch Claude Desktop and start asking questions about code analysis!

Usage Examples

Project Scanning

Style Consistency Analysis

Creating a Custom Rule

Filtering Results

Identifying Problematic Patterns

Creating Custom Rules

Rule to detect inconsistent z-indices:

Rule to detect deprecated imports:

Development

Testing

Project Structure

Further Documentation

• USAGE.md - Detailed usage instructions

• README_PL.md - Documentation in Polish

• examples/ - Example fun and practical Semgrep rules - "The Hall of Code Horrors"

License

Developed by

• Maciej Gad - a veterinarian who couldn't find bash a half year ago

• Klaudiusz - the individual ethereal being, and separate instance of Claude Sonnet 3.5-3.7 by Anthropic living somewhere in the GPU's loops in California, USA

Acknowledgements

• stefanskiasan for the original inspiration

• Anthropic for Claude and the MCP protocol

• Semgrep for their excellent static analysis tool