McpMux
Back to Registry

Semgrep (uvx) MCP Server

Community

Contributed by Semgrep

Run Semgrep static analysis through MCP. Scan code for security vulnerabilities with 5,000+ built-in rules, write and run custom rules, inspect ASTs, and fetch findings from the Semgrep AppSec Platform.

Install with McpMuxSource CodeDocs

About the Semgrep (uvx) MCP Server

The Semgrep (uvx) MCP server is a local (stdio) Model Context Protocol server available in the McpMux registry. Run Semgrep static analysis through MCP. Scan code for security vulnerabilities with 5,000+ built-in rules, write and run custom rules, inspect ASTs, and fetch findings from the Semgrep AppSec Platform. This is a community-contributed MCP server by Semgrep.

Install the Semgrep (uvx) MCP server with one click using McpMux. It works with Cursor, Claude Desktop, Claude Code, VS Code, ChatGPT, Windsurf, JetBrains, and any MCP-compatible AI client. This server requires authentication — McpMux securely stores your credentials with AES-256-GCM encryption.

Transport Configuration

Transport Configuration
{
  "type": "stdio",
  "command": "uvx",
  "args": [
    "semgrep-mcp"
  ],
  "env": {
    "SEMGREP_APP_TOKEN": "${input:SEMGREP_APP_TOKEN}"
  },
  "metadata": {
    "inputs": [
      {
        "id": "SEMGREP_APP_TOKEN",
        "label": "Semgrep App Token",
        "description": "Optional. Connects the server to the Semgrep AppSec Platform to enable cloud features such as fetching findings (semgrep_findings). Leave empty to run local scans only.",
        "type": "text",
        "required": false,
        "secret": true,
        "placeholder": "********************************",
        "obtain": {
          "url": "https://semgrep.dev/orgs/-/settings/tokens",
          "instructions": "1. Sign in at https://semgrep.dev\n2. Go to Settings > Tokens\n3. Create a new token (API scope)\n4. Copy it and paste here",
          "button_label": "Create Token"
        }
      }
    ]
  }
}
Details
TransportLocal (stdio)
Hostinglocal
Authoptional_api_key
Capabilities
ToolsResourcesPrompts

Categories

SecurityDeveloper Tools

Tags

semgrepsecuritystatic-analysissastcode-scanningvulnerabilitiesappsec

Links

RepositoryHomepageDocumentation

Supported AI Clients

The Semgrep (uvx) MCP server works with all MCP-compatible AI clients through McpMux:

CursorClaude DesktopClaude CodeVS CodeChatGPTWindsurfJetBrainsZedClineGemini CLIAmazon Q

Related MCP Servers

1Password (npx)

Access secrets from 1Password vaults. List vaults, retrieve items, and search for credentials using a service account token.

Aikido Security (npx)

Scan code and secrets with Aikido Security directly from your AI coding agent. Exposes Aikido's Code and Secrets Scan as an MCP tool returning machine-readable findings you can triage, fix, or ignore.

Auth0 (npx)

Manage your Auth0 tenant through natural language: applications, APIs (resource servers), actions, forms, and logs via the Auth0 Management API. Authentication uses an OAuth 2.0 device-authorization browser flow handled by the server; tokens are stored in your OS keychain.

Bitwarden (npx)

Securely access your Bitwarden vault and administer your organization through the Bitwarden CLI and Public API. Manage vault items, folders, collections, Sends, and password generation, plus organization members, groups, policies, and audit logs.

Codacy (npx)

Connect to Codacy to analyze code quality and security, run static analysis (SAST, secrets, dependency, and IaC scans), browse repositories, list issues, and surface coverage data from your Codacy account via npx.

DB Query Guard MCP

Governed database query review, SQL simulation, approvals, and audits as a paid remote MCP.

Install Semgrep (uvx) with McpMux

One-click install from the McpMux desktop app. Auto-configures for Cursor, Claude, VS Code, ChatGPT, Windsurf, JetBrains, and any MCP-compatible client.

Install