mcp

semgrep/mcp

3.8
security

If you are the rightful owner of mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Semgrep MCP Server is a Model Context Protocol server that uses Semgrep to scan code for security vulnerabilities.

Tools

Functions exposed to the LLM to take actions

semgrep_rule_schema

Get the schema for a Semgrep rule

Use this tool when you need to:

  • get the schema required to write a Semgrep rule
  • need to see what fields are available for a Semgrep rule
  • verify what fields are available for a Semgrep rule
  • verify the syntax for a Semgrep rule is correct

get_supported_languages

Returns a list of supported languages by Semgrep

Only use this tool if you are not sure what languages Semgrep supports.

semgrep_findings

Fetches findings from the Semgrep AppSec Platform Findings API.

This function retrieves security, code quality, and supply chain findings that have already been identified by previous Semgrep scans and uploaded to the Semgrep AppSec platform. It does NOT perform a new scan or analyze code directly. Instead, it queries the Semgrep API to access historical scan results for a given repository or set of repositories.

Use this function when a prompt requests a summary, list, or analysis of existing findings, such as: - "Please list the top 10 security findings and propose solutions for them." - "Show all open critical vulnerabilities in this repository." - "Summarize the most recent Semgrep scan results."

This function is ideal for:

  • Reviewing, listing, or summarizing findings from past scans.
  • Providing actionable insights or remediation advice based on existing scan data.

Do NOT use this function to perform a new scan or check code that has not yet been analyzed by Semgrep. For new scans, use the appropriate scanning function.

Args: issue_type (Optional[List[str]]): Filter findings by type (e.g., ['sast'], ['sca']). status (Optional[str]): Filter findings by status (e.g., 'open' for unresolved findings). repos (Optional[List[str]]): List of repository names to filter results. severities (Optional[List[str]]): Filter findings by severity (e.g., ['critical', 'high']). confidence (Optional[List[str]]): Filter findings by confidence level (e.g., ['high']). autotriage_verdict (Optional[str]): Filter findings by auto-triage verdict (e.g., 'true_positive'). page (Optional[int]): Page number for paginated results. page_size (int): Number of findings per page (default: 100, max: 3000).

Returns: List[Finding]: A list of findings matching the specified filters, where each finding contains details such as rule ID, description, severity, file location, and remediation guidance if available.

semgrep_scan_with_custom_rule

Runs a Semgrep scan with a custom rule on provided code content and returns the findings in JSON format

Use this tool when you need to:

  • scan code files for specific security vulnerability not covered by the default Semgrep rules
  • scan code files for specific issue not covered by the default Semgrep rules

semgrep_scan

Runs a Semgrep scan on provided code content and returns the findings in JSON format

Use this tool when you need to:

  • scan code files for security vulnerabilities
  • scan code files for other issues

security_check

Runs a fast security check on code and returns any issues found.

Use this tool when you need to:

  • scan code for security vulnerabilities
  • verify that code is secure
  • double check that code is secure before committing
  • get a second opinion on code security

If there are any issues found, you MUST fix them or offer to fix them and explain to the user why it's important to fix. If there are no issues, you can be reasonably confident that the code is secure.

get_abstract_syntax_tree

Returns the Abstract Syntax Tree (AST) for the provided code file in JSON format

Use this tool when you need to:

  • get the Abstract Syntax Tree (AST) for the provided code file - get the AST of a file
  • understand the structure of the code in a more granular way
  • see what a parser sees in the code

Prompts

Interactive templates invoked by user choice

write_custom_semgrep_rule

Write a custom Semgrep rule for the provided code and language

Use this prompt when you need to:

  • write a custom Semgrep rule
  • write a Semgrep rule for a specific issue or pattern

Resources

Contextual data attached and managed by the client

get_semgrep_rule_schema

URI: semgrep://rule/schema

MIME: text/plain

Specification of the Semgrep rule YAML syntax using JSON schema.

Related MCP Servers

View all security servers →
apktool-mcp-server

apktool-mcp-server

4.3

by zinja-coder

apktool-mcp-server is a fully automated MCP server built on top of apktool to analyze Android APKs using LLMs like Claude, providing live reverse engineering support.

security
WireMCP

WireMCP

3.9

by 0xKoda

WireMCP is a Model Context Protocol server that enhances Large Language Models with real-time network traffic analysis capabilities using tools built on Wireshark's `tshark`.

security
osv-mcp

osv-mcp

3.7

by StacklokLabs

An MCP server providing access to the OSV database for querying vulnerability information.

databases
kubectl-mcp-server

kubectl-mcp-server

3.7

by rohitg00

Kubectl MCP Server is a Model Context Protocol server for Kubernetes, enabling AI assistants to interact with Kubernetes clusters using natural language.

os_automation
ida-pro-mcp

ida-pro-mcp

3.7

by mrexodia

Simple MCP Server to allow vibe reversing in IDA Pro.

developer_tools
enrichmcp

enrichmcp

3.7

by featureform

MCPEngine is a production-grade, HTTP-first implementation of the Model Context Protocol (MCP), providing a secure, scalable, and modern framework for exposing data, tools, and prompts to Large Language Models (LLMs) via MCP.

developer_tools
volatility3-mcp

volatility3-mcp

3.6

by Kirandawadi

Volatility3 MCP Server is a tool that integrates MCP clients with the Volatility3 memory forensics framework, enabling LLMs to perform memory forensics tasks through a conversational interface.

security
code-sandbox-mcp

code-sandbox-mcp

3.6

by Automata-Labs-team

A secure sandbox environment for executing code within Docker containers. This MCP server provides AI applications with a safe and isolated environment for running code while maintaining security through containerization.

security
BloodHound-MCP

BloodHound-MCP

3.6

by stevenyu113228

BloodHound MCP is an extension of the BloodHound tool that enables LLMs to interact with and analyze Active Directory environments using natural language queries.

security
risken-mcp-server

risken-mcp-server

3.6

by ca-risken

The RISKEN MCP Server is a Model Context Protocol server that integrates with RISKEN APIs for advanced automation and interaction.

ai_chatbot
mcp-openapi-proxy

mcp-openapi-proxy

3.5

by matthewhand

mcp-openapi-proxy is a Python package that implements a Model Context Protocol (MCP) server, designed to dynamically expose REST APIs—defined by OpenAPI specifications—as MCP tools.

developer_tools
MCP-Kali-Server

MCP-Kali-Server

3.5

by Wh0am123

Kali MCP Server is a lightweight API bridge that connects MCP Clients to the API server, allowing execution of commands on a Linux terminal.

security
MCP2Lambda

MCP2Lambda

3.5

by danilop

MCP2Lambda allows LLMs to interact with AWS Lambda functions as tools, enabling access to real-time and private data, execution of custom code, and interaction with external services.

cloud_platforms
remote-mcp-functions-dotnet

remote-mcp-functions-dotnet

3.5

by Azure-Samples

This document provides a quickstart guide to building and deploying a remote Model Context Protocol (MCP) server using Azure Functions with .NET/C#.

cloud_platforms
pentest-mcp

pentest-mcp

3.5

by DMontgomery40

Pentest MCP is a Model Context Protocol server that integrates essential pentesting tools into a unified natural language interface, allowing security professionals to execute, chain, and analyze multiple tools through conversational commands.

security
MetasploitMCP

MetasploitMCP

3.5

by GH05TCREW

This MCP server provides a bridge between large language models like Claude and the Metasploit Framework penetration testing platform.

security
chucknorris

chucknorris

3.5

by pollinations

The C̷h̷u̷c̷k̷N̷o̷r̷r̷i̷s̷ MCP Server is a tool designed to enhance LLMs using specialized prompts and dynamic schema adaptation, primarily for security research.

security
mythic_mcp

mythic_mcp

3.5

by xpn

Mythic MCP is a model context protocol server designed to facilitate automated penetration testing using LLMs.

security
auth0-mcp-server

auth0-mcp-server

3.5

by auth0

The Auth0 MCP Server integrates with LLMs and AI agents, allowing you to perform various Auth0 management operations using natural language.

developer_tools
TriageMCP

TriageMCP

3.5

by eversinc33

TriageMCP is an MCP server designed to enable a Language Model (LLM) to perform basic static triage of Portable Executable (PE) files.

security
Snyk

Snyk

3.5

by snyk

MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.

security
mcp-security-audit

mcp-security-audit

3.5

by qianniuspace

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities.

security
vercel-mcp-server

vercel-mcp-server

3.5

by Quegenx

A powerful Model Context Protocol (MCP) server for managing Vercel deployments with comprehensive features.

cloud_platforms
ExternalAttacker-MCP

ExternalAttacker-MCP

3.5

by MorDavid

ExternalAttacker is a Model Context Protocol (MCP) server designed for external attack surface management, integrating automated scanning with a natural language interface.

security
mcp-dnstwist

mcp-dnstwist

3.5

by BurtTheCoder

DNStwist MCP Server is a Model Context Protocol server for the DNStwist tool, designed to detect typosquatting and phishing domains.

security
MCP_Security

MCP_Security

3.5

by fr0gger

A Model Context Protocol (MCP) server for querying the ORKL API, providing tools for fetching and analyzing threat reports, threat actors, and sources.

security
mcp-oauth2-aws-cognito

mcp-oauth2-aws-cognito

3.5

by empires-security

This repository demonstrates how to secure a Model Context Protocol (MCP) server using OAuth 2.1 authorization flows with AWS Cognito, implemented entirely with Node.js and Express.js.

security