AgentReadyHomeAgent Listing

← Agent Listing

Semgrep MCP

MCP Tools and AgentsFreemiumOpen Source

MCP server that lets AI agents run Semgrep static analysis to find security vulnerabilities in code.

🛡️ AgentReady threat assessment

MAESTRO 7-layer threat model + OWASP AIVSS risk score for Semgrep MCP, derived from its capabilities.

AIVSS 7.2 · High
View MAESTRO 7-layer threat model →

Overview

Exposes Semgrep's static application security testing (SAST) engine as MCP tools so an agent can scan code snippets or repositories for vulnerabilities. It returns findings with rule IDs, severity, and locations, and can run custom or registry rules. Because it ingests arbitrary code and returns rule output back into the model, it carries prompt-injection-via-findings and scope surface.

Key features

Use cases