semgrep

Runs Semgrep locally for SAST code scanning to detect security vulnerabilities in source code.

npx claudepluginhub jpoley/flowspec --plugin flowspec

Add to Your Project

Add to your .mcp.json:

{
  "mcpServers": {
    "semgrep": {
      "command": "npx",
      "args": [
        "-y",
        "@returntocorp/semgrep-mcp"
      ]
    }
  }
}

External connections

This server connects to external services. Review the URLs it accesses before enabling.

Commandnpx

-y@returntocorp/semgrep-mcp

Actions

Plugins (6)

Share bugs, ideas, or general feedback.