Back
Marketplace/Semgrep

TL;DR

Semgrep is a Security MCP server that lets Claude Code, Cursor, Windsurf and any MCP-compatible AI agent enable AI agents to secure code with Semgrep. Install in 1 minute with mcpizy install semgrep.

🛡️

Semgrep

Verified

Security

Last updated May 30, 2026 · By MCPizy team

Enable AI agents to secure code with Semgrep. Static analysis for finding bugs and security issues.

Install Semgrep

Via MCPizy CLI (recommended):
mcpizy install semgrep
Or run directly:
npx -y @semgrep/mcp
View on GitHub

Works with

Claude Code
Claude Desktop
Cursor
Windsurf
VS Code + Copilot
Any MCP Client

More Security MCPs

🔒

RAD Security

AI-powered security insights for Kubernetes and cloud workloads. Threat detection.

🔐

1Password

Manage 1Password vaults, items, and secrets from AI agents via the Model Context Protocol.

🛡️

Okta

Manage Okta users, groups, and application assignments for identity from AI agents.

🗝️

HashiCorp Vault

Read and write Vault secrets and manage auth methods for secure secret delivery.

Alternatives to Semgrep

If Semgrep doesn't fit your stack, these Security MCP servers solve similar problems.

🛡️

Snyk

Security vulnerability scanning

🔍

SonarQube

Seamless integration with SonarQube for code quality analysis, bugs, and security vulnerabilities.

🔐

Cycode

Boost security in dev lifecycle via SAST, SCA, secrets scanning, and supply chain security.

Key Takeaways

  • Semgrep exposes an MCP interface for security workflows in Claude Code, Cursor and Windsurf.
  • No authentication required — works out of the box once installed.
  • Install in 1 command: mcpizy install semgrep — config written to your client automatically.
  • Free and open source (GitHub source linked above) — verified compatible with every MCP client (Claude Code, Claude Desktop, Cursor, Windsurf, VS Code + Copilot).
  • Best use case: automate security workflows from your AI agent without leaving the editor.

Frequently asked questions

What is the Semgrep MCP server?

The Semgrep MCP server is an Security Model Context Protocol server that lets Claude Code, Cursor, Windsurf, VS Code with Copilot, and other MCP-compatible AI agents enable AI agents to secure code with Semgrep. It exposes Semgrep's capabilities as tools the AI can call directly from your editor or CLI.

How do I install Semgrep MCP with Claude Code?

The fastest way is the MCPizy CLI: run `mcpizy install semgrep` and MCPizy will add the server to your `.claude.json` automatically. You can also install it manually by adding an entry under `mcpServers` in `.claude.json` with the command `npx -y @semgrep/mcp` and restarting Claude Code.

Is Semgrep MCP free?

Yes. The Semgrep MCP server is free and open source (see the GitHub repository linked on this page). You may still need a Semgrep account or API key to connect the server to the underlying service, but the MCP layer itself has no MCPizy subscription cost.

Does Semgrep MCP work with Cursor and Windsurf?

Yes. Any MCP-compatible client works — including Claude Code, Claude Desktop, Cursor (via `.cursor/mcp.json`), Windsurf, VS Code with Copilot Chat, and custom agents built on the MCP SDK. The same install command targets all of them; only the config file path differs.

Manage all your MCPs in one place

Monitor usage, track costs, and discover new MCPs.

Get Started Free
What can I do with Semgrep MCP?

Once installed, your AI agent can enable AI agents to secure code with Semgrep directly inside your conversation. Typical use cases include asking Claude Code or Cursor to run Semgrep operations, inspect results, chain Semgrep with other MCP servers (see our Workflow Recipes), and automate repetitive security tasks without leaving your editor.