AgentReadyHomeAgent ListingPricing

← Agent Listing

Semgrep MCP

MCP Tools and AgentsFreemiumOpen Source

MCP server that lets AI agents run Semgrep static analysis to find security vulnerabilities in code.

🛡️ AgentReady threat assessment

MAESTRO 7-layer threat model + OWASP AIVSS risk score for Semgrep MCP, derived from its capabilities.

AIVSS 7.2 · High
View MAESTRO 7-layer threat model →

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.

Overview

Exposes Semgrep's static application security testing (SAST) engine as MCP tools so an agent can scan code snippets or repositories for vulnerabilities. It returns findings with rule IDs, severity, and locations, and can run custom or registry rules. Because it ingests arbitrary code and returns rule output back into the model, it carries prompt-injection-via-findings and scope surface.

Key features

Use cases