Skip to main content

Semgrep MCP

Semgrep’s Model Context Protocol (MCP) server lets AI assistants use Semgrep to find and fix security issues in the code they generate. The remote server at mcp.semgrep.ai runs in the cloud and requires no authentication, so you can connect through Cequence AI Gateway and start scanning without API keys or sign-in.

1. Overview

Semgrep MCP is a remote, vendor-hosted MCP server provided by Semgrep. You connect to it from Cequence AI Gateway; no local Semgrep installation is required to use the remote server.

  • Server URL: https://mcp.semgrep.ai/mcp
  • Transport: HTTP (Streamable HTTP)
  • Hosted by: Semgrep
  • Authentication: None — the remote MCP server does not require authentication.

The server is in beta and under active development. It uses Semgrep Code, Supply Chain, and Secrets to scan AI-generated code for security vulnerabilities; IDEs can re-generate code until Semgrep returns no findings or the user chooses to ignore findings.

2. Supported authentication types

TypeSupportedNotes
NoneYesThe remote Semgrep MCP server at mcp.semgrep.ai does not require authentication. You can connect without API keys or OAuth.
Semgrep account (local CLI)N/AIf you use the local Semgrep MCP (e.g. semgrep mcp in Cursor/Claude Code), you sign in with semgrep login and install Semgrep Pro; that setup is separate from the remote server.

When you add Semgrep MCP in Cequence AI Gateway, no auth configuration is needed for the remote server.

3. What can you do with this MCP server

With the Semgrep MCP server, you can:

  • Scan for security vulnerabilities — Run Semgrep Code, Supply Chain, and Secrets checks on code (e.g. code generated by the LLM).
  • Find and fix issues in AI-generated code — Let the IDE or AI client re-generate code until Semgrep returns no findings, or proceed after reviewing findings.
  • Use Semgrep’s rule set — Leverage Semgrep’s semantic understanding of many languages and thousands of rules without configuring Semgrep locally.

The remote server is intended for use from MCP clients (Cursor, Claude, etc.) that connect via the gateway.

4. Prerequisites

Before adding Semgrep MCP in Cequence AI Gateway, ensure you have:

Note: For the local Semgrep MCP (optional), you need Python 3.10+, Semgrep installed (e.g. brew install semgrep or pip install semgrep), and a Semgrep account with semgrep login and semgrep install-semgrep-pro. That setup is independent of the remote server documented here.

5. Example workflows

  • “Scan this code with Semgrep and fix any security issues.”
  • “Run Semgrep on the file I just generated and suggest fixes for any findings.”
  • “Check for secrets and supply chain issues in this dependency list.”

6. Connecting MCP server from Cequence AI Gateway

  1. Log in to Cequence AI Gateway.
  2. Choose your tenant.
  3. Go to App catalogue.
  4. Filter by Remote MCP server.
  5. Search for Semgrep MCP and then select it.
  6. Click Create MCP server.
  7. No authentication is required; complete the setup as prompted, select tools, and deploy.

Use the generated MCP server URL in your client as described in the Client Configuration docs. For detailed UI steps and screenshots, see Create a third-party MCP Server.

7. Additional information

  • Beta status: The Semgrep MCP server is a beta project in active development; behavior and features may change.
  • Local MCP alternative: Semgrep also provides a local MCP server (e.g. semgrep mcp with Cursor hooks) for workflows that run Semgrep on your machine; see Semgrep MCP Server (beta) for Cursor and Claude Code setup.
  • Official documentation: Semgrep MCP Server, Semgrep MCP repo.
  • Community: Semgrep #mcp Slack.