Tracecat

Semgrep MCP server

Run Semgrep scans and pull AppSec Platform findings from your AI agents.

AppSec
stdio
Official docs

About

Connect Tracecat to Semgrep to run SAST scans and pull AppSec Platform findings for AppSec engineers and security agents reviewing code changes. You can scan a repository on demand with default or custom rules and inspect the AST for any snippet. From there, pull platform findings for a project, draft new detection rules, and triage pull requests with precision.

Setup

  1. 1

    Create an access token

    The Semgrep MCP server runs scans locally without auth. To pull findings from the Semgrep AppSec Platform you set the `SEMGREP_APP_TOKEN` environment variable with a token generated from your Semgrep account settings.

  2. 2

    Select the Semgrep tile in the Tracecat MCP catalog

    Open the MCP catalog in your workspace, select the Semgrep tile, and paste your access token.

  3. 3

    Enable Semgrep in your agent

    In your ai.agent action or Agents tools tab, select Semgrep from the MCP integrations dropdown.

Tools

semgrep_scan

Run a Semgrep scan against a local code path.

semgrep_scan_with_custom_rule

Run a scan using a custom Semgrep rule supplied at call time.

semgrep_scan_supply_chain

Run a Semgrep supply-chain scan for dependency findings.

get_abstract_syntax_tree

Return the AST for a snippet, useful when authoring custom rules.

semgrep_findings

Fetch findings from the Semgrep AppSec Platform for a project or org.

get_supported_languages

List languages Semgrep can parse and scan today.

semgrep_rule_schema

Return the JSON Schema for Semgrep rule files.

Deploy the Semgrep MCP server in minutes

Connect your security agents to 50+ hosted MCP servers.

Self-host free