StackMCP

Set up Semgrep MCP in VS Code

Static analysis security scanning with custom rules, AST analysis, and multi-language vulnerability detection. Official Semgrep implementation.

1

Locate the config file

VS Code reads MCP server configuration from the following file:

.vscode/settings.json → mcp section

Create this file if it does not already exist. For VS Code, this is inside your workspace .vscode/settings.json file under the mcp section.

2

Add the configuration

Add the following to your VS Code config file:

json
{
  "servers": {
    "semgrep-mcp": {
      "type": "stdio",
      "command": "uvx",
      "args": [
        "semgrep-mcp"
      ]
    }
  }
}
3

Set up environment variables

No environment variables needed. Semgrep MCP works out of the box without any API keys or tokens.

4

Verify it works

Restart VS Code. Semgrep MCP should appear in your MCP server list with 7 tools available.

This server adds approximately 3,500 tokens to your context window for tool definitions.

Set up Semgrep MCP in other editors

Claude CodeCursorWindsurfClaude DesktopContinue
← Back to Semgrep MCP