StackMCP

Set up Semgrep MCP in Windsurf

Static analysis security scanning with custom rules, AST analysis, and multi-language vulnerability detection. Official Semgrep implementation.

1

Locate the config file

Windsurf reads MCP server configuration from the following file:

~/.codeium/windsurf/mcp_config.json

Create this file if it does not already exist.

2

Add the configuration

Add the following to your Windsurf config file:

json
{
  "mcpServers": {
    "semgrep-mcp": {
      "command": "uvx",
      "args": [
        "semgrep-mcp"
      ]
    }
  }
}
3

Set up environment variables

No environment variables needed. Semgrep MCP works out of the box without any API keys or tokens.

4

Verify it works

Restart Windsurf. Semgrep MCP should appear in your MCP server list with 7 tools available.

This server adds approximately 3,500 tokens to your context window for tool definitions.

Set up Semgrep MCP in other editors

Claude CodeCursorVS CodeClaude DesktopContinue
← Back to Semgrep MCP