Skills

semgrep

Installation
SKILL.md

Semgrep Static Analysis

Fast, pattern-based static analysis for security scanning and custom rule creation.

MCP Tools Available

If Semgrep MCP tools are available in your environment, prefer them for scanning:

  • semgrep_scan — Scan code files for security vulnerabilities using built-in rulesets. Pass absolute file paths and an optional config (e.g., p/security-audit, auto).
  • semgrep_scan_with_custom_rule — Scan code with a custom YAML rule you've written. Pass code content inline along with the rule.
  • semgrep_findings — Fetch existing findings from the Semgrep AppSec Platform for a repository.
  • semgrep_rule_schema — Get the full schema for writing Semgrep rules.
  • get_supported_languages — List all languages Semgrep supports.

When MCP tools aren't available, fall back to the CLI commands below.

When to Use Semgrep

Installs
779
Repository
semgrep/skills
GitHub Stars
223
First Seen
Jan 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
semgrep — semgrep/skills