Semgrep Scan

Security and correctness gate on changed files.

When to Use

• Before committing implementation work
• As part of verification-before-completion
• After refactoring security-sensitive code

When NOT to Use

• Writing or testing custom Semgrep rules (use the semgrep_scan_with_custom_rule MCP tool)
• Full-repo baseline scans (uvx semgrep scan --config auto . directly)
• Dependency / supply chain scanning (use the semgrep_scan_supply_chain MCP tool)

Process

1. Identify targets