Semgrep Mcp Marketplace
semgrep-mcp-marketplace is a Claude Code plugin for the Ship phase that connects Semgrep static analysis commands and hooks into your coding agent.
by semgrep · github.com/semgrep/mcp-marketplace
Register Semgrep’s Claude Code plugin to run static analysis, Semgrep commands, and security-aware hooks from the agent session.
Add it to Claude Code
Install the plugin in Claude Code. One command, paste-ready.
/plugin install semgrep-mcp-marketplace@semgrep/mcp-marketplaceBuilt to be called by your agent
Skillselion is itself an MCP server. Your agent can pull this entry and a paste-ready install config straight from the API - no copy-paste.
Retrieve this entry with skillselion.get_details("plugin:semgrep/mcp-marketplace") and the paste-ready config with skillselion.get_install_config("plugin:semgrep/mcp-marketplace").
What it does
semgrep-mcp-marketplace is the repository and Claude Code plugin home for bringing Semgrep static analysis into agent-driven development. Solo builders shipping SaaS, APIs, or CLIs can invoke Semgrep-backed commands and hooks without leaving Claude Code, which tightens the loop between writing code and catching rule violations early. Install it when you are in the ship-and-secure part of the journey and want repeatable appsec checks aligned with Semgrep’s ecosystem rather than generic “please review security” prompts. The marketplace framing signals MCP-oriented distribution alongside traditional plugin install paths. Repository scale is small on stars, so pair it with your existing CI Semgrep jobs for production gates; treat the plugin as session-time signal, not a substitute for full pipeline policy.
Highlights
- Official home for the Semgrep Claude Code plugin in an MCP marketplace repo
- Claude-oriented commands and hooks for Semgrep workflows
- Static analysis surfaced inside the agent instead of a separate-only CLI loop
- Single-plugin marketplace entry (plugin count 1)
- Community catalog listing with semgrep and plugin keywords
Why builders use it
Builders catch security issues late when Semgrep only runs in CI and the agent cannot run rules during implementation.
After install, you can trigger Semgrep-oriented plugin commands and hooks from Claude Code so findings surface while you are still fixing code.
At a glance
- Type - Plugin in Security.
- Adoption - 0 installs, 2 stars, 0 votes.
FAQ
Who is semgrep-mcp-marketplace for?
It is for developers shipping code with Claude Code who want Semgrep static analysis and security hooks available from the agent.
When should I use semgrep-mcp-marketplace?
Use it in the Ship phase during security review, pre-release hardening, or whenever you run Semgrep rules before merge.
How do I add semgrep-mcp-marketplace to my agent?
Add the plugin from the semgrep/mcp-marketplace Claude Code marketplace entry and configure Semgrep per the repo instructions.
Comments
Share how you use semgrep-mcp-marketplace, gotchas, or tips for other indie builders.
No comments yet - be the first to share how you use it.