Google Antigravity Directory

The #1 directory for Google Antigravity prompts, rules, workflows & MCP servers. Optimized for Gemini 3 agentic development.

Resources

PromptsMCP ServersAntigravity RulesGEMINI.md GuideBest Practices

Company

Submit PromptAntigravityAI.directory

Popular Prompts

Next.js 14 App RouterReact TypeScriptTypeScript AdvancedFastAPI GuideDocker Best Practices

Legal

Privacy PolicyTerms of ServiceContact Us
Featured on FazierVerified on Verified ToolsFeatured on WayfindioAntigravity AI - Featured on Startup FameFeatured on Wired BusinessFeatured on Twelve ToolsListed on Turbo0Featured on findly.toolsFeatured on Aura++That App ShowFeatured on FazierVerified on Verified ToolsFeatured on WayfindioAntigravity AI - Featured on Startup FameFeatured on Wired BusinessFeatured on Twelve ToolsListed on Turbo0Featured on findly.toolsFeatured on Aura++That App Show

© 2026 Antigravity AI Directory. All rights reserved.

The #1 directory for Google Antigravity IDE

This website is not affiliated with, endorsed by, or associated with Google LLC. "Google" and "Gemini" are trademarks of Google LLC.

Antigravity AI Directory
PromptsMCPBest PracticesUse CasesLearn
Home
MCP Servers
Semgrep
shield

Semgrep MCP Server

Official Semgrep MCP server for security scanning

semgrepsecuritysastvulnerabilitiesscanning

About

## Semgrep MCP Server: Static Analysis for Security and Code Quality The **Semgrep MCP Server** integrates lightweight static analysis into Google Antigravity, enabling developers to find bugs, security vulnerabilities, and anti-patterns using customizable rules that understand code semantics. ### Why Semgrep MCP? - **Fast scanning** - Analyze large codebases in seconds - **Custom rules** - Write rules that match code patterns semantically - **Security focus** - Detect OWASP vulnerabilities and security issues - **Multi-language** - Support for 30+ programming languages - **CI/CD ready** - Easy integration into development workflows ### Key Features #### 1. Security Scanning ```python # Scan for security vulnerabilities results = await mcp.call("semgrep", "scan", { "path": "/app/src", "config": ["p/security-audit", "p/owasp-top-ten"], "severity": ["ERROR", "WARNING"] }) print(f"Found {len(results[\"findings\"])} issues") for finding in results["findings"]: print(f"[{finding[\"severity\"]}] {finding[\"check_id\"]}") print(f" File: {finding[\"path\"]}:{finding[\"line\"]}") print(f" Message: {finding[\"message\"]}") ``` #### 2. Custom Rules ```python # Create custom security rule rule = await mcp.call("semgrep", "create_rule", { "id": "custom-sql-injection", "pattern": "cursor.execute($QUERY % ...)", "message": "Potential SQL injection via string formatting", "severity": "ERROR", "languages": ["python"], "metadata": {"cwe": "CWE-89", "category": "security"} }) # Run with custom rule custom_scan = await mcp.call("semgrep", "scan", { "path": "/app/src", "rules": [rule] }) ``` #### 3. Code Quality Checks ```python # Run code quality rules quality = await mcp.call("semgrep", "scan", { "path": "/app/src", "config": ["p/python", "p/typescript"], "exclude": ["*_test.py", "*.spec.ts"] }) # Group findings by category by_category = {} for finding in quality["findings"]: cat = finding["metadata"].get("category", "other") if cat not in by_category: by_category[cat] = [] by_category[cat].append(finding) ``` #### 4. CI/CD Integration ```python # Scan with policy enforcement result = await mcp.call("semgrep", "scan_with_policy", { "path": "/app/src", "config": ["p/ci"], "policy": { "block_on": ["ERROR"], "notify_on": ["WARNING"], "max_findings": 10 } }) if result["policy_failed"]: print("Build blocked due to security findings") for blocker in result["blockers"]: print(f" - {blocker[\"check_id\"]}: {blocker[\"path\"]}") ``` ### Configuration ```json { "mcpServers": { "semgrep": { "command": "npx", "args": ["-y", "@anthropic/mcp-semgrep"], "env": { "SEMGREP_APP_TOKEN": "your-semgrep-token" } } } } ``` ### Use Cases **Security Auditing**: Find SQL injection, XSS, and other vulnerabilities. **Code Standards**: Enforce coding patterns and best practices. **Dependency Issues**: Detect insecure usage of libraries and frameworks. **Pre-commit Hooks**: Catch issues before code reaches the repository. The Semgrep MCP Server brings semantic code analysis into your development workflow.

Installation

Configuration
{
  "mcpServers": {
    "semgrep": {
      "mcpServers": {
        "semgrep": {
          "args": [
            "semgrep-mcp"
          ],
          "command": "uvx"
        }
      }
    }
  }
}

How to Use

  1. 11. Official from Semgrep
  2. 22. 5000+ built-in security rules
  3. 33. Custom rules and AST analysis

Related MCP Servers

🧰

Toolhouse MCP

Universal AI tool platform that equips your AI with production-ready capabilities. Execute code, browse the web, manage files, send emails, and more through a unified MCP interface.

🔨

Smithery Registry MCP

The MCP server registry and discovery platform. Browse, search, and install MCP servers from the community. Find the perfect integrations for your AI development workflow.

🔍

MCP Inspector

Official debugging and testing tool for MCP servers. Inspect server capabilities, test tool calls, validate responses, and debug protocol communication in real-time.

← Back to All MCP Servers