MCP Server Policy
SEMGREP MCP POLICY
Enforce policies on every tool call to the Semgrep MCP Server. 8 tools listed, categorised, and ready for rules.
GET STARTED
Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Semgrep.
# Download policy scaffold
curl -o semgrep.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/semgrep.yaml
# Run with Intercept
intercept --policy semgrep.yaml -- npx -y @semgrep/mcp Server documentation: https://github.com/semgrep/mcp
READ TOOLS
1WRITE TOOLS
1OTHER TOOLS
6POLICY YAML
This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.
version: "1"
description: "Policy for semgrep/mcp"
default: "allow"
tools:
get_abstract_syntax_tree:
rules: []
write_custom_semgrep_rule:
rules: []
security_check:
rules: []
semgrep_findings:
rules: []
semgrep_rule_schema:
rules: []
semgrep_scan:
rules: []
semgrep_scan_with_custom_rule:
rules: []
supported_languages:
rules: []RELATED POLICIES
FREQUENTLY ASKED QUESTIONS
What tools does the Semgrep MCP server expose?
The Semgrep MCP Server exposes 8 tools across 3 categories: Read, Write, Other. Each tool can be individually controlled with Intercept policies.
How do I enforce policies on Semgrep?
Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Semgrep MCP server. Every tool call is evaluated against your YAML policy before execution.
Is the Semgrep policy free to use?
Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.
ENFORCE POLICIES ON SEMGREP
Open source. One binary. Zero dependencies.