Semgrep MCP Server for Pydantic AI 10 tools — connect in under 2 minutes
Pydantic AI brings type-safe agent development to Python with first-class MCP support. Connect Semgrep through Vinkius and every tool is automatically validated against Pydantic schemas. catch errors at build time, not in production.
ASK AI ABOUT THIS MCP SERVER
Vinkius supports streamable HTTP and SSE.
import asyncio
from pydantic_ai import Agent
from pydantic_ai.mcp import MCPServerHTTP
async def main():
# Your Vinkius token. get it at cloud.vinkius.com
server = MCPServerHTTP(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
agent = Agent(
model="openai:gpt-4o",
mcp_servers=[server],
system_prompt=(
"You are an assistant with access to Semgrep "
"(10 tools)."
),
)
result = await agent.run(
"What tools are available in Semgrep?"
)
print(result.data)
asyncio.run(main())
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
About Semgrep MCP Server
Connect the Semgrep AppSec platform directly to your AI agent to radically accelerate code security triaging. Instead of forcing developers to jump between their IDE and the Semgrep dashboard, empower your AI to pull 'Findings', analyze the vulnerable syntax, and instantly close false positives.
Pydantic AI validates every Semgrep tool response against typed schemas, catching data inconsistencies at build time. Connect 10 tools through Vinkius and switch between OpenAI, Anthropic, or Gemini without changing your integration code. full type safety, structured output guarantees, and dependency injection for testable agents.
What you can do
- Triage Findings (Bugs) — Instruct the agent to grab the latest CI vulnerability findings and immediately push a status update to mark it as fixed, ignored, or mitigated (
update_finding_status) - Rule Management — Request the AI to look at a newly discovered bad coding pattern and command it to write and deploy a matching custom semantic rule (
create_rule) to your organizational deployment - Project & Deployment Scoping — Map out all repositories running Semgrep actions and check their overarching security health scores in milliseconds
- Comprehensive Forensics — Fetch granular SCA and SAST semantic flaw definitions, including exact snippets, CVE links, and the specific bad lines causing the trigger
The Semgrep MCP Server exposes 10 tools through the Vinkius. Connect it to Pydantic AI in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.
How to Connect Semgrep to Pydantic AI via MCP
Follow these steps to integrate the Semgrep MCP Server with Pydantic AI.
Install Pydantic AI
Run pip install pydantic-ai
Replace the token
Replace [YOUR_TOKEN_HERE] with your Vinkius token
Run the agent
Save to agent.py and run: python agent.py
Explore tools
The agent discovers 10 tools from Semgrep with type-safe schemas
Why Use Pydantic AI with the Semgrep MCP Server
Pydantic AI provides unique advantages when paired with Semgrep through the Model Context Protocol.
Full type safety: every MCP tool response is validated against Pydantic models, catching data inconsistencies before they reach your application
Model-agnostic architecture. switch between OpenAI, Anthropic, or Gemini without changing your Semgrep integration code
Structured output guarantee: Pydantic AI ensures tool results conform to defined schemas, eliminating runtime type errors
Dependency injection system cleanly separates your Semgrep connection logic from agent behavior for testable, maintainable code
Semgrep + Pydantic AI Use Cases
Practical scenarios where Pydantic AI combined with the Semgrep MCP Server delivers measurable value.
Type-safe data pipelines: query Semgrep with guaranteed response schemas, feeding validated data into downstream processing
API orchestration: chain multiple Semgrep tool calls with Pydantic validation at each step to ensure data integrity end-to-end
Production monitoring: build validated alert agents that query Semgrep and output structured, schema-compliant notifications
Testing and QA: use Pydantic AI's dependency injection to mock Semgrep responses and write comprehensive agent tests
Semgrep MCP Tools for Pydantic AI (10)
These 10 tools become available when you connect Semgrep to Pydantic AI via MCP:
create_rule
Allows developers to forbid project-specific bad patterns securely and continuously across the enterprise repositories. Create a customized Semgrep security rule within the platform
delete_rule
Delete a custom Semgrep security rule from the deployment
get_finding_details
Explains the exact malicious code block, suggests semantic fixes, states whether it is blocking PRs in CI, and links to CVE data (if an SCA supply chain defect). Get atomic details for a specific Semgrep flaw
get_metrics
Typically consumed to render executive security dashboards. Get AppSec metrics and compliance stats for Semgrep
get_project
Search for a precise Semgrep project by exact repository name
list_deployments
The primary key is the deployment slug identifier. Almost all subsequent API operations targeting rules, projects, or findings will require this deployment slug to define the scope. List Semgrep organizational deployments
list_findings
Findings provide snippet details, file line numbers, severity, and rule types. Fetch global static analysis security findings for a deployment
list_projects
Projects maintain a link between developers and static security scan outputs over time. List Semgrep projects (repositories) monitored in a deployment
list_rules
The rules are structured YAML definitions that search for semantic anti-patterns in codebases (e.g., unparameterized SQL queries, hardcoded AWS keys). List Semgrep semantic rules deployed globally
update_finding_status
Valid states generally include active, fixed, false_positive, ignored, mitigated. Resolving findings through this API cleans up the developer experience when managing compliance queues. Mark a Semgrep finding state (e.g., fixed, false positive)
Example Prompts for Semgrep in Pydantic AI
Ready-to-use prompts you can give your Pydantic AI agent to start working with Semgrep immediately.
"List the most severe unmitigated findings currently breaking our CI/CD pipeline on the 'vinkius/cloud' repository."
"Mark vulnerability issue ID #58032 as a 'false_positive' using the update finding tool."
"Review the company's Semgrep performance metrics focusing on fix rate."
Troubleshooting Semgrep MCP Server with Pydantic AI
Common issues when connecting Semgrep to Pydantic AI through the Vinkius, and how to resolve them.
MCPServerHTTP not found
pip install --upgrade pydantic-aiSemgrep + Pydantic AI FAQ
Common questions about integrating Semgrep MCP Server with Pydantic AI.
How does Pydantic AI discover MCP tools?
MCPServerHTTP instance with the server URL. Pydantic AI connects, discovers all tools, and generates typed Python interfaces automatically.Does Pydantic AI validate MCP tool responses?
Can I switch LLM providers without changing MCP code?
Connect Semgrep with your favorite client
Step-by-step setup guides for every MCP-compatible client and framework:
Anthropic's native desktop app for Claude with built-in MCP support.
AI-first code editor with integrated LLM-powered coding assistance.
GitHub Copilot in VS Code with Agent mode and MCP support.
Purpose-built IDE for agentic AI coding workflows.
Autonomous AI coding agent that runs inside VS Code.
Anthropic's agentic CLI for terminal-first development.
Python SDK for building production-grade OpenAI agent workflows.
Google's framework for building production AI agents.
Type-safe agent development for Python with first-class MCP support.
TypeScript toolkit for building AI-powered web applications.
TypeScript-native agent framework for modern web stacks.
Python framework for orchestrating collaborative AI agent crews.
Leading Python framework for composable LLM applications.
Data-aware AI agent framework for structured and unstructured sources.
Microsoft's framework for multi-agent collaborative conversations.
Connect Semgrep to Pydantic AI
Get your token, paste the configuration, and start using 10 tools in under 2 minutes. No API key management needed.