Semgrep
Application security platform for code, supply-chain, and secret findings
Tools
| Name | Description |
|---|---|
list_deploymentsList deployments accessible to the Semgrep API token. | List deployments accessible to the Semgrep API token. |
list_projectsList Semgrep projects for a deployment. | List Semgrep projects for a deployment. |
get_projectRetrieve one Semgrep project by deployment slug and project name. | Retrieve one Semgrep project by deployment slug and project name. |
list_findingsList code or supply-chain findings with bounded pagination and filters. | List code or supply-chain findings with bounded pagination and filters. |
list_secret_findingsList Semgrep Secrets findings metadata. Secret values are not returned by this action. | List Semgrep Secrets findings metadata. Secret values are not returned by this action. |
bulk_triage_findingsTriage selected Semgrep findings by explicit IDs or filters. Requires exact confirmation. | Triage selected Semgrep findings by explicit IDs or filters. Requires exact confirmation. |
Triggers
| Name | Description |
|---|---|
new_findingsTriggers for new Semgrep code or supply-chain findings after the trigger is enabled. | Triggers for new Semgrep code or supply-chain findings after the trigger is enabled. |
Quick Start
import { WeavzClient } from '@weavz-io/sdk'
const weavz = new WeavzClient({ apiKey: 'wvz_...' })
const result = await weavz.actions.execute('semgrep', 'list_deployments', {
workspaceId: '550e8400-e29b-41d4-a716-446655440000',
integrationAlias: 'semgrep',
input: { /* ... */ },
})Related Integrations
Works well with
Frequently Asked Questions
How do I connect Semgrep to my app?
Use Weavz Hosted Connect for API Key authentication. Install the SDK, create a connection through the connect portal or API, then execute tools programmatically.
What tools does Semgrep support?
Semgrep supports 6 tools including List Deployments, List Projects, Get Project, List Findings, List Secret Findings, and more.
Can I use Semgrep with AI agents?
Yes. Add Semgrep to an MCP server in Tool Mode or Code Mode. Code Mode provides 3 meta-tools with on-demand API discovery so agents can compose stateful workflows without loading every action schema up front.
Can Semgrep be used in stateful agent workflows?
Yes. Agents can combine Semgrep tools with Filesystem, State KV, Human Gates, input partials, and other workspace integrations while keeping execution scoped to the selected workspace or end user.
What authentication does Semgrep use?
Semgrep uses API Key. Weavz stores credentials securely and uses them for authorized action execution.
How much does the Semgrep integration cost?
The Semgrep integration is included on all Weavz plans including the free tier with 20,000 actions per month. No credit card required.
What triggers does Semgrep support?
Semgrep supports 1 triggers including New Findings.
Connect Semgrep in minutes
Get 20,000 free action executions every month. No credit card required.