AI Agents

AI Agents

Use xgrep as a security-scanning and code-intelligence backend for AI agents.

AI Agents

xgrep is designed to be a static-analysis and code-intelligence backend for AI agents: Semgrep-compatible scanning with taint analysis, code navigation via xgrep inspect, and a queryable code graph — all with --json output.

  • Agent guide — the canonical, root-level AGENTS.md: orient → locate → navigate → assess with inspect, scan for findings, trace dataflow with the graph, and a triage workflow with investigation patterns by vulnerability type. Agent tools (Claude Code, Cursor, …) auto-discover this file at the repo root.
  • Skills — packaged Claude Code skills for inspecting code, creating rules, triaging findings, and secure coding.

Related: Code intelligence and the MCP server.

CI

Run xgrep in CI and publish results to GitHub Code Scanning or GitLab SAST.

Skills

Packaged Claude Code skills built on xgrep — inspect, rule creation, triage, and secure coding.

On this page

AI Agents