ZeroPath MCP Server

ZeroPath MCP Server

By ZeroPathAI GitHub

Open-source MCP server for querying ZeroPath security issues, patches, and scans using Claude, Cursor, Windsurf, or any AI assistant.

security appsec
Overview

What is ZeroPath MCP Server?

ZeroPath MCP Server is an open-source server designed for querying security issues, patches, and scans related to ZeroPath using AI assistants like Claude, Cursor, and Windsurf.

How to use ZeroPath MCP Server?

To use the ZeroPath MCP Server, you need to generate an API key from your ZeroPath organization settings, configure your environment variables, and set up the server in your AI-assisted tools.

Key features of ZeroPath MCP Server?

  • Natural language querying of security findings.
  • Integration with AI-assisted tools for seamless security context.
  • Tools for searching vulnerabilities, fetching issue details, and approving patches.

Use cases of ZeroPath MCP Server?

  1. Querying SAST issues directly from your development environment.
  2. Automating security patch approvals.
  3. Enhancing security workflows with AI assistance.

FAQ from ZeroPath MCP Server?

  • Can I use ZeroPath MCP Server with any AI assistant?

Yes! It is compatible with Claude, Cursor, Windsurf, and other MCP-compatible environments.

  • Is ZeroPath MCP Server free to use?

Yes! It is an open-source project available for everyone.

  • How do I contribute to the project?

You can contribute by reporting bugs, submitting pull requests, or providing feedback on Discord.

Content

ZeroPath MCP Server

Interact with your product security findings using natural language.

This open-source MCP server allows developers to query SAST issues, secrets, patches, and more from ZeroPath directly inside AI-assisted tools like Claude Desktop, Cursor, Windsurf, and other MCP-compatible environments.

No dashboards. No manual ticket triage. Just security context where you're already working.

Blog Post

Learn more about why we built this and how it fits into the evolving AI development ecosystem:

📄 Chat With Your AppSec Scans: Introducing the ZeroPath MCP Server

Installation

1. Generate API Key

Generate an API key from your ZeroPath organization settings at https://zeropath.com/app/settings/api

2. Configure Environment Variables

Set up your environment variables with the API key:

export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret

3. Retrieve Your Organization ID

Run the following command to get your organization ID:

curl -X POST https://zeropath.com/api/v1/orgs/list \
    -H "X-ZeroPath-API-Token-Id: $ZEROPATH_TOKEN_ID" \
    -H "X-ZeroPath-API-Token-Secret: $ZEROPATH_TOKEN_SECRET" \
    -H "Content-Type: application/json" \
    -d '{}'

4. Install uv

We use uv for dependency management:

curl -LsSf https://astral.sh/uv/install.sh | sh

5. Clone and Setup

git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git
cd zeropath-mcp-server
uv sync
export ZEROPATH_ORG_ID=your_org_id

Configuration

Add this entry to your MCP config (Claude Desktop, Cursor, etc.):

{
  "mcpServers": {
    "zeropath-mcp-server": {
      "command": "uv",
      "args": [
        "run",
        "--project",
        "<absolute cloned directory path>/zeropath-mcp-server",
        "<absolute cloned directory path>/zeropath-mcp-server/main.py"
      ]
    }
  }
}

Replace <absolute cloned directory path> with the absolute path to the repo.

Environment Variables

Before running the server, export the following:

export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
export ZEROPATH_ORG_ID=your_org_id

These can be generated from your ZeroPath dashboard.

Available Tools

Once connected, the following tools are exposed to your AI assistant:

search_vulnerabilities(search_query: str)

Query SAST issues by keyword.

Prompt example:

"Show me all SSRF vulnerabilities in the user service."

get_issue(issue_id: str)

Fetch full metadata, patch suggestions, and code context for a specific issue.

Prompt example:

"Give me the details for issue abc123."

approve_patch(issue_id: str)

Approve a patch (write action). Optional depending on your setup.

Prompt example:

"Approve the patch for xyz456."

Development Mode

Use ./dev_mode.bash to test the tools locally without a client connection.

Contributing

We welcome contributions from the security, AI, and developer tools communities.

  • Found a bug? Open an issue
  • Want to improve a tool or add a new one? Submit a pull request
  • Have feedback or questions? Join us on Discord
No tools information available.
MCP Kali Server
MCP Kali Server by Wh0am123

MCP configuration to connect AI agent to a Linux machine.

security mcp
View Details
😎 Contributing

🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️

security exploit
View Details
mcp-security-sandbox

MCP Security Playground - Hack with MCP Servers, MCP Clients. Try out different vulnerabilities and abuse LLMs and agents in a UI friendly experimentation lab

security playground
View Details
Arcjet - MCP Server

Arcjet Model Context Protocol (MCP) server. Help your AI agents implement bot detection, rate limiting, email validation, attack protection, data redaction.

security mcp
View Details
MCP Ethical Hacking

MCP Ethical Hacking Security sample for educational

security ai
View Details
MCP Subfinder Server
MCP Subfinder Server by copyleftdev

Model Context Protocol (MCP) server that wraps ProjectDiscovery's subfinder tool for powerful subdomain enumeration through a JSON-RPC API.

security mcp
View Details
🔒 MCP Server Authentication Reference Collection

🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.

security authentication
View Details