Public
zeropath-mcp-server
2025-03-27
Open-source MCP server for querying ZeroPath security issues, patches, and scans using Claude, Cursor, Windsurf, or any AI assistant.
0
Github Watches
0
Github Forks
2
Github Stars
ZeroPath MCP Server
Interact with your product security findings using natural language.
This open-source MCP server allows developers to query SAST issues, secrets, patches, and more from ZeroPath directly inside AI-assisted tools like Claude Desktop, Cursor, Windsurf, and other MCP-compatible environments.
No dashboards. No manual ticket triage. Just security context where you're already working.
Blog Post
Learn more about why we built this and how it fits into the evolving AI development ecosystem:
📄 Chat With Your AppSec Scans: Introducing the ZeroPath MCP Server
Installation
1. Generate API Key
Generate an API key from your ZeroPath organization settings at https://zeropath.com/app/settings/api
2. Configure Environment Variables
Set up your environment variables with the API key:
export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
3. Retrieve Your Organization ID
Run the following command to get your organization ID:
curl -X POST https://zeropath.com/api/v1/orgs/list \
-H "X-ZeroPath-API-Token-Id: $ZEROPATH_TOKEN_ID" \
-H "X-ZeroPath-API-Token-Secret: $ZEROPATH_TOKEN_SECRET" \
-H "Content-Type: application/json" \
-d '{}'
4. Install uv
We use uv for dependency management:
curl -LsSf https://astral.sh/uv/install.sh | sh
5. Clone and Setup
git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git
cd zeropath-mcp-server
uv sync
export ZEROPATH_ORG_ID=your_org_id
Configuration
Add this entry to your MCP config (Claude Desktop, Cursor, etc.):
{
"mcpServers": {
"zeropath-mcp-server": {
"command": "uv",
"args": [
"run",
"--project",
"<absolute cloned directory path>/zeropath-mcp-server",
"<absolute cloned directory path>/zeropath-mcp-server/main.py"
]
}
}
}
Replace <absolute cloned directory path> with the absolute path to the repo.
Environment Variables
Before running the server, export the following:
export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
export ZEROPATH_ORG_ID=your_org_id
These can be generated from your ZeroPath dashboard.
Available Tools
Once connected, the following tools are exposed to your AI assistant:
search_vulnerabilities(search_query: str)
Query SAST issues by keyword.
Prompt example:
"Show me all SSRF vulnerabilities in the user service."
get_issue(issue_id: str)
Fetch full metadata, patch suggestions, and code context for a specific issue.
Prompt example:
"Give me the details for issue
abc123."
approve_patch(issue_id: str)
Approve a patch (write action). Optional depending on your setup.
Prompt example:
"Approve the patch for
xyz456."
Development Mode
Use ./dev_mode.bash to test the tools locally without a client connection.
Contributing
We welcome contributions from the security, AI, and developer tools communities.
- Found a bug? Open an issue
- Want to improve a tool or add a new one? Submit a pull request
- Have feedback or questions? Join us on Discord
相关推荐
I craft unique cereal names, stories, and ridiculously cute Cereal Baby images.
I find academic articles and books for research and literature reviews.
Evaluator for marketplace product descriptions, checks for relevancy and keyword stuffing.
Confidential guide on numerology and astrology, based of GG33 Public information
Emulating Dr. Jordan B. Peterson's style in providing life advice and insights.
Advanced software engineer GPT that excels through nailing the basics.
Your go-to expert in the Rust ecosystem, specializing in precise code interpretation, up-to-date crate version checking, and in-depth source code analysis. I offer accurate, context-aware insights for all your Rust programming questions.
Converts Figma frames into front-end code for various mobile frameworks.
Discover the most comprehensive and up-to-date collection of MCP servers in the market. This repository serves as a centralized hub, offering an extensive catalog of open-source and proprietary MCP servers, complete with features, documentation links, and contributors.
The all-in-one Desktop & Docker AI application with built-in RAG, AI agents, No-code agent builder, MCP compatibility, and more.
Micropython I2C-based manipulation of the MCP series GPIO expander, derived from Adafruit_MCP230xx
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
🧑🚀 全世界最好的LLM资料总结(Agent框架、辅助编程、数据处理、模型训练、模型推理、o1 模型、MCP、小语言模型、视觉语言模型) | Summary of the world's best LLM resources.
Mirror ofhttps://github.com/agentience/practices_mcp_server
Reviews
5
(1)
user_niqUN8gh
2025-04-15
I have been using the Local Claude MCP Servers Collection by saptechengineer for several months, and it has significantly improved my server management. The interface is user-friendly, and the stability is unparalleled. The resources provided are comprehensive, aiding both beginners and advanced users. Highly recommended! Check it out at https://mcp.so/server/mcp/saptechengineer.