ZeroPath MCP Server
Interact with your product security findings using natural language.
This open-source MCP server allows developers to query SAST issues, secrets, patches, and more from ZeroPath directly inside AI-assisted tools like Claude Desktop, Cursor, Windsurf, and other MCP-compatible environments.
No dashboards. No manual ticket triage. Just security context where you’re already working.
Blog Post
Learn more about why we built this and how it fits into the evolving AI development ecosystem:
📄 Chat With Your AppSec Scans: Introducing the ZeroPath MCP Server
Installation
1. Generate API Key
Generate an API key from your ZeroPath organization settings at https://zeropath.com/app/settings/api
2. Configure Environment Variables
Set up your environment variables with the API key:
export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
3. Retrieve Your Organization ID
Run the following command to get your organization ID:
curl -X POST https://zeropath.com/api/v1/orgs/list
-H "X-ZeroPath-API-Token-Id: $ZEROPATH_TOKEN_ID"
-H "X-ZeroPath-API-Token-Secret: $ZEROPATH_TOKEN_SECRET"
-H "Content-Type: application/json"
-d '{}'
4. Install uv
We use uv for dependency management:
curl -LsSf https://astral.sh/uv/install.sh | sh
5. Clone and Setup
git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git
cd zeropath-mcp-server
uv sync
export ZEROPATH_ORG_ID=your_org_id
Configuration
Add this entry to your MCP config (Claude Desktop, Cursor, etc.):
{
"mcpServers": {
"zeropath-mcp-server": {
"command": "uv",
"args": [
"run",
"--project",
"<absolute cloned directory path>/zeropath-mcp-server",
"<absolute cloned directory path>/zeropath-mcp-server/main.py"
]
}
}
}
Replace <absolute cloned directory path> with the absolute path to the repo.
Environment Variables
Before running the server, export the following:
export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
export ZEROPATH_ORG_ID=your_org_id
These can be generated from your ZeroPath dashboard.
Available Tools
Once connected, the following tools are exposed to your AI assistant:
search_vulnerabilities(search_query: str)
Query SAST issues by keyword.
Prompt example:
“Show me all SSRF vulnerabilities in the user service.”
get_issue(issue_id: str)
Fetch full metadata, patch suggestions, and code context for a specific issue.
Prompt example:
“Give me the details for issue
abc123.”
approve_patch(issue_id: str)
Approve a patch (write action). Optional depending on your setup.
Prompt example:
“Approve the patch for
xyz456.”
Development Mode
Use ./dev_mode.bash to test the tools locally without a client connection.
Contributing
We welcome contributions from the security, AI, and developer tools communities.
- Found a bug? Open an issue
- Want to improve a tool or add a new one? Submit a pull request
- Have feedback or questions? Join us on Discord
ZeroPath MCP Server
Project Details
- ZeroPathAI/zeropath-mcp-server
- Last Updated: 4/16/2025
Recomended MCP Servers
인천국제공항 실시간 정보 시스템 - 공공데이터 API 활용 스트림릿 앱
MCP Server for transcribing videos via video links and summarizing video content
MCP Server for kubernetes management commands
This MCP server provides tools to interact with Google Flights data using the bundled fast_flights library.
An MCP server that provides safe, read-only access to SQLite databases through Model Context Protocol (MCP). This server...
小红书笔记 | 评论爬虫、抖音视频 | 评论爬虫、快手视频 | 评论爬虫、B 站视频 | 评论爬虫、微博帖子 | 评论爬虫
MCP server for Grafana
Featured Templates
View More
