Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| ZAP_URL | No | URL for OWASP ZAP API (required if using ZAP in API mode; default is Docker) | |
| MCP_PORT | No | Port for the MCP server | 3000 |
| NODE_ENV | No | Environment mode (e.g., production, development) | production |
| LOG_LEVEL | No | Logging level (info, debug, warn, error) | info |
| TRIVY_PATH | No | Path to the Trivy executable | trivy |
| ZAP_API_KEY | No | API key for OWASP ZAP authentication | |
| SONARQUBE_URL | No | URL for SonarQube server (required for SonarQube integration) | |
| SONARQUBE_TOKEN | No | Authentication token for SonarQube | |
| TRIVY_CACHE_DIR | No | Directory for Trivy scan cache | /tmp/trivy-cache |
| OSV_SCANNER_PATH | No | Path to the OSV Scanner executable | osv-scanner |
| SECURITY_STRICT_MODE | No | Enable strict security mode | true |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| run_sast_scan | Execute SAST (Static Application Security Testing) scan |
| run_dast_scan | Execute DAST (Dynamic Application Security Testing) scan |
| run_sca_scan | Execute SCA (Software Composition Analysis) scan |
| run_iast_scan | Execute IAST (Runtime Configuration & Header Analysis) scan |
| generate_security_report | Generate comprehensive security report from all scans |
| validate_security_policy | Validate security policy compliance |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |