ZAP MCP Server

# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ### Added - Initial release of ZAP MCP Server - Complete integration with OWASP ZAP - Support for Active, Passive, AJAX, and Complete scans - Docker and Podman containerization support - Asynchronous scan processing - Real-time scan status monitoring - Comprehensive MCP tool suite - Session management and cleanup - Heartbeat mechanism for long-running scans - Extensive configuration options - Production-ready error handling and logging ### Features - **Multiple Scan Types**: Active, Passive, AJAX Spider, and Complete scans - **Asynchronous Processing**: Background scan execution with real-time status updates - **Container Support**: Easy deployment with Docker Compose and Podman - **AI Integration**: Seamless integration with MCP-compatible AI assistants - **Rich Reporting**: Detailed vulnerability reports with risk scoring - **Session Management**: Flexible session handling strategies - **Production Ready**: Robust error handling and logging ### Technical Details - Python 3.8+ support - OWASP ZAP integration via REST API - Model Context Protocol (MCP) implementation - FastAPI-based HTTP server - Comprehensive error handling - Configurable timeouts and retry logic - Docker multi-stage builds - Security-focused design ## [1.0.0] - 2025-01-XX ### Added - Initial public release - Complete documentation - GitHub Actions CI/CD pipeline - Security policies and guidelines - Contributing guidelines - MIT License ### Security - API key protection (optional) - Non-root container execution - Input validation and sanitization - Secure error handling - Network access controls ### Documentation - Comprehensive README with examples - Docker and Podman setup guides - API documentation - Troubleshooting guides - Security best practices --- ## Version History - **v1.0.0**: Initial public release with full feature set - **v0.x.x**: Development and testing phases (not publicly released) ## Release Notes ### v1.0.0 Release Notes This is the first public release of ZAP MCP Server, a powerful tool that bridges the gap between OWASP ZAP security testing and AI assistants through the Model Context Protocol. #### Key Features - **Complete ZAP Integration**: Full support for all ZAP scanning capabilities - **AI-Powered Security**: Seamless integration with AI assistants for intelligent vulnerability analysis - **Developer-Friendly**: Simple MCP interface for non-security experts - **Production-Ready**: Robust error handling, logging, and monitoring - **Containerized**: Easy deployment with Docker and Podman #### Getting Started 1. Clone the repository 2. Install dependencies: `pip install -r requirements.txt` 3. Start the server: `python -m zap_custom_mcp` 4. Connect your MCP client to `http://localhost:8082/mcp` #### Docker Quick Start ```bash git clone https://github.com/YOUR_USERNAME/zap-custom-mcp.git cd zap-custom-mcp ./build.sh && ./start.sh ``` #### What's Next - Enhanced scan policies - Additional MCP tools - Performance optimizations - Extended documentation - Community contributions --- ## Contributing See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to this project. ## Support - 📖 [Documentation](https://github.com/YOUR_USERNAME/zap-custom-mcp/wiki) - 🐛 [Issue Tracker](https://github.com/YOUR_USERNAME/zap-custom-mcp/issues) - 💬 [Discussions](https://github.com/YOUR_USERNAME/zap-custom-mcp/discussions) ## License This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.