Integrations
Offers a community space for users to ask questions, provide feedback, and discuss the ZeroPath MCP server
Enables bug reporting and contribution to the ZeroPath MCP server through GitHub issues and pull requests
ZeroPath MCP Server
Interact with your product security findings using natural language.
This open-source MCP server allows developers to query SAST issues, secrets, patches, and more from ZeroPath directly inside AI-assisted tools like Claude Desktop, Cursor, Windsurf, and other MCP-compatible environments.
No dashboards. No manual ticket triage. Just security context where you're already working.
Blog Post
Learn more about why we built this and how it fits into the evolving AI development ecosystem:
📄 Chat With Your AppSec Scans: Introducing the ZeroPath MCP Server
Installation
1. Generate API Key
Generate an API key from your ZeroPath organization settings at https://zeropath.com/app/settings/api
2. Configure Environment Variables
Set up your environment variables with the API key:
3. Retrieve Your Organization ID
Run the following command to get your organization ID:
4. Install uv
We use uv
for dependency management:
5. Clone and Setup
Configuration
Add this entry to your MCP config (Claude Desktop, Cursor, etc.):
Replace <absolute cloned directory path>
with the absolute path to the repo.
Environment Variables
Before running the server, export the following:
These can be generated from your ZeroPath dashboard.
Available Tools
Once connected, the following tools are exposed to your AI assistant:
search_vulnerabilities(search_query: str)
Query SAST issues by keyword.
Prompt example:
"Show me all SSRF vulnerabilities in the user service."
get_issue(issue_id: str)
Fetch full metadata, patch suggestions, and code context for a specific issue.
Prompt example:
"Give me the details for issue
abc123
."
approve_patch(issue_id: str)
Approve a patch (write action). Optional depending on your setup.
Prompt example:
"Approve the patch for
xyz456
."
Development Mode
Use ./dev_mode.bash
to test the tools locally without a client connection.
Contributing
We welcome contributions from the security, AI, and developer tools communities.
- Found a bug? Open an issue
- Want to improve a tool or add a new one? Submit a pull request
- Have feedback or questions? Join us on Discord
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Allows developers to query security findings (SAST issues, secrets, patches) using natural language within AI-assisted tools like Claude Desktop, Cursor, and other MCP-compatible environments.
Related MCP Servers
- -securityAlicense-qualityProvides code manipulation, execution, and version control capabilities. It allows AI assistants to read, write, and execute code while maintaining a history of changes.Last updated -8PythonMIT License
- -securityFlicense-qualityEnables AI assistants to interact with Metabase, providing access to dashboards, questions, databases, and tools for executing queries and viewing data through natural language.Last updated -JavaScript
- -securityFlicense-qualityAn MCP server that integrates with Claude to provide smart documentation search capabilities across multiple AI/ML libraries, allowing users to retrieve and process technical information through natural language queries.Last updated -Python
- -securityFlicense-qualityProvides AI assistants like Claude or Cursor with access to Payman AI's documentation, helping developers build integrations more efficiently.Last updated -TypeScript