ZeroPath MCP Server

Instructions

Implementation Reference

• src/zeropath_mcp_server/server.py:628-677 (handler)

  The main handler function decorated with @mcp.tool() which registers and implements the list_sca_vulnerabilities tool. It constructs a payload from parameters, calls the ZeroPath SCA API endpoint, handles errors, and formats the response using a helper.
  @mcp.tool() def list_sca_vulnerabilities( search_query: str = None, repository_ids: list[str] = None, ecosystems: list[str] = None, transitivity: str = None, page: int = 1, page_size: int = 50 ) -> str: """ Search for SCA (Software Composition Analysis) vulnerabilities in dependencies. Args: search_query: Optional search term to filter vulnerabilities repository_ids: Optional list of repository IDs to filter by ecosystems: Optional list of ecosystems to filter (npm, pip, maven, etc.) transitivity: Optional filter by dependency type (direct, transitive) page: Page number (default: 1) page_size: Number of results per page (default: 50) """ payload = { "page": page, "pageSize": page_size } if search_query: payload["searchQuery"] = search_query if repository_ids: payload["repositoryIds"] = repository_ids if ecosystems: payload["ecosystems"] = ecosystems if transitivity: if transitivity not in ["direct", "transitive"]: return "Error: transitivity must be 'direct' or 'transitive'" payload["transitivity"] = transitivity response, error = make_api_request("sca/vulnerabilities/search", payload) if error: return error if response.status_code == 200: return process_sca_vulnerabilities_response(response.json()) elif response.status_code == 401: return "Error: Unauthorized - check API credentials" elif response.status_code == 400: return f"Error: Bad request - {response.text}" else: return f"Error: API returned status {response.status_code}: {response.text}"
• src/zeropath_mcp_server/server.py:774-820 (helper)

  Supporting utility function that processes the raw API response for SCA vulnerabilities into a human-readable formatted string, extracting key fields like ID, package, severity, etc., and handling pagination.
  def process_sca_vulnerabilities_response(raw_response): """Process SCA vulnerabilities search response into readable format.""" if "error" in raw_response: return f"Error: {raw_response['error']}" vulns = raw_response.get("vulnerabilities", raw_response.get("items", [])) if not vulns: return "No SCA vulnerabilities found." total_count = raw_response.get("totalCount", len(vulns)) result = f"Found {total_count} SCA vulnerability(ies).\n\n" for i, vuln in enumerate(vulns, 1): result += f"Vulnerability {i}:\n" result += f" ID: {vuln.get('id', 'N/A')}\n" # Package info pkg = vuln.get('package', {}) if pkg: result += f" Package: {pkg.get('name', 'N/A')} @ {pkg.get('version', 'N/A')}\n" result += f" Ecosystem: {pkg.get('ecosystem', 'N/A')}\n" result += f" Manifest: {pkg.get('manifestPath', 'N/A')}\n" else: result += f" Package: {vuln.get('packageName', 'N/A')}\n" # Metadata meta = vuln.get('metadata', {}) if meta: result += f" Severity: {meta.get('severity', 'N/A')}\n" result += f" Score: {meta.get('severityScore', 'N/A')}\n" result += f" Summary: {meta.get('summary', 'N/A')}\n" if meta.get('aliases'): result += f" Aliases: {', '.join(meta['aliases'][:3])}\n" else: result += f" Severity: {vuln.get('severity', 'N/A')}\n" result += f" Repository: {vuln.get('repositoryId', 'N/A')}\n" result += f" Branch: {vuln.get('branch', 'N/A')}\n" result += "\n" # Pagination info if "page" in raw_response: result += f"Page: {raw_response.get('page', 1)} | " result += f"Page Size: {raw_response.get('pageSize', len(vulns))} | " result += f"Total: {total_count}\n" return result