Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

zap.get_alerts

Retrieve security alerts from ZAP scans to identify vulnerabilities, with options to filter by URL, risk level, and paginate results.

Instructions

Get all security alerts from ZAP

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
baseURLNoFilter alerts by base URL (optional)
startNoStart index for pagination (optional)
countNoNumber of alerts to return (optional)
riskIdNoFilter by risk level: 0=Informational, 1=Low, 2=Medium, 3=High, 4=Critical (optional)

Implementation Reference

  • src/tools/zap.ts:227-234 (handler)
    MCP tool handler for 'zap.get_alerts'. Retrieves ZAP client and calls getAlerts method with input parameters, handles client not initialized case, and formats the result.
    async ({ baseURL, start, count, riskId }: any): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.getAlerts(baseURL, start, count, riskId); return formatToolResult(result.success, result.data, result.error); }
  • src/tools/zap.ts:205-225 (schema)
    Input schema for the zap.get_alerts tool defining optional filtering parameters: baseURL, start, count, riskId.
    inputSchema: { type: 'object', properties: { baseURL: { type: 'string', description: 'Filter alerts by base URL (optional)', }, start: { type: 'number', description: 'Start index for pagination (optional)', }, count: { type: 'number', description: 'Number of alerts to return (optional)', }, riskId: { type: 'string', description: 'Filter by risk level: 0=Informational, 1=Low, 2=Medium, 3=High, 4=Critical (optional)', }, }, },
  • src/index.ts:49-49 (registration)
    Top-level registration call to registerZAPTools on the MCP server, which registers the zap.get_alerts tool among others.
    registerZAPTools(server);
  • src/tools/zap.ts:202-234 (registration)
    Specific registration of the 'zap.get_alerts' tool using server.tool, including schema and inline handler.
    'zap.get_alerts', { description: 'Get all security alerts from ZAP', inputSchema: { type: 'object', properties: { baseURL: { type: 'string', description: 'Filter alerts by base URL (optional)', }, start: { type: 'number', description: 'Start index for pagination (optional)', }, count: { type: 'number', description: 'Number of alerts to return (optional)', }, riskId: { type: 'string', description: 'Filter by risk level: 0=Informational, 1=Low, 2=Medium, 3=High, 4=Critical (optional)', }, }, }, }, async ({ baseURL, start, count, riskId }: any): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.getAlerts(baseURL, start, count, riskId); return formatToolResult(result.success, result.data, result.error); }
  • src/integrations/zap.ts:206-254 (helper)
    Core helper function ZAPClient.getAlerts: Makes API request to ZAP /alert/view/alerts/, handles various response formats, normalizes alert data, maps risk and confidence using private helpers.
    async getAlerts(baseURL?: string, start?: number, count?: number, riskId?: string): Promise<ZAPScanResult> { try { const params: any = {}; if (baseURL) params.baseurl = baseURL; if (start !== undefined) params.start = start; if (count !== undefined) params.count = count; if (riskId) params.riskId = riskId; const response = await this.client.get('/alert/view/alerts/', { params }); // Handle both array format and object format responses let alertsData: any[] = []; if (Array.isArray(response.data.alerts)) { alertsData = response.data.alerts; } else if (response.data.alerts && typeof response.data.alerts === 'object') { // If alerts is an object, convert to array alertsData = Object.values(response.data.alerts); } else if (Array.isArray(response.data)) { // Some ZAP versions return alerts directly as array alertsData = response.data; } const alerts: ZAPAlert[] = alertsData.map((alert: any) => ({ id: alert.pluginId?.toString() || alert.id?.toString() || '', name: alert.alert || alert.name || 'Unknown Alert', risk: this.mapRisk(alert.risk || alert.riskString || 'Informational'), confidence: this.mapConfidence(alert.confidence || alert.confidenceString || 'Low'), url: alert.url || '', param: alert.param || undefined, attack: alert.attack || undefined, evidence: alert.evidence || undefined, description: alert.description || undefined, solution: alert.solution || undefined, reference: alert.reference || undefined, })); return { success: true, data: { alerts, count: alerts.length, }, }; } catch (error: any) { return { success: false, error: error.message || 'Failed to get alerts', }; }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server