ZeroPath Security Context Gateway

Query your application security data using conversational language.

This open-source MCP server acts as a conduit, permitting developers to fetch SAST results, secret detections, applied fixes, and associated metadata from the ZeroPath platform directly within their preferred AI-integrated development environments (e.g., Claude Desktop, Cursor, Windsurf, or any MCP-compliant tool).

Bypass reliance on centralized dashboards. Eliminate manual ticket parsing. Embed security intelligence precisely where coding occurs.

---

Insight Article

Explore the rationale behind this integration and its significance in the modern AI-driven development landscape:

📄 Conversational AppSec Scans: Introducing the ZeroPath MCP Server

---

Deployment Procedure

1. API Credential Acquisition

Obtain an API key pair from your ZeroPath organization settings portal: https://zeropath.com/app/settings/api

2. Environment Variable Setup

Configure your session variables using the procured tokens:

bash export ZEROPATH_TOKEN_ID=your_token_id export ZEROPATH_TOKEN_SECRET=your_token_secret

3. Organization Identifier Retrieval

Execute the following command to map your organization identifier:

bash curl -X POST https://zeropath.com/api/v1/orgs/list \ -H "X-ZeroPath-API-Token-Id: $ZEROPATH_TOKEN_ID" \ -H "X-ZeroPath-API-Token-Secret: $ZEROPATH_TOKEN_SECRET" \ -H "Content-Type: application/json" \ -d '{}'

4. Dependency Resolver Installation (uv)

We leverage uv for efficient package management:

bash curl -LsSf https://astral.sh/uv/install.sh | sh

5. Source Retrieval and Initialization

Clone the repository and set up dependencies:

bash git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git cd zeropath-mcp-server uv sync export ZEROPATH_ORG_ID=your_org_id

---

Configuration Integration

Incorporate this stanza into your MCP client configuration (e.g., for Claude Desktop, Cursor):

{ "mcpServers": { "zeropath-mcp-server": { "command": "uv", "args": [ "run", "--project", "/zeropath-mcp-server", "/zeropath-mcp-server/main.py" ] } } }

Ensure <absolute cloned directory path> is substituted with the full, resolved file system path to the repository directory.

---

Required Environment Variables

Prior to commencing server operation, export these configuration parameters:

bash export ZEROPATH_TOKEN_ID=your_token_id export ZEROPATH_TOKEN_SECRET=your_token_secret export ZEROPATH_ORG_ID=your_org_id

These values are obtainable via the ZeroPath administrative interface.

---

Exposed Capabilities (Tools)

Upon successful connection, your AI agent gains access to the following functions:

search_vulnerabilities(search_query: str)

Enables semantic searching across identified static analysis flaws.

Illustrative Query:

"List all instances of Server-Side Request Forgery within the authentication module."

---

get_issue(issue_id: str)

Retrieves comprehensive details, including suggested remediation code and surrounding file context for a specific finding identifier.

Illustrative Query:

"Detail the findings associated with identifier abc123."

---

approve_patch(issue_id: str)

Submits an authorization signal for a suggested code fix (a write operation). Functionality contingent upon configuration permissions.

Illustrative Query:

"Authorize the proposed fix for finding xyz456."

---

Local Testing Environment

Use the included ./dev_mode.bash script to locally validate tool functionality without an active client connection.

---

Collaborative Development

We actively solicit contributions from the security engineering, artificial intelligence tooling, and general developer community sectors.

• Encountered a defect? Please initiate a new issue
• Wish to enhance an existing utility or introduce novel functionality? Submit a pull request.
• Have general feedback or require support? Engage with us on Discord