ZeroPath AI Security Gateway for MCP Environments

Engage with your application security posture using natural dialogue.

This open-source intermediary server connects ZeroPath's security findings repository to various AI-powered coding assistants (e.g., Claude Desktop, Cursor, Windsurf, and other environments supporting the MCP protocol). It allows instantaneous retrieval of vulnerability data, secret locations, and patch recommendations.

Key Benefit: Security context is delivered exactly where coding occurs, bypassing manual triage steps.

---

Technical Deep Dive

Explore the rationale behind this integration and its place in the modern software development lifecycle:

📄 Bridging Security Scans and AI: The ZeroPath MCP Server rationale

---

Setup Procedure

1. Secure Credential Generation

Obtain an API access key via your ZeroPath organization administration panel at https://zeropath.com/app/settings/api

2. Environment Configuration

Establish the requisite environmental variables using your acquired credentials:

bash export ZEROPATH_TOKEN_ID=your_token_id export ZEROPATH_TOKEN_SECRET=your_token_secret

3. Organization Identifier Retrieval

Execute the subsequent cURL command to ascertain your specific organization identifier:

bash curl -X POST https://zeropath.com/api/v1/orgs/list \ -H "X-ZeroPath-API-Token-Id: $ZEROPATH_TOKEN_ID" \ -H "X-ZeroPath-API-Token-Secret: $ZEROPATH_TOKEN_SECRET" \ -H "Content-Type: application/json" \ -d '{}'

4. Dependency Manager Installation (uv)

We utilize the high-speed dependency resolver uv for environment bootstrapping:

bash curl -LsSf https://astral.sh/uv/install.sh | sh

5. Repository Cloning and Environment Initialization

Clone the source code repository and set up the virtual environment:

bash git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git cd zeropath-mcp-server uv sync export ZEROPATH_ORG_ID=your_org_id

---

Client Integration Configuration

Incorporate this configuration stanza into your MCP client's settings file (e.g., Claude Desktop, Cursor):

{ "mcpServers": { "zeropath-mcp-server-ai-security-gateway": { "command": "uv", "args": [ "run", "--project", "/zeropath-mcp-server", "/zeropath-mcp-server/main.py" ] } } }

Note: Replace <absolute cloned directory path> with the actual, fully qualified path to the repository directory.

---

Runtime Environment Variables Checklist

Ensure these critical variables are exported prior to server startup:

bash export ZEROPATH_TOKEN_ID=your_token_id export ZEROPATH_TOKEN_SECRET=your_token_secret export ZEROPATH_ORG_ID=your_org_id

These values are sourced from your ZeroPath organizational settings.

---

Exposed Developer Tools

Upon successful connection, the AI assistant gains access to the following capabilities:

search_vulnerabilities(search_query: str)

Enables retrieval of Static Analysis Security Testing (SAST) findings based on descriptive keywords.

Example Query:

"Identify all instances of Server-Side Request Forgery (SSRF) within the authentication module."

---

get_issue(issue_id: str)

Retrieves comprehensive metadata, recommended remediation code snippets, and relevant source code context for a designated finding.

Example Query:

"Detail finding ID abc123, including the proposed fix."

---

approve_patch(issue_id: str)

Initiates an action to formally accept a suggested patch (This action's availability is configuration-dependent).

Example Query:

"Sign off on the remediation plan for issue xyz456."

---

Local Testing

Utilize the included ./dev_mode.bash script for local verification and simulation of tool interactions without requiring an active MCP client connection.

---

Community Involvement

Contributions spanning security engineering, artificial intelligence, and developer experience tooling are highly encouraged.

• Encountered a defect? Please file an issue
• Wish to enhance functionality or introduce a new capability? Submit a merge request.
• Have questions or need support? Join our community on Discord