Learn more about why we built this: Chat With Your AppSec Scans: Introducing the ZeroPath MCP Server
How It Works
Tool Discovery
The server fetches available operations from ZeroPath’s MCP manifest at startup and registers them as MCP tools with schemas and descriptions.
Request Forwarding
When your AI assistant calls a tool, the server validates inputs, injects your organization context, and forwards the request to ZeroPath’s REST API.
Structured Responses
Results come back as JSON, ready for your AI tool to interpret and present to you.
What You Can Do
Issue Triage
List, filter, archive, and update issue status or severity directly from your AI assistant.
Rule Management
Create, update, and delete custom security rules without leaving your editor.
Scan Visibility
View scan history and drill into specific scan results.
Repository Context
List repositories and filter findings to specific parts of your codebase.
End-to-end Flow
Connect
Install the MCP server and configure your MCP client (Claude Desktop, Cursor, etc.) with ZeroPath API credentials.
Discover
The server loads available tools from ZeroPath’s MCP manifest. Your AI assistant sees all 15 tools with their schemas and descriptions.
Query
Ask your AI assistant questions like “show me critical issues in the backend repo” or “archive all false positives from last week’s scan.”
Requirements
- Python 3.12+
- ZeroPath account with API key access
- MCP-compatible client (Claude Desktop, Cursor, or similar)
Contributing
We welcome contributions from the security, AI, and developer tools communities:- Open an issue if you find a bug
- Submit a pull request to improve or add tools
- Join us on Discord for feedback and questions