playbooks
Learn Cursor Rules Windsurf Rules MCPs Modes
Log in

ZeroPath MCP server

Integrates with ZeroPath vulnerability management platform to enable searching, retrieving detailed information about security issues, and approving patches through authenticated API interactions.
Back to servers
Setup instructions
Provider
ZeroPath AI
Release date
Mar 26, 2025
Language
Python
Stats
3 stars
View on GitHub

ZeroPath MCP Server allows developers to interact with product security findings using natural language directly within AI-assisted tools like Claude Desktop, Cursor, and other MCP-compatible environments. This integration provides security context where you're already working, eliminating the need for dashboards or manual ticket triage.

Installation

Generate API Key

Generate an API key from your ZeroPath organization settings at https://zeropath.com/app/settings/api

Configure Environment Variables

Set up your environment variables with the API key:

export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret

Retrieve Your Organization ID

Run the following command to get your organization ID:

curl -X POST https://zeropath.com/api/v1/orgs/list \
    -H "X-ZeroPath-API-Token-Id: $ZEROPATH_TOKEN_ID" \
    -H "X-ZeroPath-API-Token-Secret: $ZEROPATH_TOKEN_SECRET" \
    -H "Content-Type: application/json" \
    -d '{}'

Install uv

Install uv for dependency management:

curl -LsSf https://astral.sh/uv/install.sh | sh

Clone and Setup

git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git
cd zeropath-mcp-server
uv sync
export ZEROPATH_ORG_ID=your_org_id

Configuration

Add this entry to your MCP config (Claude Desktop, Cursor, etc.):

{
  "mcpServers": {
    "zeropath-mcp-server": {
      "command": "uv",
      "args": [
        "run",
        "--project",
        "<absolute cloned directory path>/zeropath-mcp-server",
        "<absolute cloned directory path>/zeropath-mcp-server/main.py"
      ]
    }
  }
}

Replace <absolute cloned directory path> with the absolute path to the repository.

Environment Variables

Before running the server, export the following:

export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
export ZEROPATH_ORG_ID=your_org_id

These can be generated from your ZeroPath dashboard.

Available Tools

Once connected, the following tools are exposed to your AI assistant:

search_vulnerabilities

Query SAST issues by keyword.

search_vulnerabilities(search_query: str)

Example prompt:
"Show me all SSRF vulnerabilities in the user service."

get_issue

Fetch full metadata, patch suggestions, and code context for a specific issue.

get_issue(issue_id: str)

Example prompt:
"Give me the details for issue abc123."

approve_patch

Approve a patch (write action).

approve_patch(issue_id: str)

Example prompt:
"Approve the patch for xyz456."

Testing Tools Locally

You can use ./dev_mode.bash to test the tools locally without a client connection.

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "zeropath-mcp-server" '{"command":"uv","args":["run","--project","<absolute cloned directory path>/zeropath-mcp-server","<absolute cloned directory path>/zeropath-mcp-server/main.py"]}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "zeropath-mcp-server": {
            "command": "uv",
            "args": [
                "run",
                "--project",
                "<absolute cloned directory path>/zeropath-mcp-server",
                "<absolute cloned directory path>/zeropath-mcp-server/main.py"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "zeropath-mcp-server": {
            "command": "uv",
            "args": [
                "run",
                "--project",
                "<absolute cloned directory path>/zeropath-mcp-server",
                "<absolute cloned directory path>/zeropath-mcp-server/main.py"
            ]
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later