ZeroPath MCP Server allows developers to interact with product security findings using natural language directly within AI-assisted tools like Claude Desktop, Cursor, and other MCP-compatible environments. This integration provides security context where you're already working, eliminating the need for dashboards or manual ticket triage.
Generate an API key from your ZeroPath organization settings at https://zeropath.com/app/settings/api
Set up your environment variables with the API key:
export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
Run the following command to get your organization ID:
curl -X POST https://zeropath.com/api/v1/orgs/list \
-H "X-ZeroPath-API-Token-Id: $ZEROPATH_TOKEN_ID" \
-H "X-ZeroPath-API-Token-Secret: $ZEROPATH_TOKEN_SECRET" \
-H "Content-Type: application/json" \
-d '{}'
Install uv
for dependency management:
curl -LsSf https://astral.sh/uv/install.sh | sh
git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git
cd zeropath-mcp-server
uv sync
export ZEROPATH_ORG_ID=your_org_id
Add this entry to your MCP config (Claude Desktop, Cursor, etc.):
{
"mcpServers": {
"zeropath-mcp-server": {
"command": "uv",
"args": [
"run",
"--project",
"<absolute cloned directory path>/zeropath-mcp-server",
"<absolute cloned directory path>/zeropath-mcp-server/main.py"
]
}
}
}
Replace <absolute cloned directory path>
with the absolute path to the repository.
Before running the server, export the following:
export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
export ZEROPATH_ORG_ID=your_org_id
These can be generated from your ZeroPath dashboard.
Once connected, the following tools are exposed to your AI assistant:
Query SAST issues by keyword.
search_vulnerabilities(search_query: str)
Example prompt:
"Show me all SSRF vulnerabilities in the user service."
Fetch full metadata, patch suggestions, and code context for a specific issue.
get_issue(issue_id: str)
Example prompt:
"Give me the details for issue abc123
."
Approve a patch (write action).
approve_patch(issue_id: str)
Example prompt:
"Approve the patch for xyz456
."
You can use ./dev_mode.bash
to test the tools locally without a client connection.
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "zeropath-mcp-server" '{"command":"uv","args":["run","--project","<absolute cloned directory path>/zeropath-mcp-server","<absolute cloned directory path>/zeropath-mcp-server/main.py"]}'
See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json
file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json
file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json
file will be opened and you can add your server like this:
{
"mcpServers": {
"zeropath-mcp-server": {
"command": "uv",
"args": [
"run",
"--project",
"<absolute cloned directory path>/zeropath-mcp-server",
"<absolute cloned directory path>/zeropath-mcp-server/main.py"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json
file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json
%APPDATA%\Claude\claude_desktop_config.json
~/.config/Claude/claude_desktop_config.json
2. Add this to your configuration file:
{
"mcpServers": {
"zeropath-mcp-server": {
"command": "uv",
"args": [
"run",
"--project",
"<absolute cloned directory path>/zeropath-mcp-server",
"<absolute cloned directory path>/zeropath-mcp-server/main.py"
]
}
}
}
3. Restart Claude Desktop for the changes to take effect