MCP ZAP Server
Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports.
Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports.
Use this profile to copy client config, check auth requirements, review tools and resources, and compare related MCP servers before adding it to an AI client.
{
"ZAP_API_URL": "mcp-zap-zap",
"ZAP_API_PORT": "8090",
"ZAP_API_KEY": "YOUR_SECRET_VALUE",
"MCP_API_KEY": "YOUR_SECRET_VALUE",
"MCP_SERVER_TOOLS_SURFACE": "guided",
"MCP_SECURITY_MODE": "YOUR_VALUE_HERE",
"MCP_SECURITY_ENABLED": "YOUR_VALUE_HERE",
"MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY": "YOUR_VALUE_HERE"
}Add this server entry to the mcpServers object in your Claude Desktop config, then restart the app.
{
"mcpServers": {
"io-github-dtkmn-mcp-zap-server": {
"url": "https://io-github-dtkmn-mcp-zap-server.example.com"
}
}
}~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.jsonNo remote HTTP endpoint is advertised. Use the package or stdio setup shown in Install.
MCP ZAP Server is an MCP server for Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports.. It supports HTTP transport.
Use the client-specific config in Install and add it to your MCP-compatible client.
Choose the Claude Desktop tab in Install and copy the config into Claude Desktop's MCP server settings.
Choose the Claude Code tab in Install and copy the config into Claude Code's MCP server settings.
Choose the Codex tab in Install and copy the config into Codex's MCP server settings.
Choose the Cursor or VS Code tab in Install and copy the config into Cursor or VS Code's MCP server settings.
MCP ZAP Server uses HTTP transport. Use the package or command config in Install.
MCP ZAP Server inventory is listed when the MCP endpoint exposes tools, resources, or prompts. Some servers require auth first.
MCP ZAP Server is marked with Auth required by registry metadata auth. You may need provider login, an API key, a bearer token, or a session header.
| Package | Registry | Version | Inputs |
|---|---|---|---|
ghcr.io/dtkmn/mcp-zap-server:v0.8.0streamable-http | oci | Not captured | Env: ZAP_API_URL Env: ZAP_API_PORT Env: ZAP_API_KEY required secret Env: MCP_API_KEY required secret Env: MCP_SERVER_TOOLS_SURFACE Env: MCP_SECURITY_MODE Env: MCP_SECURITY_ENABLED Env: MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY |
docker.io/dtkmn/mcp-zap-server:v0.8.0streamable-http | oci | Not captured | Env: ZAP_API_URL Env: ZAP_API_PORT Env: ZAP_API_KEY required secret Env: MCP_API_KEY required secret Env: MCP_SERVER_TOOLS_SURFACE Env: MCP_SECURITY_MODE Env: MCP_SECURITY_ENABLED Env: MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY |