AgentHubAgentHub

MCP ZAP Server

MCP ServerMCP Registry官方收录

io.github.dtkmn/mcp-zap-server · v0.8.0

Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports.

在 MCP Registry 查看源仓库

概览

MCP ZAP Server 是一个MCP Server,收录自 官方 MCP Registry。支持 streamable-http 传输。本页提供 Cursor、Claude Code 等客户端的安装配置片段。

安装

选择你的平台查看安装方式

{
  "mcpServers": {
    "mcp-zap-server": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "ghcr.io/dtkmn/mcp-zap-server:v0.8.0"
      ],
      "env": {
        "ZAP_API_KEY": "<ZAP_API_KEY>",
        "MCP_API_KEY": "<MCP_API_KEY>"
      }
    }
  }
}

环境变量

ZAP_API_URL可选

Hostname or URL of a separately running OWASP ZAP daemon reachable from this container.

ZAP_API_PORT可选

OWASP ZAP API port.

ZAP_API_KEY必填secret

API key configured on the OWASP ZAP daemon.

MCP_API_KEY必填secret

API key clients must send as X-API-Key.

MCP_SERVER_TOOLS_SURFACE可选

Tool surface to expose. Use guided for the safer default workflow, or expert when clients need raw ZAP tools such as zap_report_read.

MCP_SECURITY_MODE可选
MCP_SECURITY_ENABLED可选
MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY可选
ZAP_API_URL可选

Hostname or URL of a separately running OWASP ZAP daemon reachable from this container.

ZAP_API_PORT可选

OWASP ZAP API port.

ZAP_API_KEY必填secret

API key configured on the OWASP ZAP daemon.

MCP_API_KEY必填secret

API key clients must send as X-API-Key.

MCP_SERVER_TOOLS_SURFACE可选

Tool surface to expose. Use guided for the safer default workflow, or expert when clients need raw ZAP tools such as zap_report_read.

MCP_SECURITY_MODE可选
MCP_SECURITY_ENABLED可选
MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY可选

相关资源

统一 Manifest

{
  "id": "io.github.dtkmn/mcp-zap-server",
  "type": "mcp-server",
  "version": "0.8.0",
  "displayName": "MCP ZAP Server",
  "description": "Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports.",
  "repository": {
    "url": "https://github.com/dtkmn/mcp-zap-server",
    "source": "github"
  },
  "homepage": "https://danieltse.org/mcp-zap-server/",
  "distribution": {
    "packages": [
      {
        "registryType": "oci",
        "identifier": "ghcr.io/dtkmn/mcp-zap-server:v0.8.0",
        "runtimeHint": "docker",
        "transport": "streamable-http",
        "environmentVariables": [
          {
            "name": "ZAP_API_URL",
            "description": "Hostname or URL of a separately running OWASP ZAP daemon reachable from this container."
          },
          {
            "name": "ZAP_API_PORT",
            "description": "OWASP ZAP API port."
          },
          {
            "name": "ZAP_API_KEY",
            "description": "API key configured on the OWASP ZAP daemon.",
            "isRequired": true,
            "isSecret": true
          },
          {
            "name": "MCP_API_KEY",
            "description": "API key clients must send as X-API-Key.",
            "isRequired": true,
            "isSecret": true
          },
          {
            "name": "MCP_SERVER_TOOLS_SURFACE",
            "description": "Tool surface to expose. Use guided for the safer default workflow, or expert when clients need raw ZAP tools such as zap_report_read."
          },
          {
            "name": "MCP_SECURITY_MODE"
          },
          {
            "name": "MCP_SECURITY_ENABLED"
          },
          {
            "name": "MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY"
          }
        ]
      },
      {
        "registryType": "oci",
        "identifier": "docker.io/dtkmn/mcp-zap-server:v0.8.0",
        "runtimeHint": "docker",
        "transport": "streamable-http",
        "environmentVariables": [
          {
            "name": "ZAP_API_URL",
            "description": "Hostname or URL of a separately running OWASP ZAP daemon reachable from this container."
          },
          {
            "name": "ZAP_API_PORT",
            "description": "OWASP ZAP API port."
          },
          {
            "name": "ZAP_API_KEY",
            "description": "API key configured on the OWASP ZAP daemon.",
            "isRequired": true,
            "isSecret": true
          },
          {
            "name": "MCP_API_KEY",
            "description": "API key clients must send as X-API-Key.",
            "isRequired": true,
            "isSecret": true
          },
          {
            "name": "MCP_SERVER_TOOLS_SURFACE",
            "description": "Tool surface to expose. Use guided for the safer default workflow, or expert when clients need raw ZAP tools such as zap_report_read."
          },
          {
            "name": "MCP_SECURITY_MODE"
          },
          {
            "name": "MCP_SECURITY_ENABLED"
          },
          {
            "name": "MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY"
          }
        ]
      }
    ],
    "remotes": []
  },
  "dependencies": [],
  "installTargets": [
    "claude-code",
    "claude-desktop",
    "cursor",
    "vscode"
  ],
  "keywords": [],
  "provenance": {
    "origin": "official-mcp-registry",
    "originalId": "io.github.dtkmn/mcp-zap-server",
    "originalUrl": "https://registry.modelcontextprotocol.io/v0.1/servers/io.github.dtkmn%2Fmcp-zap-server/versions/latest",
    "isOfficial": true,
    "status": "active"
  }
}
MCP ZAP Server — MCP Server 安装与配置 · AgentHub