mcp-zap-server
A Spring Boot application exposing OWASP ZAP as an MCP (Model Context Protocol) server. It lets any MCP‑compatible AI agent (e.g., Claude Desktop, Cursor) orchestrate ZAP actions—spider, active scan, import OpenAPI specs, and generate reports.
- Scan API endpoints and auto-generate remediation summaries
- Import OpenAPI specs and run baseline security checks
- Spider web apps and analyze crawl results for anomalies
Embeds OWASP ZAP security scanning directly into AI workflows, letting Claude automate security testing without manual tool switching. Reduces friction for security teams integrating scanning into CI/CD or ad-hoc pentesting.
Security engineers and DevSecOps leads who want Claude to orchestrate vulnerability scanning, parse ZAP reports, and recommend fixes within conversation context.
https://github.com/dtkmn/mcp-zap-server
By dtkmn
How to Get It
claude mcp add mcp-zap-server -- npx -y mcp-zap-server
Tip: Paste this into a Claude Code conversation. Verify command matches your Claude Code version.
Trust Signals Auto-scanned
Data & Access
Community Pulse Growing
Discussed on Reddit
- Thinkpad P14s gen 6 intel review coming from P14s Gen 1 — Reddit · 11 pts
- Part 2. Reco’s — Reddit · 3 pts
- Nostr MCP Server – A Model Context Protocol server that enables LLMs like Claude — Reddit · 2 pts
9 mentions across 1 sources
Reviewer notes
Auto-scanned review. These are observations, not a security certification.
Scored from trust signals (evidence-eval-v1): 54 GitHub stars; contributors unknown; last commit 1d ago; license Apache-2.0.
How to evaluate tools before deploying →
Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.
Evaluation
Scored from trust signals (evidence-eval-v1): 54 GitHub stars; contributors unknown; last commit 1d ago; license Apache-2.0.