Mcp Zap Server

Name: Mcp Zap Server
Author: dtkmn

by dtkmncommunityv0.8.0

MCP ZAP Server exposes OWASP ZAP over MCP via streamable HTTP so MCP clients can run guided, operator-controlled web security scans, generate findings/reports, and manage scan history. It is designed for self-hosted deployment with Docker Compose or Helm and includes auth, rate limits, and other guardrails.

From the registry: Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports.

GitHub Repository Website

Install & configure

Prerequisites

required
Install Docker
Docker 20.10+ is required to run the supported local deployment.
required
Install Docker Compose v2
Docker Compose v2 (`docker compose`) is required for the supported local setup.
required
Clone the repository
The supported install path in the README is to clone the repository and run the bootstrap/start scripts.
```
$ git clone https://github.com/dtkmn/mcp-zap-server.git && cd mcp-zap-server
```
https://github.com/dtkmn/mcp-zap-server
required
Bootstrap and start the local stack
Initialize local environment files and API keys, then start the Docker Compose stack.
```
$ ./bin/bootstrap-local.sh && ./dev.sh
```
optional
Optional health check
Verify Docker, auth, MCP initialize, tool listing, and a harmless tool call.
```
$ ./bin/self-serve-doctor.sh
```

Install in your client

Paste into the AI you're chatting with — it will figure out the rest

Please install the `mcp-zap-server` MCP server into my current AI client (that's you).

Required prerequisites (do these first if not already done):
- **Install Docker** — Docker 20.10+ is required to run the supported local deployment.
- **Install Docker Compose v2** — Docker Compose v2 (`docker compose`) is required for the supported local setup.
- **Clone the repository** — The supported install path in the README is to clone the repository and run the bootstrap/start scripts. Run: `git clone https://github.com/dtkmn/mcp-zap-server.git && cd mcp-zap-server` (https://github.com/dtkmn/mcp-zap-server)
- **Bootstrap and start the local stack** — Initialize local environment files and API keys, then start the Docker Compose stack. Run: `./bin/bootstrap-local.sh && ./dev.sh`

Optional prerequisites:
- Optional health check — Verify Docker, auth, MCP initialize, tool listing, and a harmless tool call. Run: `./bin/self-serve-doctor.sh`

Canonical MCP server config (HTTP transport):
- url: `http://127.0.0.1:7456/mcp`

Note: The README states the server exposes MCP over streamable HTTP. The default local endpoint for host-side clients is `http://localhost:7456/mcp`; canonicalized here as loopback `127.0.0.1`. Authentication is enabled by default in API-key mode, but the README does not provide the exact client header or canonical header name in this file. `bootstrap-local.sh` generates local API keys and prepares `.env`, so client auth details must be taken from the linked authentication/client configuration docs.

Add this MCP server to my current client's config in the correct format for you. If you need secrets or credentials I haven't provided, ASK me — do not invent values or leave raw placeholders. After adding it, tell me how to verify the server is connected.

Note: The README states the server exposes MCP over streamable HTTP. The default local endpoint for host-side clients is `http://localhost:7456/mcp`; canonicalized here as loopback `127.0.0.1`. Authentication is enabled by default in API-key mode, but the README does not provide the exact client header or canonical header name in this file. `bootstrap-local.sh` generates local API keys and prepares `.env`, so client auth details must be taken from the linked authentication/client configuration docs.