MCP ZAP Server
io.github.dtkmn/mcp-zap-server
Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports.
Install surfaces
How MCP ZAP Server runs, per the official MCP registry entry.
- oci
docker ghcr.io/dtkmn/mcp-zap-server:v0.8.0 - oci
docker docker.io/dtkmn/mcp-zap-server:v0.8.0
Governed execution
How KLA gates calls to MCP ZAP Server once it is connected.
A published policy defines which MCP ZAP Server actions an agent may take and under what conditions. Each call passes through a policy gate at the tool-call boundary. Permitted actions execute, with the policy basis recorded. Flagged actions execute and are sampled for scheduled human review. High-stakes actions pause and route to a named reviewer on the Decision Desk. The call, the policy decision, and any approval are sealed as an evidence record.
KLA also governs the agent frameworks and model providers you already run. See integrations.
