How to Use the 42Crunch MCP in VS Code Copilot

Q: How do I configure the 42Crunch MCP Server for my team in VS Code Copilot?

Create a .vscode/mcp.json file in your repository root and commit it to version control. Add the Vinkius remote URL to the servers array. Every developer pulling the repo gets immediate access to the security tools.

Equip your entire engineering team with 42Crunch security audits via this MCP Server directly inside VS Code Copilot.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect 42Crunch MCP to VS Code Copilot

Create your Vinkius account to connect 42Crunch to VS Code Copilot and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup 42Crunch with VS Code Copilot

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Run 42Crunch audits in VS Code

The `trigger_audit` tool executes a static security analysis on your current OpenAPI specification. You ask Copilot Chat to evaluate the new endpoints you just wrote. The agent sends the command to the platform and waits for the scoring engine to finish. The `get_audit_report` tool reads the results from the platform. Your AI client pulls the vulnerability list directly into your IDE sidebar. Copilot explains exactly which parameters need stricter validation before you open a pull request.

Sync API collections via MCP Server

The `list_collections` tool retrieves every API workspace your team maintains. You tell the agent to find the production collection ID so you can verify the current deployed schemas. Copilot fetches the metadata using `get_collection` to show the overall security posture. The `list_apis` tool explores individual services within a workspace. Your agent pulls the unique IDs and scores for every definition in that collection. You use `get_api` to check if a specific microservice meets your organization's minimum security grade.

Investigate conformance scans

The `list_scans` tool pulls the execution history for dynamic conformance tests on a live endpoint. You ask Copilot to check the nightly security run for the staging environment. The agent lists the recent test IDs and their pass/fail status. The `get_scan_report` tool digs into a specific failure through the MCP Server. Your AI client downloads the exact HTTP payloads that bypassed your security controls. You write the fix in your editor while looking at the raw attack vectors.

Setup guide

Set up 42Crunch MCP in VS Code Copilot

Prerequisites

VS Code 1.99 or later with GitHub Copilot extension
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run "MCP: Add Server". Select HTTP (Streamable) as the server type. VS Code will create .vscode/mcp.json in your workspace.
2

Add the 42Crunch MCP

Paste the JSON snippet shown on the right into your .vscode/mcp.json. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Switch to Agent mode

Open Copilot Chat (Cmd+Shift+I / Ctrl+Shift+I) and switch to Agent mode using the dropdown. MCP tools are only available in Agent mode — they do not appear in Edit or Ask modes.
4

Verify the connection

In the Copilot Chat input, type # to list available tools. You should see the 42Crunch tools listed. Try asking: "List my recent 42Crunch transactions" and Copilot will invoke them automatically.

.vscode/mcp.json

{
  "mcpServers": {
    "42crunch-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by 42Crunch. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect 42Crunch now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about 42Crunch MCP in VS Code Copilot

Create a `.vscode/mcp.json` file in your repository root and commit it to version control. Add the Vinkius remote URL to the servers array. Every developer pulling the repo gets immediate access to the security tools.

You command the agent to push your local file using the import tool. Copilot reads the YAML document from your active tab and sends it to the specified collection. The platform processes the file and returns a baseline grade.

Your agent formats the audit findings directly in the Copilot Chat panel. It links the security warnings to specific lines in your OpenAPI document. You fix the missing schemas without leaving the editor.

You tell Copilot to remove a retired service via the delete tool. The agent targets the specific API ID and wipes it from your workspace. This keeps your platform dashboard clean.

Your agent accesses OpenAPI definitions, security scores, and dynamic scan payloads. Vinkius isolates this data flow inside a V8 sandbox with strict ephemeral credentials. Your enterprise API architecture remains entirely private.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript