How to Use the HCL AppScan MCP in AutoGen
Let autonomous agents debate and triage HCL AppScan vulnerabilities using AutoGen.
Works with every AI agent you already use
…and any MCP-compatible client
Connect HCL AppScan MCP to AutoGen
Create your Vinkius account to connect HCL AppScan to AutoGen and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.
Multi-Agent Vulnerability Triage
The `list_issues` MCP tool feeds raw security findings directly into a multi-agent chat. A security-focused agent pulls the list and flags high-severity items. A developer-focused agent then uses `get_issue` to inspect the exact payload and argues whether the flaw is actually exploitable in the current architecture. They negotiate the real risk before bothering a human. The security agent pushes for immediate remediation, while the developer agent checks the application context to determine if a compensating control exists. You get a summarized, debated consensus instead of a massive alert dump.
Consensus-Driven DAST Execution
Triggering a dynamic test happens via the `start_dast_scan` tool. Before firing it, an operations agent might check the current deployment schedule. It debates with the security agent on the best time to run the heavy scan without taking down the staging environment. Once they agree, one agent executes the tool. Another agent takes over monitoring duties by polling `get_scan`. If the scan fails or hangs, the group regroups to decide whether to restart the job or alert the DevSecOps team.
Audit Infrastructure via AutoGen MCP Server
Agents need to know what they are protecting, which is where `list_apps` comes in. They map out the active inventory and retrieve specific risk profiles using `get_app`. To verify connectivity, they call `list_presence` to check if the local AppScan agents are online. This creates a self-healing audit loop. If an agent notices an internal application lacks a healthy presence connection, it alerts the infrastructure team. The group continuously monitors the environment state without manual oversight.
Set up HCL AppScan MCP in AutoGen
Prerequisites
- Python 3.10+ installed
-
autogen-ext[mcp]package - Active Vinkius subscription with a valid endpoint token
- 1
Install AutoGen with MCP
Run
pip install "autogen-ext[mcp]" autogen-agentchat. The MCP extension includesmcp_server_toolsfor stateless tool access. - 2
Fetch tools from the MCP
Call
mcp_server_tools(SseServerParams(url=...))with your Vinkius endpoint. Replace[YOUR_TOKEN_HERE]with your token from cloud.vinkius.com. - 3
Run your agent
Pass the tools to
AssistantAgentand callagent.run(). The agent invokes HCL AppScan tools and returns structured results.
from autogen_ext.tools.mcp import SseServerParams, mcp_server_tools
from autogen_agentchat.agents import AssistantAgent
from autogen_ext.models.openai import OpenAIChatCompletionClient
server_params = SseServerParams(
url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)
tools = await mcp_server_tools(server_params)
agent = AssistantAgent(
name="HCL AppScan_assistant",
model_client=OpenAIChatCompletionClient(model="gpt-4o"),
tools=tools,
)
result = await agent.run("List recent HCL AppScan data")
print(result.messages[-1].content)Prerequisites
- Python 3.10+ installed
-
autogen-ext[mcp]+autogen-agentchat - Active Vinkius subscription with a valid endpoint token
- 1
Install dependencies
Same packages as above.
McpWorkbenchis ideal when your agent needs stateful sessions across multiple tool calls. - 2
Use McpWorkbench as context manager
Wrap your agent in
async with McpWorkbench(...)to maintain shared state and resources. The workbench manages the full MCP session lifecycle. - 3
Run with workbench
Pass
workbench=workbenchto your agent. State is preserved across multiple tool calls within the same session.
from autogen_ext.tools.mcp import McpWorkbench, SseServerParams
from autogen_agentchat.agents import AssistantAgent
from autogen_ext.models.openai import OpenAIChatCompletionClient
server_params = SseServerParams(
url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)
async with McpWorkbench(server_params) as workbench:
agent = AssistantAgent(
name="HCL AppScan_assistant",
model_client=OpenAIChatCompletionClient(model="gpt-4o"),
workbench=workbench,
)
result = await agent.run("List recent HCL AppScan data")
print(result.messages[-1].content)Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HCL AppScan. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
Why Choose Vinkius
Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.
Real-time monitoring
Live
visibility into every interaction
Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.
Built-in savings
60%
lower AI costs
Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.
Single dashboard
One
place for every integration
Every tool your AI connects to, managed from a single screen. One account, complete control.
Common questions about HCL AppScan MCP in AutoGen
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
Start using the HCL AppScan MCP today
We host it, we monitor it, we maintain it. You just paste one token.
