How to Use the HCL AppScan MCP in Claude

Q: Can I view HCL AppScan vulnerability reports inside Claude Desktop?

Yes. First, ask to list issues for an app, which uses the listissues tool. Then, tell Claude to get details for a specific ID with getissue. It displays the full vulnerability information right in your conversation.

Get HCL AppScan security findings and start scans right from your Claude Desktop chat.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect HCL AppScan MCP to Claude Desktop

Create your Vinkius account to connect HCL AppScan to Claude Desktop and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup HCL AppScan with Claude Desktop

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Check AppScan Status Instantly

This MCP server lets you get a quick read on your security posture without leaving the chat. Ask Claude to `list_apps` so you know exactly what's being monitored. You can follow up by asking it to `list_scans` to see a history of recent activity. From there, you can drill down. After listing scans, tell Claude to pull the full status for a specific job using `get_scan`. Or you can check for new vulnerabilities on a critical app with `list_issues`. It's faster than digging through the AppScan web UI.

Start DAST Scans With a Sentence

Kick off security tests with a simple instruction. Just tell Claude, "start a new scan on the 'WebApp-Prod' application." It uses the `start_dast_scan` tool to get it running on your HCL AppScan instance immediately. You don't have to log into another system and click through menus. Once the scan is running, you can ask Claude to check on it. It uses `get_scan` to poll the job status for you. When the scan finishes, you can immediately ask your agent to summarize the results by calling `list_issues` for that application.

Investigate Vulnerabilities in Claude Desktop

This is your command center for triaging security problems. When `list_issues` shows a critical finding, you don't have to switch contexts. Just tell Claude, "get me the details for issue #12345." It uses `get_issue` to pull the complete report into your chat. The real power is combining this with Claude's other abilities. You can paste code snippets into the conversation and ask if they relate to the vulnerability details it just fetched. This creates a tight, effective feedback loop for fixing security bugs.

Setup guide

Set up HCL AppScan MCP in Claude Web or Desktop

1

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
2

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL: https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.
3

Start a conversation

Open a new chat. The HCL AppScan MCP tools are available immediately — no restart needed.

Endpoint URL

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

No configuration file needed — paste the URL directly in the Claude web interface.

Available on Free (1 connector), Pro, Max, Team, and Enterprise plans.

Prerequisites

Claude Desktop installed (macOS or Windows)
Active Vinkius subscription with a valid endpoint token

1

Open Claude Desktop Settings

Click the menu icon at the top-left corner, go to Settings → Developer → Edit Config. This opens claude_desktop_config.json in your default text editor.
2

Paste the HCL AppScan MCP configuration

Copy the JSON snippet on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Desktop

Close and reopen the application. Claude needs a full restart to load new MCPs — refreshing a conversation is not enough.
4

Verify the connection

Open a new conversation. Click the 🔌 icon at the bottom of the message input. You should see tools listed under hcl-appscan-mcp.

json

{
  "mcpServers": {
    "hcl-appscan-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HCL AppScan. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HCL AppScan now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HCL AppScan MCP in Claude Desktop

Just ask it directly in your chat. For instance, say "Start a DAST scan on the 'Checkout API' app." Claude uses the `start_dast_scan` tool and gives you a scan ID to track its progress.

Yes. First, ask to list issues for an app, which uses the `list_issues` tool. Then, tell Claude to get details for a specific ID with `get_issue`. It displays the full vulnerability information right in your conversation.

For a remote server, just paste the HTTPS URL in Settings → Integrations. If you're running the MCP server locally, you'll add its command to your `claude_desktop_config.json` file and restart the app.

You can view it. A prompt like "list my apps in AppScan" triggers the `list_apps` tool. This server is for viewing and scanning, it doesn't support adding or removing applications.

The server only handles HCL AppScan data, like application names, scan results, and vulnerability details. It never accesses your source code. All communication is over HTTPS, and Vinkius isolates each server process in a secure sandbox.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript